|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dave Aitel (dave
immunityinc.com)
Date: Wed Apr 17 2013 - 10:31:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://blog.ioactive.com/2013/04/can-gdbs-list-source-code-be-used-for.html
So reading the above blog is amusing for many reasons. But it did make a
lot of people sit around looking at the funniest games you could play on
modern Linux. For example, Linux Hangman.
Linux Hangman Rules
You take turns putting setuid root onto files in /usr/bin /usr/sbin/,
etc. and if your opponent can use that to get root, even via a
convoluted scenario, then you lose. The goal is to create a system
running with MAXIMUM PRIVILEGE.
So for example, the first person usually setuid's /bin/true :>
Another good game is "Most convoluted way to get root via setuid gdb" -
but these results tend to be more subjective, and better after drinks.
Oddly enough, today is Linux Kernel Exploit Day at the INFILTRATE Master
Class. So at least everyone's head is in the same space! :>
-dave
_______________________________________________
Dailydave mailing list
Dailydavelists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
- application/pgp-signature attachment: OpenPGP digital signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]