What is the purpose, and why is `sh’ shown twice?

Study the following exploit code taken from a Linux machine and answer the questions below:

echo "ingreslock stream tcp nowait root /bin/sh sh I" > /tmp/x;

/usr/sbin/inetd s /tmp/x;

sleep 10;

/bin/ rm f /tmp/x AAAA…AAA

In the above exploit code, the command "/bin/sh sh I" is given.

What is the purpose, and why is `sh’ shown twice?

Study the following exploit code taken from a Linux machine and answer the questions below:

echo "ingreslock stream tcp nowait root /bin/sh sh I" > /tmp/x;

/usr/sbin/inetd s /tmp/x;

sleep 10;

/bin/ rm f /tmp/x AAAA…AAA

In the above exploit code, the command "/bin/sh sh I" is given.

What is the purpose, and why is `sh’ shown twice?

A.
The command /bin/sh sh �i appearing in the exploit code is actually part of an inetd configuration file.

B.
The length of such a buffer overflow exploit makes it prohibitive for user to enter manually.
The second `sh’ automates this function.

C.
It checks for the presence of a codeword (setting the environment variable) among the environment variables.

D.
It is a giveaway by the attacker that he is a script kiddy.

Explanation:
What’s going on in the above question is the attacker is trying to write to the unix filed /tm/x (his inetd.conf replacement config) — he is attempting to add a service called ingresslock (which doesnt exist), which is "apparently" suppose to spawn a shell the given port specified by /etc/services for the service "ingresslock", ingresslock is a non-existant service, and if an attempt were made to respawn inetd, the service would error out on that line. (he would have to add the service to /etc/services to suppress the error). Now the question is asking about /bin/sh sh -i which produces an error that should read "sh: /bin/sh: cannot execute binary file", the -i option places the shell in interactive mode and cannot be used to respawn itself.



Leave a Reply 0

Your email address will not be published. Required fields are marked *