Shell Programming,continued...
Slightly Stealthy Scripts
Now suppose you are worried about really clueless kode
kiddies getting into your shell account. Believe it or not, many
people who break into computers are almost totally ignorant of
Unix. For example, at Def Con V a friend, Daniel, conducted an
informal poll. He asked dozens of attendees if they knew the
"cat" command. He found that over half the people there
had never even heard of it! Well, *you* know at least one way to use "cat"
now!
Another example of haxor Unix cluelessness was a fellow
who broke into my shell account and planted a Trojan named "ls."
His idea was that next time I looked at my files using the Unix
ls command, his ls would execute instead and trash my account.
But he forgot to give the command "chmod 700 ls." So
it never ran, poor baby.
******************************************************
Evil genius tip: How to keep from accidenatlly
running a Trojan in your shell account. Damian advises "NEVER
put '.' (the current working directory or cwd) in your path!
If you really want "." in your path, make sure it is
the last one. Then, if a Trojan like ls is in your current directory,
the _real_ ls will be used first. Set your umask (umask is the
command that automatically set permissions on all files you create,
unless you specify otherwise) to something more secure than 022,
I personally use 077. Never give group or other write access
to your directory and be leery of what others can read."
For your reading enjoyment, use the commands "man chmod"
and "man umask" to get all the gory details.
******************************************************
Here are ways to make shell scripts that the average
clueless person who breaks into a computer won't be able to run.
First, when you name your script, put a period in front
of the name. For
example, call it ".secretscript". What that period
does is make it a hidden file. Some kode kiddies don't know how
to look for hidden files with the command "ls -a."
After you make your script, don't give the "chmod
700" command. Just leave it alone. Then when you want to
execute it, give the command "sh hackphile" (substituting
for "hackphile" the name of whatever script you wish
to execute). It will execute even though you never gave that
chmod 700 command!
What you have done with the "sh" command is
launch a temporary new Unix shell, and then send into that shell
the commands of your script.
Here's a cool example. Make this script:
cat > .lookeehere!
who|more
netstat|more
Remember to save this script by holding down the control
key while hitting the letter "d". Now try the command:
".lookeehere!" You should get back something that looks
like:
bash: ./.lookeehere!: Permission denied
That's what will stump the average kode kiddie, presuming he
can even find that script in the first place.
Now try the command "sh .lookeehere!" All
of a sudden you get screen after screen of really interesting
stuff!
Your Internet Service provider may have disabled some
of the commands of this Guide. Or it may have just hidden them
in directories that you can get to if you know how to look for
them. For example, if the "netstat" command doesn't
work, give the command "whereis netstat." or else "locate
netstat."
If, for example, you were to find it in /usr/bin, you
can make that command work with "/usr/bin/netstat"
in your script.
If neither the whereis or locate commands find it for
you, if you are a newbie, you have two choices. Either get a
better shell account, or talk your sysadmin into changing permissions
on that file so you can execute it. Many sysadmins will help
you out this way -- that is, they will help if when they check
their syslog files they don't find evidence of you trying to
break into or trash computers. Neat trick: take your sysadmin
to a fancy restaurant and wait to ask him for access to EVERY
Unix command until after you have paid for his meal.
***************************************************** Evil genius tip: Your sysadmin won't let
you run your favorite Unix commands? Don't grovel! Compile your
own! Most ISPs don't mind if you keep and use your favorite Unix
stuff in your own account. Says Damian, "I tend to keep
my own binaries in ~/bin/ (My home directory slash bin) and put
that in my path. (With the directory being 700 or drwx------
of course)." Where can you get your own? Try http://sunsite.unc.edu/pub/Linux/welcome.html
*****************************************************
More shell programming --->>
