Yeah, it's a bit like using screen to avoid 're-downloading' something you find over a remote shell, using a different shell than bash as part of an exploit so the history file is unset/obscure from the get-go, adding specific root permissions to a specific user to clone root under a 'legit' uid like 1003, ect. Just all situational tricks simple enough to not bother with a whitepaper.
On Tue, Jun 7, 2011 at 1:25 PM, Dan Rosenberg <[email protected]> wrote: > On Tue, Jun 7, 2011 at 4:12 PM, Marshall Whittaker > <[email protected]> wrote: >> Dan, did you come up with that on the spot or is there already a whitepaper >> on it? > > I haven't seen any whitepapers on this. I think it's the sort of > thing that people just figure out when needed, or pull from their bag > of tricks. > > -Dan > >> Anyway now that the cats out of the bag... See attached. :) No more bids >> please. Dan was correct. >> >> On Tue, Jun 7, 2011 at 9:38 AM, Dan Rosenberg <[email protected]> >> wrote: >>> >>> On Tue, Jun 7, 2011 at 6:19 AM, Marshall Whittaker >>> <[email protected]> wrote: >>> > Hello, >>> > I am willing to sell a new attack vector I have devised. The proof of >>> > concept code you will receive has the ability to arbitrarily upload >>> > files to >>> > a webserver (tested on Apache), running linux with the well known perl >>> > read >>> > pipe vulnerability in many web CGI applications. This issue can also be >>> > leveraged through PHP LFI and RFI attacks, and through almost any other >>> > remote command execution vulnerability. >>> >>> If you have a remote command execution vulnerability, couldn't you >>> just leverage whatever useful binaries are available on the victim >>> machine (perl, python, echo) to simply copy your exploit/file/etc. to >>> disk by printing it byte-by-byte, possibly in pieces? Did I ruin the >>> surprise? >>> >>> -Dan >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
