Graphics Programs Reference
In-Depth Information
This daemon program forks into the background, writes to a log file with
timestamps, and cleanly exits when it is killed. The log file descriptor and
connection-receiving socket are declared as globals so they can be closed
cleanly by the
handle_shutdown()
function. This function is set up as the callback
handler for the terminate and interrupt signals, which allows the program to
exit gracefully when it's killed with the
kill
command.
The output below shows the program compiled, executed, and killed.
Notice that the log file contains timestamps as well as the shutdown message
when the program catches the terminate signal and calls
handle_shutdown()
to exit gracefully.
reader@hacking:~/booksrc $ gcc -o tinywebd tinywebd.c
reader@hacking:~/booksrc $ sudo chown root ./tinywebd
reader@hacking:~/booksrc $ sudo chmod u+s ./tinywebd
reader@hacking:~/booksrc $ ./tinywebd
Starting tiny web daemon.
reader@hacking:~/booksrc $ ./webserver_id 127.0.0.1
The web server for 127.0.0.1 is Tiny webserver
reader@hacking:~/booksrc $ ps ax | grep tinywebd
25058 ? Ss 0:00 ./tinywebd
25075 pts/3 R+ 0:00 grep tinywebd
reader@hacking:~/booksrc $ kill 25058
reader@hacking:~/booksrc $ ps ax | grep tinywebd
25121 pts/3 R+ 0:00 grep tinywebd
reader@hacking:~/booksrc $ cat /var/log/tinywebd.log
cat: /var/log/tinywebd.log: Permission denied
reader@hacking:~/booksrc $ sudo cat /var/log/tinywebd.log
07/22/2007 17:55:45> Starting up.
07/22/2007 17:57:00> From 127.0.0.1:38127 "HEAD / HTTP/1.0" 200 OK
07/22/2007 17:57:21> Shutting down.
r
eader@hacking:~/booksrc $
This tinywebd program serves HTTP content just like the original tinyweb
program, but it behaves as a system daemon, detaching from the controlling
terminal and writing to a log file. Both programs are vulnerable to the same
overflow exploit; however, the exploitation is only the beginning. Using the
new tinyweb daemon as a more realistic exploit target, you will learn how to
avoid detection after the intrusion.
0x630
Tools of the Trade
With a realistic target in place, let's jump back over to the attacker's side of
the fence. For this kind of attack, exploit scripts are an essential tool of the
trade. Like a set of lock picks in the hands of a professional, exploits open
many doors for a hacker. Through careful manipulation of the internal
mechanisms, the security can be entirely sidestepped.
