Unfortunately, a poorly written SUID or SGID binary can be used to quickly and easily escalate a user's privileges. Also, an attacker who has already gained root access may hide SUID binaries throughout your system in order to leave a backdoor for future access. This leads us to the need for scanning systems for SUID and SGID binaries. This is a simple process and can be done with the following command: # find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -la {} \; One important thing to consider is whether an SUID program is in fact a shell script rather than an executable, since it's trivial for someone to change an otherwise innocuous script into a backdoor. Most operating systems will ignore any SUID or SGID bits on a shell script, but if you want to find all SUID or SGID scripts on a system, change the argument to the -exec option in the last command and add a pipe so that the command reads: # find / \( -perm -4000 -o -perm -2000 \) \ -type f -exec file {} \; | grep -v ELF Now every time an SUID or SGID file is encountered, the file command will run and determine what type of file is being examined. If it's an executable, grep will filter it out; otherwise, it will be printed to the screen with some information about what kind of file it is. Most operating systems use ELF-format executables, but if you're running an operating system that doesn't (older versions of Linux used a.out, and AIX uses XCOFF), you'll need to replace the ELF in the previous grep command with the binary format used by your operating system and architecture. If you're unsure of what to look for, run the file command on any binary executable, and it will report the string you're looking for.
-
Seneste indlæg
Arkiver
- januar 2024
- december 2023
- november 2023
- oktober 2023
- september 2023
- marts 2023
- oktober 2022
- september 2022
- august 2022
- juli 2022
- juni 2022
- maj 2022
- marts 2022
- februar 2022
- december 2021
- oktober 2021
- september 2021
- august 2021
- marts 2021
- maj 2019
- april 2019
- januar 2019
- december 2018
- november 2018
- oktober 2018
- september 2018
- august 2018
- juli 2018
- maj 2018
- april 2018
- marts 2018
- januar 2018
- december 2017
- september 2017
- juli 2017
- juni 2017
- april 2017
- december 2016
- november 2016
- februar 2016
- januar 2016
- december 2015
- september 2015
- august 2015
- april 2015
- februar 2015
- december 2014
- september 2014
- august 2014
- juni 2014
- april 2014
- marts 2014
- februar 2014
- januar 2014
- november 2013
- oktober 2013
- september 2013
- juni 2013
- maj 2013
- april 2013
- januar 2013
- december 2012
- oktober 2012
- september 2012
- august 2012
- juli 2012
- juni 2012
- maj 2012
- maj 2011
- marts 2011
- februar 2011
- juni 2009
- maj 2009
- marts 2009
- december 2008
- november 2008
- oktober 2008
- august 2008
- juli 2008
- juni 2008
- april 2008
- marts 2008
- februar 2008
- januar 2008
- december 2007
- november 2007
- oktober 2007
- september 2007
- august 2007
- juli 2007
- juni 2007
- maj 2007
- april 2007
- marts 2007
- februar 2007
- januar 2007
- november 2006
- oktober 2006
- august 2006
- juli 2006
- juni 2006
- maj 2006
- april 2006
- marts 2006
- februar 2006
- januar 2006
- december 2005
- november 2005
- oktober 2005
- september 2005
- juni 2005
- maj 2005
- april 2005
- marts 2005
- februar 2005
- januar 2005
- december 2004
- november 2004
- oktober 2004
- september 2004
- august 2004
- juli 2004
- juni 2004
- maj 2004
- april 2004
- marts 2004
- februar 2004
- januar 2004
- december 2003
- november 2003
- oktober 2003
- september 2003
- august 2003
- juli 2003
- juni 2003
- maj 2003
- april 2003
- marts 2003
- februar 2003
- januar 2003
- juli 2002
- juni 2002
Kategorier
- Android (1)
- Ansible (1)
- Apache (53)
- Backdoors (3)
- Backuppc (1)
- Blog (2)
- Cisco (2)
- Development (1)
- Domain Name System (3)
- Exploits (4)
- FreeBSD (64)
- Hardware hacking (2)
- HP (1)
- HTML (2)
- Humor (10)
- I3WM (2)
- Intrusion detection (1)
- IRC (5)
- Irssi (1)
- Javascript (1)
- Knowledge Base (623)
- Kryptering (6)
- KVM (4)
- Lamp (5)
- Letsencrypt (1)
- LifeHack (2)
- Links (30)
- Linux (251)
- MobilPhone (1)
- Monitoring (3)
- Mysql (6)
- Nagios (9)
- Networking (152)
- Old Base (529)
- OpenBSD (4)
- OpenVPN (3)
- Opskrifter (1)
- OsX (1)
- PHP (12)
- Postfix (1)
- Programmering (50)
- Python (5)
- Retro hardware (2)
- Security (13)
- Shellscript (7)
- Sparc (1)
- SQL (24)
- SSH (9)
- Uncategorized (40)
- Vagrant (2)
- Videostreaming (1)
- Vim (7)
- VNC (1)
- Windows (23)
- Wordpress (3)
- Workstation (28)
- xcp-ng (1)
- Zfs (1)
Meta