I presented at the Barcelona FIST conference a new way to local-hack linux box by infecting ELF executables.
It's possible do an elf-infection to a writable binary, and wait that r00t or a priviledged user executes it, is a simple idea but a complex implementation.
Here is my presentation:
http://www.fistconference.org/data/presentaciones/infR3.pdf
And here is my implementation:
http://www.milw0rm.com/author/300
http://www.badchecksum.com/code/pentest/infR3.s
Here is a demo:http://www.youterm.com/?view=Player&video=hack/infector
or
echo hack/infector/exit | nc youterm.com 9999
It's possible do an elf-infection to a writable binary, and wait that r00t or a priviledged user executes it, is a simple idea but a complex implementation.
Here is my presentation:
http://www.fistconference.org/data/presentaciones/infR3.pdf
And here is my implementation:
http://www.milw0rm.com/author/300
http://www.badchecksum.com/code/pentest/infR3.s
Here is a demo:http://www.youterm.com/?view=Player&video=hack/infector
or
echo hack/infector/exit | nc youterm.com 9999
Comentarios