05 August 2013

concept of Symlink and hardlink in Linux (most famous attacking technique of year 2011/2012/2013 )

Pranam to all bhai ji _/\_
Today we will discuss about a most famous as well as dangerous utility Symlink aka Softlink aka symbolic link which is used by hackers to exploit Linux server widely :D
ok , many of us (especially those who are working in security testing domain) familiar with this word.
today we will go through working of Symlink .

As name represent , soft link / symbolic link, symlink is just a shortcut of a file .
in windows OS we create a shortcut of a file which is stored on a drive for example in D: drive in folder having name "data" with name my_file.txt , now we want to access this file from desktop , so we will create shortcut of that file by right clicking on that file and selecting "create shorcut" and shortcut will be created. now copy this shortcut file to desktop and whenever you will click on this file , in actually you are going to open original file which is stored on  D: drive in "data" folder .

Linux also provide facility to create shortcut of files but using "SYMLINK"
but before going to symlink concept, i want to explain mechanism of storing files and then representing them by OS
following things needed for file storage and representation of that file in OS
1.storage devics
2.inode number of file
3.and directory entry

 storage device, a file is stored in memory block which is known as sector.Then .
 The inode number is that which contain information about  file like, in which sector file is stored, what is its size,who is the owner of file,what is the file type of file and many more
inode number is unique within a particular file system(partition), that is in a partition we cant have same inode number for 2 files because inode contain info which is required by OS during representation of that file when user ask to access it.
directory entry contains a name for a file or directory and a pointer to the inode where the information about the file or directory is stored.

ok now comes to file Links in linux
Link is an additional directory entry for a file or directory,which allows two or more names for the same thing
there are two type of linking of file in Linux
1.Hard link
2.Soft link(symlink)

Hard Link
A hard link is a directory entry that points to an inode . means if i create a hard link to file my.txt with name ica.txt, this file name will point to inode of file  my.txt.
Hard link can only use to link files not to directory.because directory contains two hard links(. for current directory and .. for current directory which contains the number counting of subdirectory in a directory)

Soft Link
a soft link or symbolic link is a directory entry that points to an inode that provides the name of another directory entry. means we have a file my.txt  in directory /home/user/ and we want to create soft link to this file in another directory /etc/new with name ica.txt then procedure will be following

Creating Hard link
to create link in linux OS , we have "ln" command .

syntex of creating hard link command is :-   ln   source_file   target_name

example:- i want to create hard link for file my.txt which is stored in /home/user directory to directory /etc/new with name ica .txt
command will be    ln    /home/user/my.txt    /etc/new/ica.txt

if you are already in /etc/new directory  you dont need to supply full path to target file
ln  /home/user/my.txt    ica.txt
and file  my.txt will be accessible through file ica.txt

creating Soft link aka Symlink
to create symlink , we will use "ln" command but with option  -s (-s show that we want to create link which is soft)
syntex of creating symlink command is :-    ln   -s    source_file_or_directory   target_file    
example, there is  file  my.txt in  /home/user directory and we want to create symlink to this file in /home directory with name ica.txt , command will be
       ln   -s   /home/user/my.txt    /home/ica.txt 

so , this is the concept of symlink and hard link .
For Symlink hackers
if you are security tester and have a server whose hosting document root is like this
you have shell in directory  /usr/hosting/domain/html/hacked/
and you want to hack other website(domain2 with wordpress installation) on server using symlink attack
command will like this to symlink wordpress config file

  ln   -s   /usr/hosting/domain2/html/wp-config.php    /usr/hosting/domain/html/hacked/ica.txt

if you are in directory /usr/hosting/domain/html/hacked, then you need not to specify full path for target symlink, just specify your symlink file name (name with which you want to create symlink for source file)
 ln   -s   /usr/hosting/domain2/html/wp-config.php   ica.txt

Thank you
Greetz to :-  http://mannulinux.blogspot.in/


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.


Post a Comment


Copyright @ 2013 yourcodes.