Showing posts with label suid. Show all posts
Showing posts with label suid. Show all posts

Monday, July 18, 2016

Linux Backdoors via SUID Executables

Backdoors: Maintaining Root Access


In the last post, we talked about how we could use SUID programs to gain root access. Now after gaining root access, what happens next will vary depending on objectives. In general though, you might like to maintain root access without the legitimate root user noticing. This is essentially what a backdoor does. Of course you could just redo the exploit you did to get in, but sometimes that is not possible. Backdoors have become increasingly sophisticated over the years, but their main purpose is to allow a person to regain access to a system at another time. You can always look for popular backdoor scripts online, but it's fun to write your own.
Read more »
Posted by at No comments:
Labels: , ,

Sunday, July 17, 2016

Linux Privilege Escalation via SUID Executables using Environment Paths

Introduction to SUID Executables


A well-known way to gain root privilege in Linux is by using SUID Executables. SUID (SetUID) is a permission given to a program that allows users to execute the program as if the owner of the program were executing it. Thus, if a program is owned by root, a user temporarily has root privilege during the execution of that program. It is possible, therefore, to exploit SUID executables in order to arbitrarily execute commands as root and maintain root privilege.
Read more »
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)