Interview Questions Answers.ORG
Interviewer And Interviewee Guide
Interviews
Quizzes
Home
Quizzes
Interviews Basic Job Interviews:AbilitiesAbroad JobsActivistAmbitionAnalyticalAptitudeAptitude KnowledgeAssertivenessAuthority / DecisivenessBasic CommonBasic Salary RequirementsBehavioralBehavioral BasedBody LanguageBusiness intelligenceCandidate Selection CriteriaCareer StatementsCareers FutureCaseCitizenshipCommunication SkillsComputer BasicsComputer securityConfidence BuildingConflictCorporate CommunicationCreativeCreativityCurrent Affairs 2009Current Affairs 2010Current Affairs 2011Dangerous JobsDecision MakingDetail SkillsDeterminationDifficultDream JobEmployers To AskEntry LevelEthicsExitFace to FaceFailuresFlexibilityFollow UpFrequently AskedFreshers GraduateFunnyFunny QuotesFuture Career PlanningGeneral KnowledgeGeneral SkillsGood EmployeeGood LeaderGraduationGroupGroup DiscussionsHackingHandle StressHard WorkerHotel TourismHow to AnswerIllegalIncidentInitiativeInitiative WorkplaceInteresting CareerInterestsJobJob AttireJob AwarenessJob DemotionJob Follow Up LetterJob KnowledgeJob PerformanceJob ProtocolJob Search TacticsJob TipsJudgmentLearning SkillsLinkedIn RecommendationListening SkillsLogicalMannersMental AttitudeMid LifeMost Inspiring JobsMotivationNegotiate Pay RaiseNegotiation SkillsNo ExperienceNo Work ExperiencePanelPart Time ContractPatiencePay PackagePersonalPersonality TraitsPhonePlacement AssistancePost GraduatePotential EmployeePresent JobProblem SolvingProblem Solving SkillsProhibitedProjectsPuzzlesQuality On TimeQuantitativeQuantitative AptitudeRecession Proof JobReferencesResignationResume FormatResume HelpResume ObjectivesResume Skill SetSalarySalary NegotiationSecond InterviewSecond RoundSecretarySelf AssessmentSelf WorthinessSituationalSkypeStatics ProbabilityStrange JobsTargeted SelectionTeamworkTeamwork MotivationTechnology SkillsTeenTelephone OperatorTelephonicToughTraining AdviceTrickyTypicalUnusualVideoVisaWarm UpWeaknesses and StrengthsWork EthicsWork HistoryWorkplace FlexibilityWritten Skills
Copyright © 2018. All Rights Reserved
Hacking Interview Question:
How do I gain root from a suid script or program?
Submitted by: Administrator1. Change IFS.
If the shell script calls any other programs using the system()
function call, you may be able to fool it by changing IFS. IFS is the
Internal Field Seperator that the shell uses to delimit arguments.
If the program contains a line that looks like this:
system("/bin/date")
and you change IFS to '/' the shell will them interpret the
proceeding line as:
bin date
Now, if you have a program of your own in the path called "bin" the
suid program will run your program instead of /bin/date.
To change IFS, use this command:
set IFS '/'
2. link the script to -i
Create a symbolic link named "-i" to the program. Running "-i"
will cause the interpreter shell (/bin/sh) to start up in interactive
mode. This only works on suid shell scripts.
Example:
% ln suid.sh -i
% -i
#
3. Exploit a race condition
Replace a symbolic link to the program with another program while the
kernel is loading /bin/sh.
Example:
nice -19 suidprog ; ln -s evilprog suidroot
4. Send bad input the the program.
Invoke the name of the program and a seperate command on the same
command line.
Example:
suidprog ; id
Submitted by: Administrator
If the shell script calls any other programs using the system()
function call, you may be able to fool it by changing IFS. IFS is the
Internal Field Seperator that the shell uses to delimit arguments.
If the program contains a line that looks like this:
system("/bin/date")
and you change IFS to '/' the shell will them interpret the
proceeding line as:
bin date
Now, if you have a program of your own in the path called "bin" the
suid program will run your program instead of /bin/date.
To change IFS, use this command:
set IFS '/'
2. link the script to -i
Create a symbolic link named "-i" to the program. Running "-i"
will cause the interpreter shell (/bin/sh) to start up in interactive
mode. This only works on suid shell scripts.
Example:
% ln suid.sh -i
% -i
#
3. Exploit a race condition
Replace a symbolic link to the program with another program while the
kernel is loading /bin/sh.
Example:
nice -19 suidprog ; ln -s evilprog suidroot
4. Send bad input the the program.
Invoke the name of the program and a seperate command on the same
command line.
Example:
suidprog ; id
Submitted by: Administrator
Copyright 2007-2024 by Interview Questions Answers .ORG All Rights Reserved.
https://InterviewQuestionsAnswers.ORG.
https://InterviewQuestionsAnswers.ORG.