But, This also gives the user complete control over the system, which is generally bad from a security perspective. Instead, the program is given the ability to run as if it were the root user, so that the system function can be carried out properly and the user isn’t actually given full system control.

This type of permission is called the suid (set user ID) permission or bit. When a program with the suid permission is executed by any user, that user’s euid (effective user ID) is changed to the uid of the program’s owner, and the program is executed. After the program execution completes, the user’s euid is changed back to its original value. This bit is denoted by the s in bold in the following file listing. There is also a sgid (set group ID) permission, which does the same thing with the effective group ID.

-rwsr-xr-x 1 root san 6023 Dec 20 12:00 /usr/bin/passwd

Here is the passwd path with file permissions as mentioned above.If a user wanted to change password, then we would needs to run /usr/bin/passwd, which is owned by root and has the suid bit on. The uid would then be changed to root’s uid (which is 0) for the execution of passwd, and it would be switched back after the execution completes. This is where binary (1 or 0) comes in typical core techincal computers concepts involves. Programs that have the suid permission turned on and that are owned by the root user are typically called suid root programs.

Posibility of hacking: (Appraoch)

Changing the flow of program execution becomes very powerful. If the flow of a suid root program can be changed to execute an injected piece of arbitrary code, then the attacker could get the program to do anything as the root user. If the attacker decides to cause a suid root program to spawn a new user shell that he/she can access, the attacker will have root privileges at a user level. This is generally bad from a security perspective, as it gives the attacker full control of the system as the root user.

Learning from he above scenario:

Hacking to change the execution flow of a program still isn’t actually breaking any of the program or cracking passwords; Instead, hacker getting known with new ways/appraoches which never expected while developing. To do these methods of exploitation, and to write programs to prevent these types of exploits, requires a greater understanding of the lower-level Programming such as program memory.

Thanks for spending some time in reading this. Hope you enjoyed learning!
Sankar

Here is the sample details of google.com
*************************************************

accounts.google.com
IP address #1: 209.85.175.**

ap.google.com
IP address #1: 74.125.236.**
blog.google.com
IP address #1: 209.85.***.**
catalog.google.com
IP address #1:
IP address #10:
IP address #11:
IP address #12:
IP address #13:
IP address #14:
IP address #15:
IP address #16:
catalogue.google.com

d.google.com

directory.google.com

dl.google.com

download.google.com

downloads.google.com

email.google.com
finance.google.com

gd.google.com

gg.google.com

groups.google.com

help.google.com

id.google.com
IP address #16: 74.125.236.**

images.google.com
IP address #1: 74.125.236.**

ipv6.google.com
IPv6 address #1: 2404:6800:800b::**

kh.google.com

labs.google.com
m.google.com
IP address #1: 209.85.153.***
mail.google.com
IP address #1: 209.85.153.**
mobile.google.com
IP address #1: 209.85.153.***
mt.google.com
IP address #1: 209.85.153.***
news.google.com

ns.google.com
IP address #1: 216.239.32.**
ns1.google.com
IP address #1: 216.239.32.**
ns2.google.com
IP address #1: 216.239.34.**
ns3.google.com
IP address #1: 216.239.36.**

photo.google.com

photos.google.com

proxy.google.com
IP address #1: 66.102.14.**
IP address #2: 66.102.14.**
research.google.com

sandbox.google.com
IP address #1: 209.85.175.**
sb.google.com

search.google.com

services.google.com

shopping.google.com

With all set of IP addresses

root@bt# perl dnsenum.pl domainname.com
*******
Host’s address :

*********
Name server’s

***************
MX records
***********
Trying zone transfers.

********

root@bt# dnsdict6 -t 16 google.com

Where t specifies number of threads.

Hope you understood !

For Backtrack 5, GNOME version has default disabled screenshot tool.
So we need to install gnome utils to get that tool enabled.

root@bt# apt-get install gnome-utils
extract files……100%
installed files….100%
done…

Now you can see the screenshot tool available under accessories > screenshot

There are many Linux versions freely available. These days, most of the people are very interested to work on Linux instead of commercial OS like Mac, Windows. We have shown these below screen shots in Ubuntu.

First open “Terminal” and then type ‘vi hello.c’
Where vi = shell editor
hello = name of the program
.c    = is the representation to C program

Fig: 1 Screen shot of Terminal with vi command

Now after this it will open a vi editor.
Write C program in that editor.
// Hello.c
#include<stdio.h>
void main()
{
printf(“Hello World! \n “);
}

click on ESC button and type  “ :wq “

where :wq = will save the program

Fig :2 compilation of our hello.c

compilation in Linux can be done using cc command.
To print output, use ./a.out
and finally here is our output, “Hello World!”
We can also compile using different way so that we can use it to check assembly code too.

See the below screen shot fig 3: gdb compilation

Here gcc is the compiler. But cc can be used to compile a program.
GCC – GNU project C and C++ Compiler.
When you invoke GCC, it normally does preprocessing, compilation, assembly and linking.
For more information on GCC use “man cc or man gcc “ in shell

-ggdb
Produce debugging information for use by GDB.  This means to use the most expressive format available (DWARF 2, stabs, or the native format if neither of those are supported), including GDB extensions if at all possible.

With -O, the compiler tries to reduce code size and execution time, without performing any optimizations that take a great deal of compilation time.
-O also turns on -fomit-frame-pointer on machines where doing so does not interfere with debugging.
Again, for more information on this use man command or command name – -help .
Now after compilation  use “gdb program name”
see the screen shot (Fig 4)

Now after this you should see the last above line,

“Reading symbols form “/home/ ….. etcc “ = path / program …… done.
This means that program read by the gdb. Now it asks for our turn to use the program.
Type “ disas main”

Here disas = disassemble
disassemble means Disassemble a specified section of memory
Now finally we got Assembly code with address for each instruction.
Keep learning !

Here we will post all new stuff and learning things.

Sankar