OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-Disclosure] Old LS Trojan?

From: Scott Renna (srennavdbmusic.com)
Date: Wed Dec 01 2004 - 17:47:42 CST


LOL. That CISSP totally rocks.

Scott Renna CISSP, GCIA, GCIH

Kevin Finisterre wrote:
> You should think a CISSP could write such a script in like 5 minutes.
>
>
> David S. Morgan wrote:
>
>> Hey all,
>>
>> I am looking for an old LS trojan, with trojan being a misnomer.
>> Essentially, the scinario is that the admin (root) has a . (dot) in
>> his path. The bad-user knows this, and has crafted an LS shell script
>> (the part that I can't find) that essentially copies /sbin/sh to a
>> hidden directory and then performs some suid majik to make the sh run
>> as if they were root, without needing the root password. The file
>> then removes itself and does the real version of ls.
>>
>> Does anyone remember this one, and have the ls script anywhere? I
>> would like to use it in a demonstration. I know that this has
>> probobly been fixed in various ways, but I have "old Unixes" for just
>> such occasions.
>>
>> Dave Morgan
>>
>> David S. Morgan CISSP, CCNP aka: captkrasearthlink.net
>>
>> "When the winds of change blow hard enough, even the most tiny object
>> can become a deadly projectile"
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html