60e8 Anon shell box - Telecomix Crypto Munitions Bureau

Anon shell box

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

The anon shell box is a box that will give anyone access to a chaosbox.

Beware that this will more or less make the box completely unsecure. DONT BE A COWARD, JUST DO IT.


[edit] anonshells.cryptoanarchy.org

Is offline since some months back.

A monk has been dispatched to meditate upon this.

[edit] FreeBSD

It is possible to run stuff inside jails in order to limit what users can do, even if they were able to haxxor the machine and get root. Also, just adding a few lines to /etc/sysctl.conf (or typing them in manually) will prevent users from being able to view each others processes. Increasing the jails securitylevel to 3 also locks it down pretty good.

[edit] sysctl changes

Inside the jail:

# cat /etc/sysctl.conf
security.bsd.see_other_uids=0              # users can not see processes with other UIDs
security.bsd.see_other_gids=0              # users can not see processes with other GIDs
security.bsd.unprivileged_read_msgbuf=0    # i forgot what this was but it sounds good
kern.maxprocperuid=512                     # set maximum number of processes a user can have
kern.securitylevel=3                       # this can be done in a lot of different ways, here is one.

[edit] Dont log the users

Symlink the logs to /dev/null.

* /var/run/utmp
* /var/log/wtmp
* /var/log/<<<lot of files here>>>

for example:

cd /var/run
rm utmp
ln -s /dev/null utmp

[edit] Webserver to allow users to add user accounts

This solution is UGLY but it works. There is a high probability that it will be re-done in the future.

the webserver script

while true ; do cat /path/to/index.html  | nc -l 80 ; done > /dev/null

the webserver2 script

while true ; do ./makeusr | nc -l 81 ; done > /dev/null 

the makeusr script

PSEUDONYM=$INTRONAME`head -c 200 /dev/urandom | tr -cd '[:graph:]' | md5 | cut -b-9`
PASSWORD=`head -c 200 /dev/urandom | tr -cd '[:graph:]' | cut -b-30`

echo -e "$PSEUDONYM\n$PSEUDONYM\n\nanon\n\nanon\ntcsh\n\ngo-rwx\n\n\n\n$PASSWORD\n$PASSWORD\n\nyes\nno" | adduser > /dev/null &2>/dev/null

echo -e "HTTP/1.1 200 OK"
echo -e "Content-Type: text/plain; charset=UTF-8"
echo -e ""
echo -e ":D"
echo -e ""
echo -e "User created!"
echo -e "ssh $PSEUDONYM@anonshells.cryptoanarchy.org"
echo -e "password is: $PASSWORD"
echo -e ""
echo -e "(try irssi -n nickname, for servers that does not like long nicknames.)"
echo -e ""
echo -e "(:=~~~"

WTF is this?! -- It is a bunch of scripts that use netcat to pretend to be a webserver. One script is listening on port 80, and the other is listening on port 81. Running the script webserver and webserver2 as root inside the jail will start it up. (NOTE: you will have to write your own index.html file.)

[edit] Linux (Debian)

Below are instructions for replication of the previous anonshells box. The new run on FreeBSD.

[edit] List of things that are not as good as they could be

  • Users can see each others processes (with ps and top, for example). There is no simple and good method to avoid this in linux AFAIK? (grsecurity & pax support limiting /proc information about processes run by other users)
  • You would also like to add a firewall that denies outbound traffic to your LAN, or something. See iptables for more info on that.

[edit] How does it work??

  • index.html has a link to gen_user.sh.
  • when gen_user.sh is executed by the web browser (when the user clicks the link), it executes xox.
  • xox will run the script gen-usr with root privileges.
  • gen-usr will create a new user and generate a web page with the username & password for the user to see.
  • The user can then log in at the box with SSH, using the username and password that gen-usr created :)

[edit] Howto

  1. install apache2, lighttpd or ngnix.
  2. Put the four files below in the /var/www directory.
  3. Compile xox.c and name the output file xox
  4. chown and chmod the scripts so that the web server can execute them
  5. suid root the "xox" binary (see below for moar info on that)
  6. Done.

This might need some debugging from your part.

[edit] index.html

<body bgcolor="#000000">
<font color="#FFFFFF">
To create a new account, <a href="/cgi-bin/gen_user.sh">click here</a>.<br>

<h1>How do I log in?</h1>
Ordinary login: SSH to XXXXXXXXX. In all operating systems except windows, type "ssh username@XXXXXXXXXX".
In windows, download <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html">putty</a>.

<h1>I forgot my passwords!!!!11</h1>
Too bad for you. We will NEVER recreate accounts for anyone. This is for your own safety.

Dont forget to replace "XXXXXXX" with the box IP address (or DNS name)

[edit] /cgi-bin/gen_user.sh (script)


[edit] xox.c

  1. compile this file and name it "xox".
  2. suid root this file. Type something like "chown root:root xox" and then "chmod u+S xox". This will make so that the file is always executed with root privileges.
#include <unistd.h>

char *path = "/bin/sh";
char *arg0 = "sh";
char *arg1 = "/var/www/cgi-bin/gen-usr";

int main(){
        execl(path, arg0, arg1, NULL);

[edit] /cgi-bin/gen-usr (script)


echo -e "$PASS\n$PASS\n\n\n\n\n\n\n\n\n\n" | /usr/sbin/adduser $USR &>/dev/null
chmod go-rwx /home/$USR

echo "Content-type: text/html;charset=utf-8"
echo ""
echo -e "<html>"
echo -e "<body bgcolor=\"#000000\">"
echo -e "<font color=\"#FFFFFF\">"
echo -e "<h1>User created!</h1>"
echo -e "<br><br>"
echo -e "<b>username</b>: $USR<br><br>"
echo -e "<b>password</b>: $PASS<br>"
echo -e "<br><br>"
echo -e "Log in by connecting to THE_IP_OF_THE_MACHINE with SSH.<br>(If you type <b>ssh username@THE_IP_OF_THE_MACHINE -D9999</b> an encrypted SOCKS-proxy will be enabled at your own computer (at port 9999), which you can use to browse the web from.
echo -e "</body>"
echo -e "</html>"

Dont forget to replace THE_IP_OF_THE_MACHINE with the IP number of your machine (or its DNS name)

[edit] See also

Personal tools