Scribd
Upload
29 views2 pages

Homework 02

It sec

Uploaded by

steveoscar12.market
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views2 pages

Homework 02

It sec

Uploaded by

steveoscar12.market
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

FB12 — AG IT-Sicherheit

Prof. Dr. Elmar Tischhauser

IT-Security

Homework 2
Exploiting Security Vulnerabilities
General notes:

• Please submit your solutions as a PDF document. The PDF can be any combination
of text, photographed notes, program code, etc. Clarity is desirable, but there are no
beauty points.

• Explain your answers briefly but in a comprehensive way (you do not have to write a
novel).

• Upload your solutions to the corresponding homework exercise on Ilias for submission.

• Please work in groups of 1–3 students and provide the names and matriculation numbers
of all group members.

• Deadline for submission is Sunday, July 7, 2024 at 23:59 CET.

Exercise 1 (Practical Privilege Escalation)


The aim of this task is to obtain root privileges on a Linux server. Its VM image is available
here:

https://hessenbox.uni-marburg.de/getlink/fiW7vgDpWGRJLYWkTgmY8Q/itsec2024.
vmdk

The VMDK format is supported by VMware, Virtualbox, qemu/kvm etc. and can be con-
verted with qemu-img if required.
The image allows logging in as user itsec with the password uPu0quaidueT.

a) Find all executable files on the machine with the SetUID-root bit set.

b) Find out how to exploit some of these programs to a privilege escalation, e.g. via suitable
command line parameters or interactive inputs, shell escapes etc. You do not need any
programming or advanced exploits such as buffer overflows. For each vulnerability you
find, briefly document how you exploited it. There are a total of 5 such vulnerabilities
that give you a root shell (3 for full marks, 2 as a bonus).

1
Exercise 2 (SetUID for Shell Scripts)
We know from the exercises that today most Linux distributions ignore the SetUID bit for
interpreted executable files (with shebang “#! /path/to/interpreter” in the first line, e.g.
for shell scripts, Perl, Python, . . . ).
In detail, the execution of such a file (let’s say script.sh with shebang #!/bin/sh) proceeds
as follows:

1. The kernel reads script.sh and realizes that it starts with #!/bin/sh.

2. The kernel closes script.sh and opens the interpreter (the shell) instead.

3. The kernel starts the shell with the path script.sh as parameter.

4. The shell reads the script in script.sh and executes it.

Briefly explain why this procedure contains a race condition and outline a possible TOCTTOU
attack that exploits it.

You might also like