kernel attacks

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
glubby
forum buddy
forum buddy
Posts: 19
Joined: 04 Apr 2008, 16:00
15

kernel attacks

Post by glubby »

Hi guys,

I'm investigating on kernel attacks. :roll: And, I wonder if by any chance, some of you have ever heard about it.

thanks

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

Define "attack"....

Do you mean like getting root/administrative privileges by exploiting the kernel or what?

User avatar
glubby
forum buddy
forum buddy
Posts: 19
Joined: 04 Apr 2008, 16:00
15

Post by glubby »

I was thinking about something like a buffer overflow to get root privileges ou execute arbitrary commands. Or, if by any chance there was a way of getting a root shell a the boot.

G-Brain
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 467
Joined: 08 Nov 2007, 17:00
16
Location: NL

Post by G-Brain »

Local root exploits? I Googled, and found this:

http://www.sans.org/resources/malwarefaq/Ptrace.php

That's one root exploit, and it's explained very nicely.

User avatar
glubby
forum buddy
forum buddy
Posts: 19
Joined: 04 Apr 2008, 16:00
15

Post by glubby »

Yessssssss, thanks, it is what I was looking for.
I also heard about an old flaw in debian openssl making the key generation predictible. But, I can't put my hands on it. Does anyone heard about it ?

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

glubby wrote:Yessssssss, thanks, it is what I was looking for.
I also heard about an old flaw in debian openssl making the key generation predictible. But, I can't put my hands on it. Does anyone heard about it ?
Yeah, but it's not THAT old ^^ the error was made 2006 I think, but it was discovered this year.

User avatar
glubby
forum buddy
forum buddy
Posts: 19
Joined: 04 Apr 2008, 16:00
15

Post by glubby »

You are right, I found it : http://www.debian.org/security/2008/dsa-1571
So, finally I guess those kernel attacks are more popular than I thought

rhysh
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 767
Joined: 15 Nov 2006, 17:00
17
Contact:

Post by rhysh »

kernel attacks on linux

rootkits,root exploits,privalage escalation,trojan

and also try typing sudo before your command,some admins are real noobz and leave the sudo command accessable


usualy most rootkits modify the binary files etc and inject themsleves,there many ways to detects this,program have been made to detect modified binaries,but they usualy require to have scanned the un original file ;:

IDS (intrusion detection system)

these are softwares made to detect when a possible threat to the system is made,eg

port sweeps,log wiping,binary modifying,root logged in,commands executed with root etc,also any accounts running super user privalages etc

note:alot of IDS's will be alerted when you execeute commands like sudo,set uid,chown,chgrp etc

trojans really are just like rootkits,not much difference anyways i think i will leave google to the work for you

User avatar
glubby
forum buddy
forum buddy
Posts: 19
Joined: 04 Apr 2008, 16:00
15

Post by glubby »

If I got everything, for you a kernel attack would be the installation of a backdoor (or something that integrate the kernel) or the usage of a misconfiguration (your sudo example).
Well, that's a good start, I will keep googling on it. thanks

rhysh
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 767
Joined: 15 Nov 2006, 17:00
17
Contact:

Post by rhysh »

glubby wrote:If I got everything, for you a kernel attack would be the installation of a backdoor (or something that integrate the kernel) or the usage of a misconfiguration (your sudo example).
Well, that's a good start, I will keep googling on it. thanks
not always,maybe i will write a tutorial later ;)

User avatar
glubby
forum buddy
forum buddy
Posts: 19
Joined: 04 Apr 2008, 16:00
15

Post by glubby »

a tutorial, I can't wait to see that

Post Reply