Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 16
Guests Online: 16
Members Online: 0

Registered Members: 82876
Newest Member: bhl1986
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Possible exploit?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-03-09 23:27
Something interesting happened to me today. I log onto a Fedora8 terminal remotely to do the majority of my work using VNC. While I was working the contents of a flash drive opened to me randomly. I found out later that a person who was physically at the terminal had plugged in their thumb drive and some how this triggers every one logged onto the terminal to see the contents of the drive.

Here's the interesting part... I noticed that I had full permissions of the drive and everything in it (including execute).

Consider...

Would it be possible to make a thumb drive containing an autorun.sh with the following contents

Code


cp /etc/shadow /home/ME/
chown ME /home/ME/shadow






It works on my old suse box but I'm not sure if gnome has been updated to stop this from happening. I'm assuming that this is happening because of a gnome script but I don't have access to these folders.

Any knowledge is greatly appreciated.

-Scobe

EDIT:
Will JTR work on shadow? I've never messed with linux passwords.




Edited by on 23-03-09 23:29
Author

RE: Possible exploit?

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 23-03-09 23:55
There's only one way to find out if this works Wink don't forget to post your results here if you try it out!


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Possible exploit?

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 24-03-09 00:00
scobe wrote:
Something interesting happened to me today. I log onto a Fedora8 terminal remotely to do the majority of my work using VNC. While I was working the contents of a flash drive opened to me randomly. I found out later that a person who was physically at the terminal had plugged in their thumb drive and some how this triggers every one logged onto the terminal to see the contents of the drive.

Here's the interesting part... I noticed that I had full permissions of the drive and everything in it (including execute).

Consider...

Would it be possible to make a thumb drive containing an autorun.sh with the following contents

Code


cp /etc/shadow /home/ME/
chown ME /home/ME/shadow






It works on my old suse box but I'm not sure if gnome has been updated to stop this from happening. I'm assuming that this is happening because of a gnome script but I don't have access to these folders.

Any knowledge is greatly appreciated.

-Scobe

EDIT:
Will JTR work on shadow? I've never messed with linux passwords.


Yes you can use JTR to crack the passwd hashes. Problem is that now in most of distros you have shadowed passwords, and shadow file can be only accessed by root. So the user would have to be either retarded or running root as default user, or you know messed up access rights on his system, this stuff happens sometimes though. It's sweet yet I'd say out dated exploit, that you won't find much use of.

Also whether the thumb drive gets actually executed very much depends on particular distro and system configuration


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Possible exploit?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-03-09 04:07
Hmm.. Well I think I've heard enough good that it's at least worth a try. Next time I'm physically at a terminal won't be until next Wednesday (apr. 1) I'll post results.


Author

RE: Possible exploit?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-03-09 04:40
There's a tool out there called the USB pocketknife (a.k.a. USB Hacksaw/Siwtchblade) that does something very similar to this (along with a bunch of other stuff) for windows machines.

Anyway, how often do you have physical access to other people's servers? I don't ever have it, but you might be different.

If you do have physical access a lot, maybe you should code a tool for linux to do some cool stuff when a flash drive is plugged in.


Author

RE: Possible exploit?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-03-09 19:37
I'm physically at the terminal roughly every two weeks. Problem is I don't have root privileges. Also if I reboot the machine I'll get my ass chewed. Anyone else have an idea how to get the shadow file if this doesn't work?


Author

RE: Possible exploit?

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 26-03-09 19:48
scobe wrote:
I'm physically at the terminal roughly every two weeks. Problem is I don't have root privileges. Also if I reboot the machine I'll get my ass chewed. Anyone else have an idea how to get the shadow file if this doesn't work?


Linux kernel local root exploit?


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Possible exploit?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-03-09 06:45
I'm not exactly sure what that is / how to exploit it... I'll look into it, thanks for the idea.


Author

RE: Possible exploit?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-03-09 08:14
[x] Check out some rooting material like RTB or STS.
[x] Go learn about exploits and how they work.
[x] Learn about different ways to use the exploit you've found. (You might not have sufficient privileges to just upload it, compile it, or run it normally, in which case you should look into how to obtain the proper permissions.)


Author

RE: Possible exploit?

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 31-03-09 16:04
SU?


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: Possible exploit?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-03-09 20:00
lol...


Author

RE: Possible exploit?

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 31-03-09 20:02
yours31f wrote:
SU?


Hope you were kidding.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Possible exploit?

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 31-03-09 20:19
Oh god. In case anyone is wondering, the "su" command don't work in scobe's case as he himself had mentioned that he does'nt have root access,and since the command requires the root password for it to execute, it won't work for him.

Oh, and typing su in capitals doesn't work since *nix/Linux is case-sensitive.

I hope I didn't make any mistakes.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: Possible exploit?

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 31-03-09 20:25
fuser wrote:
Oh god. In case anyone is wondering, the "su" command don't work in scobe's case as he himself had mentioned that he does'nt have root access,and since the command requires the root password for it to execute, it won't work for him.

Oh, and typing su in capitals doesn't work since *nix/Linux is case-sensitive.

I hope I didn't make any mistakes.


well theoretically there could be blank root password, so su would give you root straight away Grin

but then again we aren't talking about linux that was set up but a retarded person, I guess...


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 31-03-09 20:26
clone_4@hotmail.com