Weird Command Execution I Encountered

uyncis

New Member
Credits
31
I am using OpenSUSE Leap latest version and my kernel version is Linux 5.3.18-59.19-default I start learning Assembly out of curiosity and I was following the tutorial on the tutorialspoint I accidentally wrote the code wrong and the code should have output the number I gave but instead of doing that code put the number I gave to the command line and pressed enter then I tried inputting 'neofetch' and it worked I just accidentally hacked myself great! I thought if I run the code as root it will execute the code as root but that didn't happened, only way I can run the inputted commands as root is when I run the code in the root terminal otherwise I have to add 'sudo' to the command I inputted which has no difference If I am the root why not just run the command but I am curious why did the command line did something which it shouldn't have done in the first place.

I wrote 'section .bbs' instead of 'section .bss' and compiler gave a warning but compiled the code that section of the code is like this:

Code:
section .data                           ;Data segment
   userMsg db 'Please enter a number: ' ;Ask the user to enter a number
   lenUserMsg equ $-userMsg             ;The length of the message
   dispMsg db 'You have entered: '
   lenDispMsg equ $-dispMsg

section .bbs ; instead of 'section .bss'
    num resb 5
Can anyone explain to me what just happened here?

The code that should have printed the num variable:

Code:
;Read and store the user input
   mov eax, 3
   mov ebx, 2
   mov ecx, num  
   mov edx, 5          ;5 bytes (numeric, 1 for sign) of that information
   int 80h

;Output the message 'The entered number is: '
   mov eax, 4
   mov ebx, 1
   mov ecx, dispMsg
   mov edx, lenDispMsg
   int 80h
 


uyncis

New Member
Credits
31
I experimented with the code a little it looks like a buffer overflow when I fixed the broken code I tried inputting '9999999' and command '999' executed so I tried '9999 neofetch' and that also executed but I still don't know what just happened exactly I mean in the Computerphile's buffer overflow video they were inputting some hex commands in like no operation code in this example I just overflowed the buffer and put some code at the end which got executed at the current terminal and with the current users privileges based on my experience this kind of buffer overflow can make the runner of the vulnerable program to run malicious code such as a remote reverse shell back to attackers device is there any way of running a command as root without putting 'sudo' in front of the command?

Clarifications will be appreciated and sorry for my bad English.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Credits
28,611
If you think you've found an exploit, please follow the ethical reporting steps. That generally means contacting the software authors, showing them the exploit, and then waiting until after the problem is fixed before reporting the bug publicly.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Staff online

Members online


Latest posts

Top