Back To The Future: Unix Wildcards Gone Wild

Back To The Future: Unix Wildcards Gone Wild ============================================ 
- Leon Juranic <leon@defensecode.com> 
- Creation Date: 04/20/2013 
- Release Date: 06/25/2014 

Table Of Content: 
===[ 1. Introduction 
===[ 2. Unix Wildcards For Dummies 
===[ 3. Wildcard Wilderness 
===[ 4. Something more useful... 
4.1 Chown file reference trick (file owner hijacking) 
4.2 Chmod file reference trick 
4.3 Tar arbitrary command execution 
4.4 Rsync arbitrary command execution 

===[ 5. Conclusion 

===[ 1. Introduction 

First of all, this article has nothing to do with modern hacking techniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome's Chain-14-Different-Bugs-To-Get-There... 

Nope, nothing of the above. This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013. Hacking technique of which (to my suprise) even many security-related people haven't heard of. 

That is probably because nobody ever really talked about it before. Why I decided to write on this subject is because, to me personally, it's pretty funny to see what can be done with simple Unix wildcard poisoning tricks. 

So, from this article, what you can expect is collection of neat *nix hacking tricks that as far as I know somehow didn't emerge earlier. If you wonder how basic Unix tools like 'tar' or 'chown' can lead to full system compromise, keep on reading. 

Ladies and gentleman; take your seats, fasten your belts and hold on tight - cause we're going straight back to the 80's, right to the Unix shell hacking... (Is this bad-hair-rock/groovy disco music playing in the background? I think sooo...)...

No comments:

Post a Comment