securitybreach Posted June 27, 2014 Share Posted June 27, 2014 ===[ 1. Introduction First of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There... Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013. Hacking technique of which (to my suprise) even many security-related people haven't heard of. That is probably because nobody ever really talked about it before. Why I decided to write on this subject is because, to me personally, it's pretty funny to see what can be done with simple Unix wildcard poisoning tricks. So, from this article, what you can expect is collection of neat *nix hacking tricks that as far as I know somehow didn't emerge earlier. If you wonder how basic Unix tools like 'tar' or 'chown' can lead to full system compromise, keep on reading. Ladies and gentleman; take your seats, fasten your belts and hold on tight - cause we're going straight back to the 80's, right to the Unix shell hacking... (Is this bad-hair-rock/groovy disco music playing in the background? I think sooo...)........ http://www.defenseco...s_Gone_Wild.txt 3 Quote Link to comment Share on other sites More sharing options...
Capt.Crow Posted June 27, 2014 Share Posted June 27, 2014 I really hope this post is restricted to members only.. Be crazy to let this out into the wild. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 28, 2014 Author Share Posted June 28, 2014 Not at all. I seen it on Reddit Quote Link to comment Share on other sites More sharing options...
securitybreach Posted June 28, 2014 Author Share Posted June 28, 2014 Well most of the article is simply explaining how wildcards work, how to use various linux commands like chown, rsync, etc. The exploiting section is pointing out different ways wildcards can be used for nefarious or pratical reasons. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 29, 2014 Share Posted June 29, 2014 (edited) I really hope this post is restricted to members only.. Be crazy to let this out into the wild. Posts like the above are a reminder to never just copy and paste any old code you find out there on the net when looking for a solution to a problem Oh and penguins are crazy, they not only tell folks about the dangers they even show you how to how to do crazy things in great detail. Edited June 29, 2014 by abarbarian 2 Quote Link to comment Share on other sites More sharing options...
Capt.Crow Posted June 29, 2014 Share Posted June 29, 2014 A very timely warning .Many thanks for that. Just goes to show you * Fools rush in where angels fear to tread* 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.