Hello! This is not a good way of approaching hiding files in Linux ;P As it can at best be considered as "security thru obscurity".. heh.. but not even that. :) When U have gotten used to using a Linux system u will find that u know where all binaries are located and if a whereis doesnt turn something up, u just use the full path. What u just demonstrated cannot be thougt of as hiding files, just annoying users :) A better way to approach file hiding maybe u should take a look at this: http://www.phrack.org/show.php?p=59&a=6 or try to write a LKM for that purpose. Have a nice day ;P Daniel Nyström Independent Security Researcher ---------------------------------- exceat_private http://www.telhack.tk http://exce.ath.cx ----- Original Message ----- From: <sam_secat_private> To: <vuln-devat_private> Sent: Monday, June 23, 2003 10:31 PM Subject: file hiding under Linux > Hi, > > First off I'd like to apologise for my inaptness but I'm new to hacking, > but I'm also, or so I'm told, very creative (switched from a humanities major to CS) and am > full of new ideas that I'd like to > discuss and get feedback on. Ok so I've been working on filehiding for the > linux operating system (www.linux.org) that you can download for free > and is very popular. But you probably all know this. I was wondering, > would it be possible to abuse the linux enviroment to make legitemit users > think a certain file was not present. Like, you can set the enviroment > variable $PATH to something like "/tmp". In the bourne again shell version > 2.05b one can use "export" to set enviroment variables. There might be > other techniques but my Linux course hasn't covered them yet. I'm open for > ideas though. This technique only works for executing binaries, listing > the directory will still find it. > > So for hiding the binaries in /usr/bin an example would be: > > $ export PATH="/tmp" > $ ls > -bash: ls: command not found > $ echo "hid all files in /usr/bin" > hid all files in /usr/bin > $ whereis echo > -bash: whereis: command not found > $ > > So basically I'm building on this, I'd love some feedback and maybe how to > implement this technique in other scenarios. > > With regards, > Sam >
This archive was generated by hypermail 2b30 : Tue Jun 24 2003 - 16:42:52 PDT