UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
December
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#8438 - 09/03/03 05:30 PM Is this even possible
Chasm Offline
Junior Member

Registered: 08/07/03
Posts: 8
I am trying to test how secure my linux box is. I have been trying to gain root on my local machine, and have tried many diferent ways. The latest way i have been thinking about, is copying a shell, such as bash, that is owned by root. Setting it to setuid, so that when it is run, it has root priveledges.

The only problems that i have encountered are, firstly, copying bash, changes the ownership of the file from root, to an un-priveledged user. Secondly, you have to be root to setuid from within a shell.

ANY help would be greatly appreciated. And yes, i have already had a good look for myself! Thanks

Top
Sponsored Links
      
#8439 - 09/03/03 11:10 PM Re: Is this even possible
paradox Offline
Member

Registered: 08/28/03
Posts: 240
Loc: New Zealand
lol yeah like you said you have to be root to setuid

Just find a suid'd program and overflow the buffer..
do the hackerslab styles, suprisingly quite alot of apps are suid..
or scoure the web for exploits and try em all out
_________________________
The wise make mistakes, the fools repeat them
----------------------------------------
When you have eliminated the impossible, that which remains, however improbable, must be the truth

Top
#8440 - 09/04/03 10:32 AM Re: Is this even possible
Chasm Offline
Junior Member

Registered: 08/07/03
Posts: 8
How about making a copy of a shell, that can cause a buffer overflow itself, then automatically change the owner of the file to root, and setuid itself. Sort of like a stand-alone file, that would automatically gain you root, when it was executed. Obviously it would have to be system specific. Hmm, thats got me thinking now.

Top

Moderator:  Infinite 
Featured Member
Registered: 10/28/14
Posts: 1
Forum Stats
2152 Members
46 Forums
36214 Topics
71384 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 29375
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
cdefgh368568, HushHush, golqm, Tim050, Gecko666
2151 Registered Users
Who's Online
0 registered (), 364 Guests and 340 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!