A post for UNIX/LINUX experts...
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: A post for UNIX/LINUX experts...

  1. #1
    Banned
    Join Date
    Apr 2002
    Posts
    28

    Question A post for UNIX/LINUX experts...

    env TERM='`cp /bin/sh /tmp/sh;chown root /tmp/sh;chmod 4755/tmp/sh`' change-pass




    What in the world does this command mean? it would be great if someone could break down each little thing like for example the '` part for example, just decrypt the whole line to lamens terms please, thanks !

    -xposed

  2. #2
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    432
    your enviormental variable TERM is now set to first cp /bin/sh then chownership so that root -owns /tmp/sh and then runs change-pass as the user root,
    Looks like something copied from an exploit
    I toor\'d YOU!

  3. #3
    Banned
    Join Date
    Apr 2002
    Posts
    28
    how does that gain you root access?

  4. #4
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Re: A post for UNIX/LINUX experts...

    I only tinker in *nix, but it looks like that is described here.

    I think the basic idea is that the TERM variable is set to a string of commands which are then executed when the script is run. Because the script has SUID status, the script has the permissions of the script owner, not the script user, therefore the attacker runs those commands as root...
    [HvC]Terr: L33T Technical Proficiency

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    Yep, it's code from an exploit. This is usually a method that crackers resort to when the buffer they are trying to overflow isn't big enough to hole the code that they want to execute. Instead of passing the code to the buffer you run the code straight from an environment variable. The catch is that, for this to work, you need to have an account on the box before you can try this so you can read/set environment variables. So basically it's used to elevate privilidges.
    OpenBSD - The proactively secure operating system.

  6. #6
    Junior Member
    Join Date
    Jun 2002
    Posts
    1
    hi ...some body can helpme ? i wann learn about take over channel and i wann try with my chennl.thanks

  7. #7
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Originally posted here by antioperator
    hi ...some body can helpme ? i wann learn about take over channel and i wann try with my chennl.thanks
    Idiot Alert.
    [HvC]Terr: L33T Technical Proficiency

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    193
    The thing that throws me there is the "chmod 4755" chmod lets you change ownership of files it should be something like this right? chmod 777 777 777 which is total ownership.
    [shadow]l3aDmOnKeY[/shadow]

  9. #9
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    No, the chmod command uses octal notation (when used with numbers). So chmod 777 is full access, chmod 700 is full access to owner and no access to group and others and so on. The first digit is for owner, the second for group and the third for others. Hope that clears things up.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    193
    O ya thats right <badmonkey slaps the **** out of himself> now I remember.

    Thanks cgkanchi!
    [shadow]l3aDmOnKeY[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •