Shell Programming: an
Exploit Explained, continued...
LIBRARY FUNCTIONS
Next let's use this
ability to explore to do some more preparatory work for your big
day when you begin running C exploit programs. That exploit by
Leshka is unusually easy because it is a simple shell script.
Most exploit programs must be run as compiled C programs, and
most of these, to save disk space, rely on calling lots of library
functions. So you need to find what kinds of library programs
are on your computer. If any of the functions called by
your latest exploit program are missing, you need to find them
and get them compiled where you can access them from your account.
(If the tech support staff at your ISP is convinced you are a
good guy, they might even let you store your library functions
in a public part of the system. This keeps you from having
to pay for extra file space in your account.)
==========================================================
Newbie note: A "library function" is not a party held
in a library. It is a program that performs a commonly used
task. Most C programs that exploit security flaws to gain access
to a computer include many library functions. You need to get
all the library functions of an exploit available to you on your
computer in order for it to work. Math obsessives and Fortran
users please note that many C functions are not a "function"
as you are used to it being defined.
==========================================================
To see what library
functions are on the computer you are using, first give the command:
ls /usr/local/lib
If you are lucky you will see something like this:
aliaas.csh* libcom_err.a libmmalloc.a path.csh*
alias.csh* libcrypto.a libopcodes.a perl/
bison.hairy libdb.a libpty.a perl5/
bison.simple libdes425.a libreadline.a pgp/
(snip)
Anything with an asterisk
after it is executable (you are using tcsh shell, aren't you?)
If it ends with the extension ".a", that means it is
a C library function.
Where else might we
find programs that can be included in programs you wish to run?
Let's try:
/usr/openwin/lib
/usr/local/X11/lib
/usr/X11/lib
There are other places
where you might find good programs that are more than just C library
functions. Of course you will try "whereis games"!
Here are some other examples of directories with programs and
library functions you may be able to run:
->ls /usr/bin
c++rt0.o libftpio_p.a libopie.a
compat libg++.a libopie.so.2.0
crt0.o libg++.so.4.0 libopie_p.a
gcrt0.o libg++_p.a libpcap.a
kzhead.o libgcc.a libpcap.so.2.2
(snip)
Anything with the
extension "o" is an object module compiled from a C
program. Also, try /usr/local/bin:
Pnews* pager*
Rnmail* patch*
WebReport* patch-metamail*
a2p* perl*
(snip)
You can go on and
on like this hunting for interesting stuff. If you know
the name of the program you are looking for, you can use the "whereis"
(and in some shells, "find"). Otherwise, try searching
directories for stuff you are allowed to run. The commands "cd
.." and "cd /" are great for moving upward into
unknown directory space, and "ls" for moving down.
Whenever you wonder where you are, give the command "pwd".
CONCLUSION
Today's exercises
will help you:
* get familiar with the computer where you have a shell account
* show you how easy programming can be
* reveal that breaking into computers is something even a little
kid could do
To become a truly
elite hacker, you need to be able to do far more than merely break
into computers. In fact, the hacker gods (people like Eric
Raymond, who is profiled in one of our Guides to (mostly) Harmless
Hacking) laugh at people who say they are hackers just because
they can break into computers. Remember, no one needs to
understand Leshka's exploit to use it. After doing today's lessons,
you are already more advanced than many of the "hackers"
who break into computers. This is because you understand some
basics of how Leshka's shell script works, and have even written
your own login shell script.
So now you are already
ahead of the average guy who calls himself a "hacker."
You don't believe me? At last year's Def Con V convention,
a real hacker ran a poll of people who claimed to be hackers.
Over half had never even heard of the "cat" command.
You not only have heard of it -- you use it all the time now.
Right?
Happy hacking!
_______________________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests?
Check out the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned
hacking of the kind that led to the creation of the Internet and
a new era of freedom of information. So don't email us about any
crimes you have committed!
© 1998 Carolyn P. Meinel <">>
and BOFH. You may forward, print out or post this GUIDE TO (mostly)
HARMLESS HACKING on yourWeb site as long as you leave this notice
at the end.
