| Home / lib / S_Software manuals / | ||
Hacking Linux exposed (MGH, 2001)(T)(C)(584s).djvu |
|
Size 8.2Mb Date Jan 24, 2005 |
all the users on a system to update a common score file while restricting access to the file
from outside of the game itself...
The solution they chose was to make the read-only files owned by root to prevent
the original file owner from changing the file permissions...
Those who are truly paranoid can also set the noexec flag on untrusted filesystems to
prevent any programs on those filesystems from running...
Chances are that an attacker will fail to time the creation of this file
correctly, and the program will either run successfully or exit with the error mes-
message—but however difficult the timing may be, this is still a potential vulnerability...
Hackers use specially crafted hardlinks and symlinks to trick users and software into access-
accessing different files than the ones that were intended, often with disastrous consequences...
Other files, such as /etc/nologin, can create de-
denial-of-service attacks simply by their presence...
However, this could lead to a race condition, which,
though harder to exploit, is still exploitable...
Input validation with a CGI focus is discussed in Chapter 12; however, input valida-
validation applies equally to UNIX scripting in general...
CHAPTER 9
,•,,;¦• ^
"r ' f'
Hacking Linnx Exposod: Linnx Socurity Socrots ft Sointions
Password security is one of the most important security measures to implement for
your Linux system...
This 56-bit key is used to encrypt a constant
string (usually a string consisting of all zeroes), generating a 13-character string that is
returned by crypt C)...
However, it is easy to see evidence of such an attack because this method will
leave trails in the system log files...
[rootomachinel c50a]# scripts/shadmrg.sv > passwd.txt
[rootomachinel c50a]# chmod 600 passwd.txt
Now it is time to run Crack...
An example of running John and the output that John creates is
shown here:
[jdoe@machinel run]$ John passwd.txt
Loaded 3 passwords with 3 different salts (FreeBSD MD5 [32/32])
jdoe (john)
student (student)
NOTE
If and when j ohn is run again, j ohn looks in j ohn .pot, and if a cracked password is found, it
does not try to crack it again...
Shadow Passwords Explained
If shadowing is used, the contents of /etc/passwd would resemble
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
UUCp:X:10:14:UUCp:/var/spool/uuep:
operator:x:11:0:operator:/root:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/home/ftp:
nobody:x:99:99:Nobody:/:
xfs:x:100:101:X Font Server:/etc/Xll/fs:/bin/false
gdm:x:42:42::/home/gdm:/bin/bash
postgres:x:40:233:PostgreSQL Server:/var/lib/pgsql:/bin/bash
jdoe:x:500:500:John Doe:/home/jdoe:/bin/bash
student:x:501:100::/home/student:/bin/bash
Note that the encrypted password field is now simply "x" (and that is not the en-
encrypted form)...
It creates the /etc/shadow file
from an existing /etc/passwd file and an optionally existing shadow file (merging the
two shadow files)...
If the password is composed of a word that exists in some dictionary, then it is
susceptible to a password attack...
As an example, let's pick a well-known saying by a famous person from a very long
time ago:
I came, I saw, I conquered...
One strategy to deal with this difficulty is to create a
file of your passwords and encrypt it using PGP and a strong passphrase that you can re-
remember...
| © 2007 eKnigu | ||
| dvd сказки . mp3-flash плееры creative zen x-fi 16gb black описание . Шкафы-купе, форум. Шкафы-купе на заказ по оптимальным ценам. . Кап ремонт деревянного дома. Ремонт крыши деревянного дома. |