.

Assistance please

<<

odius1

Newbie
Newbie

Posts: 5

Joined: Fri Apr 18, 2008 2:35 pm

Post Fri Apr 18, 2008 2:39 pm

Assistance please

I recently got my CEH cirtifcation and I'm on a penetratin test for a big company. While I was learning I watched quite a few videos to build my skills.

What does Rm -rf / do?

On this penetration test I was able to get access with help from the CEH book and mentioned tools, but now the system isn't responding to anything?!?

Please help. Did the system administrator see my activity and patch the exploit?
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Apr 18, 2008 3:01 pm

Re: Assistance please

First of all, go to a shell and type man rm

rm is the remove command. Here are the switches you mention:

-r Recursively remove directories and subdirectories in the argument list.
-f Remove all files (whether write-protected or not) in a directory without prompting the user.

Since everything in Linux is a file, this could really hose up a system.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Apr 18, 2008 3:03 pm

Re: Assistance please

Of course, if you are asking this after just passing your CEH and already on a live pen test... this sounds like horrible news for your client.

Do you have permission on this network with a contract of some sort? Hopefully they put a scope on the project so that you and they both would know not to do something that destructive.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

odius1

Newbie
Newbie

Posts: 5

Joined: Fri Apr 18, 2008 2:35 pm

Post Fri Apr 18, 2008 3:07 pm

Re: Assistance please

when I type man rm I get
"'man' is not recognized as an internal or external command, operable program or batch file."

Do think the system not responding could be my fault or did the administrator patch the exploit?

I didn't get a letter from the network.  I email them and asked if they wanted a penetration test, then I find the exploit.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Apr 18, 2008 3:26 pm

Re: Assistance please

don wrote:Of course, if you are asking this after just passing your CEH and already on a live pen test... this sounds like horrible news for your client.


lol...

odius1 wrote:Do think the system not responding could be my fault or did the administrator patch the exploit?


'man' is not an exploit.. it was not patched. I honestly don't know how you got this far (is it really possible to pass the CEH without knowing what 'rm -rf' does?), but I would suggest contacting your client if you just ran that command and now the system is unresponsive....

edit: Sorry, forgot to mention.. in the event a system goes down like you've mentioned during a test, it's usually written in your papers to call your contact
Last edited by venom77 on Fri Apr 18, 2008 3:30 pm, edited 1 time in total.
<<

odius1

Newbie
Newbie

Posts: 5

Joined: Fri Apr 18, 2008 2:35 pm

Post Fri Apr 18, 2008 3:30 pm

Re: Assistance please

I did not see "rm" on my examination for CEH. From the video I was thought that it was a privelage escalation. I am worried to tell my boss because I do not want to be fired. This is my first security job after CEH training and test.

Who should I contact about this server? I can not get to the web site contacts. The web server ecommerce is down and can not get to contacts page.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Apr 18, 2008 3:33 pm

Re: Assistance please

I don't know the scope of your engagement, what you're testing, etc.

That in mind, I would suggest first contacting your boss and letting him/her know that one of the target systems has become unresponsive, and you think it's possibly due to what you have done.

Hopefully he/she will know where to go from there.
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Fri Apr 18, 2008 3:45 pm

Re: Assistance please

Not to rehash anything that anyone has said, but I don't know if it's clearly been stated, but the command rm -rf / *will* attempt to erase every file on the server, without confirmation.

If you had the privlege to run the "rm" command, and it took, then chances are pretty high that you completely toasted their server.

And not to sound like a jerk, but if you're running around on servers (that you don't own or manage) executing commands you don't know about at will, you should probably take a step back from a penetration specialist role and get some more basic experience under your belt.
Poking at security since 1986.  +++ATH
<<

odius1

Newbie
Newbie

Posts: 5

Joined: Fri Apr 18, 2008 2:35 pm

Post Fri Apr 18, 2008 3:49 pm

Re: Assistance please

Bill I can not get in contact with my boss. I am the technical lead on this and when I called back to the company he was out.. They told me to call his wife if I needed to get in contact wtih him. When I did she responded hardly because he had just served her with divorce papers. Should I contact his boss? This is onlymy secod week at this job and I don't wan tto look bad.
<<

odius1

Newbie
Newbie

Posts: 5

Joined: Fri Apr 18, 2008 2:35 pm

Post Fri Apr 18, 2008 3:51 pm

Re: Assistance please

Rance I thought deltree was the command to do that?

I have experience from the CEH course and exam. The company said I did the best on the interview fo all the candidates.
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Fri Apr 18, 2008 3:59 pm

Re: Assistance please

odius1 wrote:Rance I thought deltree was the command to do that?

I have experience from the CEH course and exam. The company said I did the best on the interview fo all the candidates.


deltree is a windows command, rm is a linux/unix command.  Lack of basic file manipulation command knowledge says you're out of your league.  And just because you can pass an exam doesn't necessarily mean you're qualified.  I mean, you admittedly executed a command you have *no* knowledge about... that's a huge no-no, even just in every-day computing.  That's how viruses start propagating, and rootkis get installed. 

I'm sorry, I don't want to be harsh, but I wouldn't plan on holding this job of yours for too long.  Doing something like this is going to show pretty blatant incompetence, and I'd bet a paycheck or two that your boss is going to quickly realize that you're not the best qualified candidate they interviewed.

Again, sorry to be so harsh, but reality is what it is.
Poking at security since 1986.  +++ATH
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Apr 18, 2008 4:20 pm

Re: Assistance please

You mention that you watched some videos, so if you simply type "rm -rf /" with the quotation marks into Google, you'll see several videos showing exactly how this will hose a system. You had to have known.

So, not to be a doubter, but are you pulling our collective leg?

Don
Last edited by don on Sat Apr 19, 2008 10:31 am, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Fri Apr 18, 2008 4:27 pm

Re: Assistance please

if you are the tech lead and you did that, you need to be fired right now. pack your crap go home, get a new job. give the client a BIG apology.
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Fri Apr 18, 2008 8:52 pm

Re: Assistance please

Hmmm... sounds like a joke to me.  If not I have to be honest I agree with ChrisG.  You don't by any chance read BOFH (Bastard Operator from Hell) do you?  Cause that is a favorite command of Simon's. LOL!
CISSP, CEH, GPEN, GCIH, GCFA
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Apr 18, 2008 9:48 pm

Re: Assistance please

ChrisG wrote:if you are the tech lead and you did that, you need to be fired right now. pack your crap go home, get a new job. give the client a BIG apology.


lol... yup, in essence this is what I was alluding too, just didn't want to come out and say it ;D well stated
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software