Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] New RFID Mailing List Owner 0day

from [nocfed] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] New RFID Mailing List Owner 0day
Date: Fri, 28 Sep 2007 12:47:07 -0500 
On 9/28/07, full-disclosure@hushmail.com <full-disclosure@hushmail.com> wrote:

#!/bin/sh
#
# Secure v9.3.1b
# This is to be used on a NEW install only!
# This script will go through your box and lock the inside down.
# Copyright audit@radiusnet.net | munge@attrition.org,
(munge@radiusnet.net)
# Thanks to jericho from attrition for pointing out some issues
with it.
# This script was done thanks to A LOT of alcohol and sleepless
nights thinking about
# how things can be changed to make it faster and set the perms
correctly.
# This script was created for use on Slackware! "As if there's any
better disto"
# If can be used on other versions of Linux.

# Ensure that you are uid 0 (root)
set `id`
if [ $1 != "uid=0(root)" ]; then
        echo "You MUST be root to run this script!"
        exit 5
fi

# Change the perms for /etc
chmod 711 /etc
echo "/etc Perms changed"
sleep 3

# Change the perms for /tmp and /var/tmp
chmod 1733 /tmp
chmod 1733 /var/tmp
echo "All *tmp* Perms changed"
sleep 3

echo "Now we start the fun dir's. The following are the most
important!!"

# Start on the *bin* directories
cd /bin
chmod 510 * | chown root.users *
chmod 500 umount mount telnet
chmod 511 ls dircolors date false true uname login
chmod 4510 ping
chown root.staff ping
chown root.root su
chmod u+s su
echo "/bin directory is complete"
sleep 3

# Now we start on the /usr/sbin directory
cd /usr/sbin
chmod 510 * | chown root.users *
chmod u+s sendmail
chmod 500 ttysnoop
echo "/usr/sbin dir is complete"
sleep 3

# Start /usr/bin
cd /usr/bin
chmod 510 * | chown root.users *
chmod u+s passwd
chmod 4510 traceroute
chown root.staff traceroute
echo "/usr/bin dir is complete"
sleep 3

# Make changes in /etc
cd /etc
chmod 600 inetd.conf
echo "Perms changed in /etc"
sleep 3

# Make a backup of the original syslog.conf and install a better
logging one in it's place.
cd /root
mv /etc/syslog.conf /etc/syslog.bak
cp /root/slack/syslog.conf /etc
killall -HUP syslogd
echo "syslog.conf updated"
sleep 3

# Tighten up the log file perms now
cd /var/log
chmod 600 syslog log.auth log.cron log.daemon log.kern log.mail
log.mark log.syslog
chmod 600 log.user messages ftp.log secure.log
chown root.wheel syslog log.auth log.cron log.daemon log.kern
log.mail log.mark log.syslog
chown root.wheel log.user messages ftp.log secure.log
echo "Log files secured"
sleep 3

# Check for SUID files
cd /root
echo "Now checking for SUID files"
find / \( -perm -4000 -o -perm -2000 ! -type d \) -exec ls -ldb {}
\; >> suid-results
echo "Check in /root for a file called suid-results and you will
have a list of what still"
echo "has the SUID bit"
sleep 3

echo "#######################################################"
echo "Congratulations, your box is now more secure!"
echo "Be sure to add the users to the appropriate groups"
echo "Make sure you go through and double check the perms!!"
echo "This was made to make things quicker but you still should"
echo "double check the perms!!"
echo "MAKE SURE YOU ADD USERS THAT YOU WANT TO BE ABLE TO SU TO
ROOT"
echo "TO THE ROOT AND WHEEL GROUPS OR THEY WON'T BE ABLE TO!!!!!!."
echo "Make sure ALL your users are listed in /etc/groups on the
users line"
echo "or they will be doing alot of bitching"
echo "Once modified, reboot your system to enable all changes"
echo "This is NOT a full blown security script, so don't expect"
echo "your box to be 100% locked down after running it."
echo "It was created to help speed things up!!"
echo "#######################################################"




Woohoo!  You now have a non multi-user system!

Comparing a string for the UID?  Why?
Expecting TMPDIR to only be those two locations?  Why?
Breaking many programs by setting TMPDIR to not be listed by group and
other? Why?
Expecting ``users'' and ``staff'' groups?  Why?
Mixing symbolic and octal chmods?  Why?
Not using functions?  Why?
Expecting your binaries to be in a static location?  Why?
Sleeps?  Why?
5,000 echo's?  Why?
Piping chmod into chown?  Why?
Globbing entire directories?  Why?
Using -exec in find?  Why?

hints:
id -u
$TMPDIR
getent group $GROUPNAME
Use only octals
no hint needed.  just use them.
which || whereis - walk through list and read
don't use them
cat <<_EOF_
what?
find . -maxdepth 1 -type f
find / \( ... \) -ls

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug [FIB FOUND/CONFIRMED], blah
Next by Date:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, full-disclosure
Previous by Thread:  [Full-disclosure] New RFID Mailing List Owner 0day, full-disclosure
Next by Thread:  Re: [Full-disclosure] New RFID Mailing List Owner 0day, Jeffrey Denton
Indexes:  [Date] [Thread] [Top] [All Lists]