Wednesday, November 17, 2010
Anu
Hi friends, this post is totally dedicated to Unix/Linux (all Linux distributions like OpenSUSE/Ubuntu/Fedora/RHEL etc.) users for gainning access as a root in Linux machine via a SQUID SCRIPT/Program.
Check it....
- Change IFS.
If the program calls any otherprograms using the system() function call, you may be able to fool it bychanging IFS.
IFS is the Internal Field Separator that the shell uses todelimit arguments.
If the program contains a line thatlooks like this:
system("/bin/date")
and you change IFS to '/' the shellwill them interpret the proceeding line as:
bin date
Now, if you have a program of yourown in the path called "bin" the suid program will run your programinstead of /bin/date.
To change IFS, use this command:
- Link the script to -i
Create a symbolic link named"-i" to the program. Running "-i" will cause theinterpreter shell (/bin/sh) to start up in interactive mode. This only works onsuid shell scripts.
Example:
% ln suid.sh -i%-i#
- Exploit a race condition
Replace a symbolic link to theprogram with another program while the kernel is loading /bin/sh.
Example:
nice -19 suidprog ; ln -s evilprogsuidroot
- Send bad input to the program.
Invoke the name of the program and aseparate command on the same command line.
Example:
suidprog ; id
Ok, this post may be useful for you, thanks...
Posted in
0 comments:
Post a Comment