tailieunhanh - hackers beware the ultimate guide to network security phần 8

Nếu có thể, người quản trị hệ thống khóa xuống Windows máy nào trên mạng, để người dùng có thể không được đơn phương cho phép chia sẻ mà không có kiến thức bộ phận IT. Windows 95 Policy Editor () là một công cụ tuyệt vời cho việc này. | of it contains the actual exploit and somewhere in the data it writes the return address that points to the exploit code. While this could be any command the example studied here presumably executes a call to bin sh. Because the exploit code is represented in hexadecimal form in the source listing it would be necessary to decompile it to understand the actual commands that are embedded. The presumption of running bin sh is based on the observed behavior of the exploit when executed. Because dtprintinfo is suid and this exploit is called by dtprintinfo this code will inherit the rights of the dtprintinfo owner in this case root and the bin sh code will run as root. This gives the attacker a root-level shell. How To Use the Exploit Minimum requirements to use this exploit are Target must be running either Solaris or Solaris 7 SPARC edition without the vendor fixes applied. user ID on the system. C compiler The compiler is not necessarily required on the target system. However the binary needs to be compiled on the same architecture as the target machine. CDE The CDE binaries including dtprintinfo must be installed on the target system. The attacking system doesn t require CDE but must be capable of displaying X applications. Of course the dtprintinfo binary must have the suid bits set as shown in Figure . The following are some screen captures that show the exploit being compiled and used. Figure shows that the user ID sipes which was used to compile the exploit is not a privileged userid. Figure . Shows permissions of user who is compiling the program. Figure shows the steps necessary to compile and execute the binary. Figure . The steps necessary to compile the exploit. Hackers Beware New Riders Publishing 569 When executing the exploit it is necessary to have your DISPLAY variable set appropriately because the exploit will briefly try to display the dtprintinfo application. If your DISPLAY variable is not set the exploit will fail with an

TỪ KHÓA LIÊN QUAN