Clik here to view.
Practical malleability attack against CBC-Encrypted LUKS partitions
I. AbstractII. Attack scenarioIII. Description of CBC malleability attackIV. Technical considerations and practical attack against Ubuntu 12.04V. SolutionVI. References I. Abstract The most popular...
View Article[Hacking-Contest] Introduction
The hacking contest is a yearly competition taking place at the LinuxTag in Berlin. The setup consists of two notebooks with a projector attached to each of them. In phase 1 both teams get a root shell...
View Article[Hacking-Contest] Process hiding with mount
On Linux systems, process management tools like ps or top use the contents of the /proc directory to get a listing of all running processes and the contents of the /proc/[pid] directory for getting...
View Article[Hacking-Contest] Disabling password protection with a small binary patch
This blogpost shows how to create a backdoor by changing a few binary instructions in the pam_unix.so shared library file, which is responsible for checking the user password. Unlike most other binary...
View Article[Hacking-Contest] Hiding stuff from the terminal
The file /proc/sys/kernel/core_pattern typically contains the name of the coredump file which is created if a process crashes. Instead of a simple filename, /proc/sys/kernel/core_pattern can also...
View Article[Hacking-Contest] Backdooring rsyslogd
The following few lines add a backdoor to rsyslogd, which can be remotely exploited given that the backdoored host runs an SSH server: man -a rsyslogd syslog|perl -pe'print "auth.* ^/bin/atg...
View Article[Hacking-Contest] Rootkit
Basic operation of rootkit Shell script version of rootkit C version of rootkit Using the rootkit to hide stuff File hiding below the proc filesystem Netcat remote shell Using tcpdump as a covert...
View Article[Hacking-Contest] Binary planting
Most Linux distributions have some kind of checksum support in the package manager which can be used to detect manipulations of existing programs in the filesystem. However, these checksums only verify...
View Article[Hacking-Contest] SSH Server wrapper
This blogpost shows how the SSH server can be replaced with a small wrapper script to allow full unauthenticated remote root access without disturbing the normal operation of the service. In order to...
View Article[Hacking-Contest] Invisible configuration file backdooring with Unicode...
Imagine that you want to check a small configuration file for malicious manipulations. Let's further assume that the file is very small (only 5 non-comment lines) and that you know the expected...
View Article