Lesson 13

Date: 6/27/2018

Linux Network Security

Linux System Administration

Stack overflow exercise.

A code prompts for password, reads it from keyboard, and gives the root shell.


#include <stdio.h>
#include <string.h>

int main()
{
    char buff[10]; //Defines the input array buff of 10 Bytes size
    int pass = 0;

    printf("\n Enter the password : \n");
    gets(buff);

    if(strcmp(buff, "Password1") != 0)
    {
        printf ("\n Wrong Password \n");
    }
    else
    {
        printf ("\n Correct Password \n");
        pass = 1;
    }

    if(pass != 0)
    {
        printf ("pass=, %3d", pass); //See how variable 'pass' is corrupted

       /* Now Give root or admin rights to user*/
        printf ("\n Root privileges given to the user \n");

        setuid(0);
        system("/bin/bash");
    }

    return 0;
}

Any given password string, exceeding 11 letters, would corrupt the memory region, containing variable pass, therefore cause the code to give the root shell.

Exercise
Download the source code and the Makefile:


wget http://linuxcourse.rutgers.edu/lessons/security_remote/Downloads/root_shell.c
wget http://linuxcourse.rutgers.edu/lessons/security_remote/Downloads/Makefile

Compile the source code, and assigne setuid root to the compiled executable:


make

Run the executable:


./root_shell

When prompted for password, type in a long string:


RRRRRRRRRRRRRRRRRRRR

Notice, you got the root shell.

The way to fix it: use function fgets instead of gets, for example:


   //gets(buff);
  fgets(buff,sizeof(buff),stdin);

Exercise: SSH brute force attack
Exercise: Log check for login attempts
Exercise: TCP wrappers
Exercise: denyhosts
Stack overflow
Exercise with Stack overflow
Package upgrades and verification
Open Ports List exercise
Closing Ports
IP filtering firewalls (iptables)
Building iptables rules
Simple iptables script
NAT table
NAT script
Exercises with iptables
Port scanning exercises
Vulnerability scanning exercises
References
Take me to the Course Website