Linux Security Audit

[Guest Kovalski]

server: 94.249.208.71

login rst

pass rst

faceti si voi un security audit si spuneti aici cam ce ar trebui sa schimb.

target:

obtain uid=0 gid=0 groups=0

schimbari majore

compromitere mysql / apache

escaladare privilegii

instalare rootkit

etc...

daca ati reusit, schimbati asta: Secure

Edited June 16, 2012 by ps-axl

[xpaulx]

Pai e competitie sau ne ceri ajutorul?

[Guest Kovalski]

ia-o cum vrei competitia este pentru a vedea daca am securizat bine.

si tot odata ma si ajutati sa il perfectionez

[PingLord]

Vreau si eu un alt user cu aceleasi permisiuni ca mi se sterge munca care o depun

[Guest Kovalski]

fa-ti un folder cu numele tau si nu o sa se bage nimeni peste

by the way am vazut ca esti pe calea cea buna frumos

[PingLord]

Iar mi s-a golit directoru...pfff..ce oameni rai

[Guest Kovalski]

vad ca esti cel mai bun pana acum, daca tot ti se goleste folderul fa-ti un folder ascuns pe undeva..

eu nu le sterg nu stiu cine naiba ti-a sters jucariile

[PingLord]

Lasa-l si tu deschis pana ajung acasa de la birou te rog.E chiar un challenge foarte tare

[Guest Kovalski]

ramane deschis permanent

[pyth0n3]

Iar mi s-a golit directoru...pfff..ce oameni rai

Am creat 2 executabile

Unul blocheaza fisierul iar al doilea il deblocheaza, trebuie rulat cu drepturi administrative

Un fisier blocat nu poate fi sters si nici modificat de catre nimeni, nici macar de catre root

USAGE: UnBlock <filename>

USAGE: Block <filename>

Va arata un 0 daca operatiunea a fost executata sau nimic in momentul in care operatiunea nu a fost executata

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

begin 644 Block-Unblock.tar.gz
M'XL(".:HW$\``T)L;V-K+55N8FQO8VLN=&%R`.U8#VQ3QQF_9YP06F#.GXZT
MI<S:`@TK.'%("*!!FW\0(/Q-8`54WAS[)7;KV)G]S$C%M`0GK"ADRS:#HLV;
M@I9-V>1JGIH!$FRB"FM5:9-@ZZ9VTSJJ@F0&F^A&JZU%>-_W[M[SY4@:(P%=
MI_=9Y[O?W7?W??>]NW?W?K7^H/LY<F^E'*2ZJ@IS9W55.9]CT;G,646<SNKE
MU<Z*RO(J)X&JRF75Q%Y^C_W2)!)672&[G71VJ=[RP+(I]:9K_X3*UQJ:UDJ2
M9&`+F4$0=4>M>960GY])ZRN)G<PDI60!>93D:AA2-^A`N@AE3#F0K)!F0"J"
M08IZK'F8"@$7LC:))4V@+Z8AZ(@)^Q,;;=?JCD(!M4%$/*9>T6R!+0GH`V
M3.?13T+;K2R5@GXIV,94#[B>:]MV6?5,%@N]?YG?UUKF]RSU^P*1_8YPT%%!
MZVW,]W6;=[!8T3X%K%\1FSNVA_ZLOOG9?3_ZV8N_;B:G/W-3^99SVU9LF\GZ
MY;"^O.AQT6.HCR\Q?7@$=MW/%S>^<U;T?S%7+N#CK'4E9+G0OEK`3@$_`JFI
MSYJ'_N3C[&6YO2,8D'''J+),($QN#,]R(J_?`K4>7T".A!4/"7>&?`&UC71&
MU#`)=X55I0/ZHCKKV^'R!<BZIO6U=7*%HUR/I47[2=K/QN*-8O/YYF#K%H8/
M'+/FY4*'(Y#/A$D.8@XXACD$;@AS<#J..01NQ^'+S=%KUA3VW=,S/@AKL?\[
M-]/I=-_OU)R4`VI3.3!,ZCK\/;WGM?%T52_T3"]\`?ZQ3WHA6O)B\<I%Z)9>
MB!:]V';EO(;1LA?=O7)6P^B!MQAQ4L/HB1<?P95A@/PS<_Y][^&WHY>N;VW9
M[AWL!:UA^-NVTUL)6>HE4+XQ.$'87+I7CZ)SD2>/)R`_/0*[H.?J,/R__*$E
M>E5:^49XP<`)'#]Z5OHAJJ2+^K!94U_Y1BCU2@X.($7/6?<\,SZ@+B(#9QY'
M?1@_>JWX^"CH]IU5"TYA'11FO6HMP;KT^=?&T0?PN.>:#68<_6J>)5+6WS`[
M>M;:;SNU%9;+X9:2O,/U)=:!^A+;86M)ZI>WTFF]?`'*5_-AL.=!,?4.H%.X
M2F'0S/Q$?[ZXLSF%C[YG_`_Y8/#:_-03..+I8HC.0!3_%[_Z<MK2EU9+G._W
M-]C`=AXXA"[T-^2!U73L)=2*OB*MO!5Z*WIN_IZ]\C/C_?-+QHUX'L?W3/3?
M:;7P-);:!J-7K>GS_3.@*G*#!LG0U==1(WB3\H,KNV#-S-#VFX6XO2Y5#=F?
M\-D7ANUK[&4>95]9(.+WVRO6+'+:%RVR*VYOT%[RI)WL:*Y9U[#*7HL'L-W^
MA3:?7PFX.I0U=%VDV3I)<^M%8GMB-J1+!ZUYL"G($K8__?">>^]6.AB''-\5
M2Z`=WQ-G`#\`^2Y(#[+^#['QT.=N6`6X]TH)?7_!G,@\[`?]L3P&.;X+<+$7
MLARF'(Q!/;@61)^N0W[H(-TK=RKX_M;+GX<S9Q6D#9!V0WHVFFE;5U>WREY:
MK[3Z7`%[I:/24;5TQ6):F*S-6:XW$D>XJT-UM4*NAFCNU4OPDE)"G<01"*J*
MHZ9V_5+5U<Y0>R#B:(WXX!3P>8B&O*ZPES@\70$8C^9JB+;L4T)A7S`P`<C0
M%E+\J$<+G7X5#?K@7U7VPW\;`&@*>ERJBS@4K]P6@L=/'&XU&`J#`9H]ZPYI
MQEP=/C<8"*K:'QV-]FP-@YH[V-&A!-3LX_XHH>L)G[UV3DOT^>JBGQV?(YDS
M2SM/)7J6Z&)EN9/3:P2]1M`KF42OD="S#/5PS?I!#P^`7$X/$Y[7[\.Z0CU<
MTW%F5]3;3.BZ1CU<ZV=`KY/Y(I',N;V39,Y4W!M++'1/B//=2[0]I]G%-7T(
M"G,YNQ:6\,Y\B^GA7HA9J'^\793G(<UB?7`OC5GH'N+G@3C*Z>'>.V.A>Q+U
MYG!Z1]CX6(_O@$L6&C\QSE_G](I@'Q7!Y+\DZ&'Z-J>'=[YNT$MP%P?]#![B
M]/"=LP0>XOQ)[/Z`9-95(^@U@M[&2?1^S.G%0"^6DVGC]9),#Y^==A_,H7$0
M]4YR>GC0#4^A]RM.#P^TT2GLCK.YHIYVS\RA=\R9G!Z._QMN/+R7',B]?3Q,
M%S@]?.=VY]Z^CS#]B9\'Z`WG3CZ/B\R^-@_0&YU"[S(;3U\CJ+>2T]/OX_EL
M+%W>!KU_"'IZ;N'JN^$P*@=CCT%Y*<GLMUG">$FH?(SKR-]-1<'W$='Z4ZU2
M`],!&@U,+?@-3&<=-[!V:];>"Q337;?DH([ITSQD8!K!F(%G:7C,P`_0\0S\
MH(8O&7@V]3^JXSDT1@:>2^WWZ?A3=#X&IKLM9N!\#0\=U7&!AH<-3-_8HP8N
MTG#"P/2D/W!,QY^F_AAX'AW/P,5T/`,_3'B9`5\$_'.SDG?3LSG_)/#O$<X_
M"?PKY?R3P#\XD$F2Q<,"\=C([-%U^##9C?X?HW<:Q'CKMO5F]$7[>.3%.?L]
M7/PDB-\W!?O?PT)?9KR?"^.=X.(C6>9I^UN?'[$4D+\(^#H7;\GR$/D/%T\[
MQ-/*.8Q/;QY^K_32.UH!V']<RJP/Q`Y.WPYIM8"W272]Z-]D3TN9]50`ZVFO
M8*]3P`/2Q&\Z/%=U?VW@[T\`CS"<;RDF)Q`?U7$A&4=]\'\W\_?W4F:]V"!^
M?P6<Y/`EP?X-0?]#P!^PYUM@F0N)$/SV:6'CS[-D]E<![B]W2`VKD;8VAQL^
M*>M:MFR7F]8WM\#7J"S73T`;ZCC@"<KM_F"KRR]K]RK9%=E/X,[4Z5=4Q>.H
M6KFB@F"#[//L1U1)M,N8[(ET='3I=AHVUVMCK=U>LZG!0&A&+V>LN`TKGB!Z
MNJYI2VU-D[QE[=KFAA:YI::VJ0$[X'U0=H5"KBY9"7@F5FA?RD2NW[6Y9M/Z
M.H*7/5;'/J^?>BKS!<V^KMWAB*S=*_7>$S_8Y0W[Y.U*NP\^R$-U?E<XK(2)
MW-8I>[]":#?ZK3[)P)G/]@F-$S_[(0`9)P&$@[+7%?#X%?W9Z'$R?-7NP[(,
M5UB]%X8!:8,)9A3MI@O16;YBN:-=4>5.MZQZ(X'G'*W[B<8ET)%,N6/9$]
MYPSPM/QO187!_SJK*Y#_K:ZL-/G?^R'3\;^OWP?^-PX=XP+_J]7!N1.?@O]-
M0GL2VI+_H_QOU>:<#6/__&/COTZD=U[+6_:W"SF_^*[)_]X=_K>;\;^#C/^-
M,?YWB/&_<<;_#D_._\:FYW]?T/C?(P;_.RCPOS&!_QT2^-^XP/\.WWW^-\'X
M7[QLG1[5^-^1*?C?).5_L5E3I_QOXJ/XW\0D_&_B8^=_W[QW_&_<X'_CV?*_
M31_!_R[-FO]E!_#M#/#]XX![/V8..&ERP"8'3$P.^/^9`]XTB1[/`0_U46YW
M.@Y8NQ-FP0'C83>2!0>L<[O3<<#:73,+#ECG=J?C@/&=VYL%!XQ<S$@6'#">
MYHDL.>!$EASPY2PYX-XL.>`QJ%Q@<L#4_C0<\)#``<<%#GA$`3`@><%#C@
M#.=+.>!>@0,>,3#E@!-WR`''!0YX1."`$]-PP`F!`T[>(0<\+'#`0P('G+@#
M#O@D%Q_D@'_+S0\YW[<$_"X7;^2`/^#BB1QPCL"!%@L<<*G``9<)G.\:`6\7
M..!=`@<L"_:^+.!O"!SP]SG.%SG@GW(<+7+`)Z4,AXX<\#F!`WY=RJP7Y'0O
M`A[C\&7!_GN"_DV!`RX4..#B3SX'7&&2P"8);(HIIIABBBFFF&***::88HHI
GIIABBBFFF&***::88HHIIIABBBFFF&***::8<C?EOV.41W``4```
`
end
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iF4EAREIAAYFAk/cqe8ACgkQiOFy19RY1SDaaQD9FftXKinTt+m1onug/eKSCCy5
vU1K19jlEuS4qbJDU+oBAL57hjkCXiHLlBNRZcC99sZrLoqnCakVRFfkptCky3B/
=lvYA
-----END PGP SIGNATURE-----

[Guest Kovalski]

multumesc pyth0n3

[pyth0n3]

Ca executabilele sa poata fi folosite de catre orice user se pot atribui urmatoarele permisii

chmod u+s Block

chmod u+s UnBlock

Evident daca un user detine ambele executabile va putea debloca si bloca in acelasi timp

As sugerii sa fie pus doar Block la dispozitia user-ului rst asadar o data ce o persoana a terminat un assessment poate bloca fisierul care poate fi deblocat doar de persoana care detine UnBlock .Note: O data blocat fisierul nu poate fi nici macar modificat si nici sters oricare ar fi userul care incearca acest lucru.

Edited June 16, 2012 by pyth0n3

[Flubber]

Am creat 2 executabile

Unul blocheaza fisierul iar al doilea il deblocheaza, trebuie rulat cu drepturi administrative

Un fisier blocat nu poate fi sters si nici modificat de catre nimeni, nici macar de catre root

USAGE: UnBlock <filename>

USAGE: Block <filename>

Va arata un 0 daca operatiunea a fost executata sau nimic in momentul in care operatiunea nu a fost executata

[...]

Vreo sansa sa imparti codul sursa si cu noi (*whisper*sau macar prin private message hehe*whisper*)?

[aelius]

Ba futu-va in cristos de labari, care va bateti joc ma ?

rst@ps-axl:~$ history |grep perl
  476  perl
  486  perl  udp.pl
  487  perl  udp.pl 86.106.63.50 25255
  488  perl  udp.pl 86.106.63.50 25255 5000
  489  perl  -c udp.pl 86.106.63.50 25255 5000
  490  perl  -e udp.pl 86.106.63.50 25255 5000
  496  perl  udp.pl 86.106.63.50 25255 5000
  507  history |grep perl
rst@ps-axl:~$ 

[BGS]

Eu am fost , am vrut sa fac o gluma .

[aelius]

Vreo sansa sa imparti codul sursa si cu noi (*whisper*sau macar prin private message hehe*whisper*)?

Pe linux ai chattr.

Pe FreeBSD poti folosi chflags (in functie de securelevel, doar in single mai stergi ceva, sau reboot cu alt securelevel)

"A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute."

idsplus ~ # touch rstcenter
idsplus ~ # chattr +i rstcenter 
idsplus ~ # ls -la rstcenter 
-rw-r--r-- 1 root root 0 Jun 17 19:12 rstcenter
idsplus ~ # id
uid=0(root) gid=0(root) groups=0(root)
idsplus ~ # rm rstcenter 
rm: remove regular empty file `rstcenter'? yes
rm: cannot remove `rstcenter': Operation not permitted
idsplus ~ # chattr -i rstcenter 
idsplus ~ # rm rstcenter 
rm: remove regular empty file `rstcenter'? yes
idsplus ~ # 

Edited June 17, 2012 by aelius

[hades]

stab-urile astea din 2012 is al dracu. ;d

[Flubber]

Pe linux ai chattr.

Pe FreeBSD poti folosi chflags (in functie de securelevel, doar in single mai stergi ceva, sau reboot cu alt securelevel)

"A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute."

idsplus ~ # touch rstcenter
idsplus ~ # chattr +i rstcenter 
idsplus ~ # ls -la rstcenter 
-rw-r--r-- 1 root root 0 Jun 17 19:12 rstcenter
idsplus ~ # id
uid=0(root) gid=0(root) groups=0(root)
idsplus ~ # rm rstcenter 
rm: remove regular empty file `rstcenter'? yes
rm: cannot remove `rstcenter': Operation not permitted
idsplus ~ # chattr -i rstcenter 
idsplus ~ # rm rstcenter 
rm: remove regular empty file `rstcenter'? yes
idsplus ~ # 

Mersi frumos, insa, inca mai vreau sa vad sursa ...

Da, curiozitatea moare ultima.

[pyth0n3]

M-am jucat cu aceleasi flag-uri doar ca am facut un call divers, exista multe alte flag-uri cu care te poti juca pentru a modifica atributiile unui fisier.