Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Sudo tricks

from [Dave Korn] Network Security [Permanent Link]
Subject: Re: Sudo tricks
Date: Fri, 24 Mar 2006 19:05:34 -0000 
John Richard Moser wrote:


Here is a simple hack to break sudo and su to get free root. Add this
to ~/.bashrc and fill in the following blanks:

* ~/.root_kit/rk_su
 Your hacked su to give root on su --now-dammit
* ~/.root_kit/silent_install_root_kit
 Your script to silently install rk_su over /bin/su and add SUID to
it.


[dk@pepper dk]$ ls -la /bin/su
-rwsr-xr-x    1 root     root        19132 Aug 29  2002 /bin/su

  So, in other words, all you need in order to get root access is a rootkit, 
your shell script, and root access?  Ummm... I don't get it.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Casper . Dik
Next by Date:  Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), D.F.Russell
Previous by Thread:  Sudo tricks, John Richard Moser
Next by Thread:  Re: Sudo tricks, Kyle Wheeler
Indexes:  [Date] [Thread] [Top] [All Lists]