ehenning writes "SecuriTeam has posted a paper on some known vulnerabilities in Mac OS X. It lists methods for developing shellcode based on the PowerPC architecture. They note that there are similar vulnerabilities in Mac OS X and Darwin as in IA32 machines."
Vulnerabilities
by
krisbrowne42
·
· Score: 2, Interesting
You know, it might just be me, but it looks like those need to be run as Root, or be run on vulnerable setuid executables, to be effective.
Just to put it in perspective.
Am I missing something?
by
tuxedobob
·
· Score: 5, Interesting
Okay, on page 6 he chown's the test program to root. Now, I just tried to chown something I own to root and it said operation not permitted. This is true in both tcsh and bash. It does of course work if you sudo, or start as root, but if you have root access, why write shellcode to give yourself root access on the same machine? Or is this covered after the first 12 pages?
Still can't see it...
by
foniksonik
·
· Score: 4, Interesting
I still can't see script kiddies sitting down to do this type of hacking for any length of time... seems like they prefer instant gratification. Maybe if someone much more intelligent were to write up a few cracker's kits with a bundle of preset tools and whatnot... maybe then.
As always, if someone REALLY wants to get in to your stuff, they will find a way. Locks and other security are really only targeted at vandals, not thieves.
-- A fool throws a stone into a well and a thousand sages can not remove it.
For the Un*x junkies out there
by
krray
·
· Score: 2, Interesting
I read through this. Read it again. Never did like assembly. Time and again it got back to the same thing it seems.
Turning the set-user-id bit on. Yeah. $ cp/bin/sh/bin/root-shell $ chown 0.0/bin/root-shell $ chmod u+s/bin/root-shell $/bin/root-shell #
Yeah, well, not really (anymore:). Back in the the day this was a _easy_ way to take over the AT&T 7300 Unix system lab. Get root on one machine -- and create a root shell. Dump it to a floppy and you were gHod. Mount it as any user on any machine and execute -- you're root.
Today this shouldn't work (and doesn't per the example above). His "exploit" basically tricks the system into actually making it happen. The key is getting a controllable root suid file on the system....
WITHOUT being asked for a password. Good luck.:)
I can just write a shell script: sudo my_bad_script Email it off and hope people type their password when prompted. Too bad my users don't know root's password -- and they really have no need to be admin either. Benefits of company equipment...
PS: I'd be willing to bet my other nut that this little buffer overflow trick, which is really useless, won't work anymore with the official Panther release.
Re:Well what do you expect from a Troll
by
coolmacdude
·
· Score: 2, Interesting
If you have access to etc/passwd, then you most likely also have shell access in which case you could just do nidump passwd . and get the hashes just as easily.
Slashdot Mirror
You know, it might just be me, but it looks like those need to be run as Root, or be run on vulnerable setuid executables, to be effective.
Just to put it in perspective.
Okay, on page 6 he chown's the test program to root. Now, I just tried to chown something I own to root and it said operation not permitted. This is true in both tcsh and bash. It does of course work if you sudo, or start as root, but if you have root access, why write shellcode to give yourself root access on the same machine? Or is this covered after the first 12 pages?
I still can't see script kiddies sitting down to do this type of hacking for any length of time... seems like they prefer instant gratification. Maybe if someone much more intelligent were to write up a few cracker's kits with a bundle of preset tools and whatnot... maybe then.
As always, if someone REALLY wants to get in to your stuff, they will find a way. Locks and other security are really only targeted at vandals, not thieves.
A fool throws a stone into a well and a thousand sages can not remove it.
I read through this. Read it again. Never did like assembly. Time and again it got back to the same thing it seems.
/bin/sh /bin/root-shell /bin/root-shell /bin/root-shell /bin/root-shell
:). Back in the the day this was a _easy_ way to take over the AT&T 7300 Unix system lab. Get root on one machine -- and create a root shell. Dump it to a floppy and you were gHod. Mount it as any user on any machine and execute -- you're root.
:)
Turning the set-user-id bit on. Yeah.
$ cp
$ chown 0.0
$ chmod u+s
$
#
Yeah, well, not really (anymore
Today this shouldn't work (and doesn't per the example above). His "exploit" basically tricks the system into actually making it happen. The key is getting a controllable root suid file on the system....
WITHOUT being asked for a password. Good luck.
I can just write a shell script: sudo my_bad_script
Email it off and hope people type their password when prompted. Too bad my users don't know root's password -- and they really have no need to be admin either. Benefits of company equipment...
PS: I'd be willing to bet my other nut that this little buffer overflow trick, which is really useless, won't work anymore with the official Panther release.
If you have access to etc/passwd, then you most likely also have shell access in which case you could just do nidump passwd . and get the hashes just as easily.
-You may license this sig for only $6.99.