Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Attacking Potential of sh-scripts
Special Forums Cybersecurity Attacking Potential of sh-scripts Post 302508509 by Corona688 on Monday 28th of March 2011 10:48:59 AM
Old 03-28-2011
Quote:
Originally Posted by disaster
Imagine a system where all possible code execution methods (binary executables or interpreted languages like perl and python) are not possible for the attacker. The only thing he can do is to write and execute shell scripts. But here, he is completly free to do what he wants, but it has to be within a shellscript and not with root rights.
As long as he has access to files, echo -e or printf, and chmod, he has the ability to copy in executables from somewhere else. Not difficult, just tedious. And then they can craft a busybox or wget executable for themselves and build or import anything else they want.
Quote:
So the question is: How much danger would there be in such a situation?
They could download a password-cracking suite and attempt to crack your own system and/or someone else's. I've seen it happen; a "good" piece of cracking software depends on almost nothing in your system except the shell and wget/curl. They won't get in unless your passwords are ridiculous though.
Last edited by Corona688; 03-28-2011 at 11:57 AM..
This User Gave Thanks to Corona688 For This Post:
disaster
 

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Potential new user of Unix

Hi all, Complete and utter virgin Unix person here (I don't even have the OS yet) As I'm doing a "looking into it" kinda thing before I move from MS I hope my questions are not inappropriate. 1. Should I get some kind off anti virus software. I know Unix is pretty good for not getting them... (2 Replies)
Discussion started by: dhula
2 Replies

2. AIX

how to handle potential file contention

I need to change how a posting procedure currently works in order to improve load balancing but I am hitting a potential file contention problem that I was wondering if someone here could assist me with... In a directory called FilePool I would have a bunch of files that are constantly coming in... (3 Replies)
Discussion started by: philplasma
3 Replies

3. HP-UX

Potential file system contention on directory

We have an 8-processor Itanium system running HP-UX 11.23 connected to shared SAN discs. We have an application that creates files (about 10) in a specific directory. When the application terminates, these files are removed (unlink) and a few others are updated. The directory contains... (8 Replies)
Discussion started by: FDesrochers
8 Replies
All times are GMT -4. The time now is 05:43 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy