|
-
June 2nd, 2002, 01:18 AM
#1
 A post for UNIX/LINUX experts...
env TERM='`cp /bin/sh /tmp/sh;chown root /tmp/sh;chmod 4755/tmp/sh`' change-pass
What in the world does this command mean? it would be great if someone could break down each little thing like for example the '` part for example, just decrypt the whole line to lamens terms please, thanks !
-xposed
-
June 2nd, 2002, 02:35 AM
#2
your enviormental variable TERM is now set to first cp /bin/sh then chownership so that root -owns /tmp/sh and then runs change-pass as the user root,
Looks like something copied from an exploit
-
June 2nd, 2002, 05:48 AM
#3
how does that gain you root access?
-
June 2nd, 2002, 06:42 AM
#4
Re: A post for UNIX/LINUX experts...
I only tinker in *nix, but it looks like that is described here.
I think the basic idea is that the TERM variable is set to a string of commands which are then executed when the script is run. Because the script has SUID status, the script has the permissions of the script owner, not the script user, therefore the attacker runs those commands as root...
[HvC]Terr: L33T Technical Proficiency
-
June 2nd, 2002, 09:31 AM
#5
Yep, it's code from an exploit. This is usually a method that crackers resort to when the buffer they are trying to overflow isn't big enough to hole the code that they want to execute. Instead of passing the code to the buffer you run the code straight from an environment variable. The catch is that, for this to work, you need to have an account on the box before you can try this so you can read/set environment variables. So basically it's used to elevate privilidges.
OpenBSD - The proactively secure operating system.
-
June 7th, 2002, 12:44 AM
#6
Junior Member
hi ...some body can helpme ? i wann learn about take over channel and i wann try with my chennl.thanks
-
June 7th, 2002, 02:16 AM
#7
Originally posted here by antioperator
hi ...some body can helpme ? i wann learn about take over channel and i wann try with my chennl.thanks
Idiot Alert.
[HvC]Terr: L33T Technical Proficiency
-
June 7th, 2002, 04:13 AM
#8
The thing that throws me there is the "chmod 4755" chmod lets you change ownership of files it should be something like this right? chmod 777 777 777 which is total ownership.
[shadow]l3aDmOnKeY[/shadow]
-
June 7th, 2002, 04:39 AM
#9
No, the chmod command uses octal notation (when used with numbers). So chmod 777 is full access, chmod 700 is full access to owner and no access to group and others and so on. The first digit is for owner, the second for group and the third for others. Hope that clears things up.
Cheers,
cgkanchi
-
June 7th, 2002, 04:44 AM
#10
O ya thats right <badmonkey slaps the **** out of himself> now I remember.
Thanks cgkanchi! 
[shadow]l3aDmOnKeY[/shadow]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
