lunes, octubre 09, 2006

Get local root by infection

I presented at the Barcelona FIST conference a new way to local-hack linux box by infecting ELF executables.

It's possible do an elf-infection to a writable binary, and wait that r00t or a priviledged user executes it, is a simple idea but a complex implementation.

Here is my presentation:
http://www.fistconference.org/data/presentaciones/infR3.pdf

And here is my implementation:
http://www.milw0rm.com/author/300
http://www.badchecksum.com/code/pentest/infR3.s

Here is a demo:http://www.youterm.com/?view=Player&video=hack/infector
or
echo hack/infector/exit | nc youterm.com 9999