Re: file hiding under Linux

From: Daniel Nyström (exceat_private)
Date: Tue Jun 24 2003 - 16:29:04 PDT

Next message: j3wlz rulez: "Re: Windows Shellcode Writing"

Previous message: Brian Hatch: "Re: file hiding under Linux"
In reply to: sam_secat_private: "file hiding under Linux"
Next in thread: Patrick Webster: "RE: file hiding under Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

This is not a good way of approaching hiding files in Linux ;P As it can at
best be considered as "security thru obscurity".. heh.. but not even that. :)

When U have gotten used to using a Linux system u will find that u know
where all binaries are located and if a whereis doesnt turn something up, u
just use the full path.

What u just demonstrated cannot be thougt of as hiding files, just annoying users :)

A better way to approach file hiding maybe u should take a look at this:

http://www.phrack.org/show.php?p=59&a=6

or try to write a LKM for that purpose.

Have a nice day ;P

Daniel Nyström
Independent Security Researcher
----------------------------------
exceat_private
http://www.telhack.tk
http://exce.ath.cx

----- Original Message ----- 
From: <sam_secat_private>
To: <vuln-devat_private>
Sent: Monday, June 23, 2003 10:31 PM
Subject: file hiding under Linux


> Hi,
> 
> First off I'd like to apologise for my inaptness but I'm new to hacking,
> but I'm also, or so I'm told, very creative (switched from a humanities major to CS) and am
> full of new ideas that I'd like to
> discuss and get feedback on. Ok so I've been working on filehiding for the
> linux operating system (www.linux.org) that you can download for free
> and is very popular. But you probably all know this. I was wondering,
> would it be possible to abuse the linux enviroment to make legitemit users
> think a certain file was not present. Like, you can set the enviroment
> variable $PATH to something like "/tmp". In the bourne again shell version
> 2.05b one can use "export" to set enviroment variables. There might be
> other techniques but my Linux course hasn't covered them yet. I'm open for
> ideas though. This technique only works for executing binaries, listing
> the directory will still find it.
> 
> So for hiding the binaries in /usr/bin an example would be:
> 
> $ export PATH="/tmp"
> $ ls
> -bash: ls: command not found
> $ echo "hid all files in /usr/bin"
> hid all files in /usr/bin
> $ whereis echo
> -bash: whereis: command not found
> $
> 
> So basically I'm building on this, I'd love some feedback and maybe how to
> implement this technique in other scenarios.
> 
> With regards,
> Sam
>

Next message: j3wlz rulez: "Re: Windows Shellcode Writing"
Previous message: Brian Hatch: "Re: file hiding under Linux"
In reply to: sam_secat_private: "file hiding under Linux"
Next in thread: Patrick Webster: "RE: file hiding under Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 24 2003 - 16:42:52 PDT