Auditing for Setuid Exploits
Results 1 to 5 of 5

Thread: Auditing for Setuid Exploits

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Posts
    452

    Auditing for Setuid Exploits

    I'm currently doing an audit on a Red Hat 8-9 and SlackWare machine. I mean to test for setuid exploits on the box. I'd like source code to compile and run that will allow me to run a command as uid 0. Again, this is a machine I'm testing locally with credentials, so please post only if you know of a good testing app. I would like to be able to review the source, but a precompiled app will be helpful as a last resort. Thank you in advanced.


    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Take a look at all the recent security advisories and get clues from them.
    Pay a visit to packetstormsecurity and browse through their extensive collection of texts and files.

    Try to do a couple of those wargame type of hackersites and learn.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Most of those sites have very old exploits. I'm subscribed to bugtraq's mailing list, but nothing has come up recently, concerning suid exploits. Thanks for the post anyways


    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    If you can get your paws on a copy of Hacking Exposed Vol 2 they have a section that discusses UID 0 exploits. If you want, I'll dust it off and see what exactly is still useful.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    There's one in Hacking Linux Exposed vol.1 , but the code wouldn't compile. You help would sure be apprietiated.


    Thanks,
    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •