Dailydave mailing list archives
Linux Hangman Rules
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 17 Apr 2013 11:31:31 -0400
http://blog.ioactive.com/2013/04/can-gdbs-list-source-code-be-used-for.html So reading the above blog is amusing for many reasons. But it did make a lot of people sit around looking at the funniest games you could play on modern Linux. For example, Linux Hangman. Linux Hangman Rules You take turns putting setuid root onto files in /usr/bin /usr/sbin/, etc. and if your opponent can use that to get root, even via a convoluted scenario, then you lose. The goal is to create a system running with MAXIMUM PRIVILEGE. So for example, the first person usually setuid's /bin/true :> Another good game is "Most convoluted way to get root via setuid gdb" - but these results tend to be more subjective, and better after drinks. Oddly enough, today is Linux Kernel Exploit Day at the INFILTRATE Master Class. So at least everyone's head is in the same space! :> -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Linux Hangman Rules Dave Aitel (Apr 17)
- Re: Linux Hangman Rules Michal Zalewski (Apr 17)