|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Thwarting /bin/bash, an anti-overflow concept ?
From: Vlad Tsyrklevich (vlad
sig11.zemos.net)
Date: Sat Jan 10 2004 - 02:18:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Ofcourse we could rename /bin/bash to /bin/whatever_we_want, and thus add
> some security by obscurity, but the next exploit is going to cat
> /etc/shells or /etc/passwd, and then the attacker knows the name of the
shell.
When you said this I thought why nobody has done this and created a beta
that reads /etc/shells to
find the first "/" and execute it (A bug being currently even if it resides
in a comment). It's 96
bytes (Pretty big) and has been tested on 2.4 and 2.6 kernels', later on I
may add checking to it
so that it doesn't get fooled by comments.
$ ./shells
Shellcode = 96 bytes
[/home/vlad/test/shells]$
http://sig11.zemos.net/vlad/shells.c
http://sig11.zemos.net/vlad/shells.asm
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]