-
May 3rd, 2003, 06:01 AM
#1
Auditing for Setuid Exploits
I'm currently doing an audit on a Red Hat 8-9 and SlackWare machine. I mean to test for setuid exploits on the box. I'd like source code to compile and run that will allow me to run a command as uid 0. Again, this is a machine I'm testing locally with credentials, so please post only if you know of a good testing app. I would like to be able to review the source, but a precompiled app will be helpful as a last resort. Thank you in advanced.
PuRe
-
May 9th, 2003, 01:14 PM
#2
Take a look at all the recent security advisories and get clues from them.
Pay a visit to packetstormsecurity and browse through their extensive collection of texts and files.
Try to do a couple of those wargame type of hackersites and learn.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 9th, 2003, 07:13 PM
#3
Most of those sites have very old exploits. I'm subscribed to bugtraq's mailing list, but nothing has come up recently, concerning suid exploits. Thanks for the post anyways
PuRe
-
May 9th, 2003, 07:19 PM
#4
If you can get your paws on a copy of Hacking Exposed Vol 2 they have a section that discusses UID 0 exploits. If you want, I'll dust it off and see what exactly is still useful.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 9th, 2003, 10:08 PM
#5
There's one in Hacking Linux Exposed vol.1 , but the code wouldn't compile. You help would sure be apprietiated.
Thanks,
PuRe
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|