[ale] no root shell

Jerry Z. Yu z.yu at voicecom.com
Mon Jul 8 15:35:38 EDT 2002


	solution w/o reboot: hack your box

	if you have root cron jobs and the actual exectuable has a very 
permissive permission (like 0777), you can edit this permissive cron job 
to give yourself a SUID ksh/sh binary in /tmp or alike. then run this 
custom-made ksh binary to get yourself a root session. do remember to 
remove it afterwards though.

	or seek those published vulnerability...

	you'd be out of luck if the box is patched up to date and secured 
tightly.	

On Mon, 8 Jul 2002, Jerry Z. Yu wrote:

#	let someone local put the installation cd into the drive.
#	hook up a null modem from a pc (linux or windows) to serial A
#
#	you can do all the work thru the serial... given that you can 
#access that pc remotely...
#
#
#On Mon, 8 Jul 2002, Mazukna, Thomas wrote:
#
##Unfortunately this is a SunOS box in another state (read hundred of miles
##away) :(
##Can this be done remotely ?
##
##thanks,
##Tomas
##
##-----Original Message-----
##From: Mazukna, Thomas 
##Sent: Monday, July 08, 2002 1:27 PM
##To: 'ale at ale.org'
##Subject: [ale] no root shell
##
##
##Hi,
##
##I have an issue on my hands.
##the shell specified in passwd for root does not exist.
##how to get into "root" ? 
##
##thanks,
##Tomas
##
##---
##This message has been sent through the ALE general discussion list.
##See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
##
##sent to listmaster at ale dot org.
##
##---
##This message has been sent through the ALE general discussion list.
##See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
##sent to listmaster at ale dot org.
##
#
#Jerry Z. Yu					+1-404-487-8544 (O)
#systems engineer				z.yu at voicecom.com
#is support, voicecom, llc			www.voicecom.com
#
#
#---
#This message has been sent through the ALE general discussion list.
#See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
#sent to listmaster at ale dot org.
#

Jerry Z. Yu					+1-404-487-8544 (O)
systems engineer				z.yu at voicecom.com
is support, voicecom, llc			www.voicecom.com


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list