lunes, octubre 09, 2006

Get local root by infection

I presented at the Barcelona FIST conference a new way to local-hack linux box by infecting ELF executables.

It's possible do an elf-infection to a writable binary, and wait that r00t or a priviledged user executes it, is a simple idea but a complex implementation.

Here is my presentation:

And here is my implementation:

Here is a demo:
echo hack/infector/exit | nc 9999