Chapter 12: HP Tru64 Unix Exploitation

Overview

The Tru64 operating system has come a long way from Digital Corporation's Dec OSF/1 (also known as Digital Unix) and four major releases under the Digital Unix brand (DG-UX 4.0A to 4.0D). After Compaq acquired Digital Corporation, subsequent releases of the operating system were renamed as Compaq Tru64 4.0F. Tru64 5.1B, released in January 2003, is the latest version.

Recently, Hewlett-Packard acquired Compaq, and once again Tru64 operating system changed names ; it is now known as HP Tru64 Unix.

Tru64 runs on the Alpha CPU developed by the Digital Corporation with performance as the primary market differentiator. Alpha is a 64-bit load and store RISC architecture CPU. Alpha is a true 64-bit architecture; every register is 64 bits long, as is its address space, which makes it quite different from other 64-bit CPUs. Alpha was not extended from a 32-bit CPU in order to catch up with the industry; it was initially designed to be 64-bit, which is why it performs significantly better than other 64-bit RISC CPUs. Alpha CPU is an excellent choice for speed and performance. Tru64 OS proved this by its amazing performance and speed on large applications such as databases. Try Oracle DB on Alpha and x86 to see what we mean.

However, Tru64 is no different from other RISC-based Unix systems in OS security concepts or secure programming practices. Like many popular RISC-based Unix systems, Tru64 also shared similar heritage (SysV and BSD) in its user land and kernel land code base, making Tru64 as vulnerable to remote and local attacks as the Solaris OS, for example. There had been several security weaknesses in RPC-based services, inetd-based network services, and virtually every setuid binary in a typical Tru64 5. x install.

In this chapter, we will initially develop various shellcode for the Tru64 OS, followed by the development of real-world exploit code for the buffer overflow condition in the rpc.ttdbserverd RPC service. To get us going with shellcode and exploit development, we will briefly explore the Alpha CPU. Registers, instruction sets, and calling conventions are the key information needed for exploit and shellcode development. Also, we will explore certain Tru64- related conventions such as storage, alignment and non-executable state of the process stack, and system call invocation. Finally, we will discuss the arguments for useful system calls used in shellcode development. After developing the shellcode and discussing basic exploitation theory, we will finalize this chapter by developing our remote RPC exploit.



The Shellcoder's Handbook. Discovering and Exploiting Security
Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 198
Authors: Neal Krawetz

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net