Change permisions of a file with my cat's help
Clash Royale CLAN TAG#URR8PPP
up vote
6
down vote
favorite
I realize the question title probably sounds weird, theoretical, or just plain stupid. There's a long backstory to this!
root@system:~# less myfile
-bash: /bin/less: Input/output error
The root filesystem is dead. But my cat is still alive (in my memory):
root@system:~# cat > /tmp/somefile
C^d
root@system:~#
He's kind of lonely though, all his friends are gone:
root@system:~# mount
-bash: /bin/mount: Input/output error
root@system:~# dmesg
-bash: /bin/dmesg: Input/output error
root@system:~# less
-bash: /bin/less: Input/output error
root@system:~# chmod
-bash: /bin/chmod: Input/output error
The system is still running, and fulfilling its purpose.
I know, I know, the only sane response to this is to get the system down and replace the root drive. Unfortunately that's not a option as it would cost a lot of time and money. Also, it would kill my cat, and that would make me sad.
I've thought of bringing him his usual friends from a donor.
I dare not try to scp them in, in case ssh tries to load it and cuts the line (the binary is gone anyway). This sounds like a job for my cat's cousin:
root@system:~# netcat -l 1234 > /tmp/less
-bash: netcat: command not found
Unfortunately he's long gone.
Now, I can sort of trick my cat to resurrect him:
cat > netcat < /dev/tcp/localhost/9999
And that sort of worked. He's almost alive:
root@system:/tmp# /tmp/netcat
-bash: /tmp/netcat: Permission denied
He just needs a tiny spark of life. That little +x
magic incantation that I cannot recite at the moment.
Can you please help me bringing my cat's friends back?
bash filesystems cat root-filesystem system-recovery
add a comment |Â
up vote
6
down vote
favorite
I realize the question title probably sounds weird, theoretical, or just plain stupid. There's a long backstory to this!
root@system:~# less myfile
-bash: /bin/less: Input/output error
The root filesystem is dead. But my cat is still alive (in my memory):
root@system:~# cat > /tmp/somefile
C^d
root@system:~#
He's kind of lonely though, all his friends are gone:
root@system:~# mount
-bash: /bin/mount: Input/output error
root@system:~# dmesg
-bash: /bin/dmesg: Input/output error
root@system:~# less
-bash: /bin/less: Input/output error
root@system:~# chmod
-bash: /bin/chmod: Input/output error
The system is still running, and fulfilling its purpose.
I know, I know, the only sane response to this is to get the system down and replace the root drive. Unfortunately that's not a option as it would cost a lot of time and money. Also, it would kill my cat, and that would make me sad.
I've thought of bringing him his usual friends from a donor.
I dare not try to scp them in, in case ssh tries to load it and cuts the line (the binary is gone anyway). This sounds like a job for my cat's cousin:
root@system:~# netcat -l 1234 > /tmp/less
-bash: netcat: command not found
Unfortunately he's long gone.
Now, I can sort of trick my cat to resurrect him:
cat > netcat < /dev/tcp/localhost/9999
And that sort of worked. He's almost alive:
root@system:/tmp# /tmp/netcat
-bash: /tmp/netcat: Permission denied
He just needs a tiny spark of life. That little +x
magic incantation that I cannot recite at the moment.
Can you please help me bringing my cat's friends back?
bash filesystems cat root-filesystem system-recovery
Can you run/lib/ld-linux.so.2 ./netcat
(or your system's equivalent) and get something going?
â Michael Homer
2 hours ago
Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
â Michael Homer
2 hours ago
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
I realize the question title probably sounds weird, theoretical, or just plain stupid. There's a long backstory to this!
root@system:~# less myfile
-bash: /bin/less: Input/output error
The root filesystem is dead. But my cat is still alive (in my memory):
root@system:~# cat > /tmp/somefile
C^d
root@system:~#
He's kind of lonely though, all his friends are gone:
root@system:~# mount
-bash: /bin/mount: Input/output error
root@system:~# dmesg
-bash: /bin/dmesg: Input/output error
root@system:~# less
-bash: /bin/less: Input/output error
root@system:~# chmod
-bash: /bin/chmod: Input/output error
The system is still running, and fulfilling its purpose.
I know, I know, the only sane response to this is to get the system down and replace the root drive. Unfortunately that's not a option as it would cost a lot of time and money. Also, it would kill my cat, and that would make me sad.
I've thought of bringing him his usual friends from a donor.
I dare not try to scp them in, in case ssh tries to load it and cuts the line (the binary is gone anyway). This sounds like a job for my cat's cousin:
root@system:~# netcat -l 1234 > /tmp/less
-bash: netcat: command not found
Unfortunately he's long gone.
Now, I can sort of trick my cat to resurrect him:
cat > netcat < /dev/tcp/localhost/9999
And that sort of worked. He's almost alive:
root@system:/tmp# /tmp/netcat
-bash: /tmp/netcat: Permission denied
He just needs a tiny spark of life. That little +x
magic incantation that I cannot recite at the moment.
Can you please help me bringing my cat's friends back?
bash filesystems cat root-filesystem system-recovery
I realize the question title probably sounds weird, theoretical, or just plain stupid. There's a long backstory to this!
root@system:~# less myfile
-bash: /bin/less: Input/output error
The root filesystem is dead. But my cat is still alive (in my memory):
root@system:~# cat > /tmp/somefile
C^d
root@system:~#
He's kind of lonely though, all his friends are gone:
root@system:~# mount
-bash: /bin/mount: Input/output error
root@system:~# dmesg
-bash: /bin/dmesg: Input/output error
root@system:~# less
-bash: /bin/less: Input/output error
root@system:~# chmod
-bash: /bin/chmod: Input/output error
The system is still running, and fulfilling its purpose.
I know, I know, the only sane response to this is to get the system down and replace the root drive. Unfortunately that's not a option as it would cost a lot of time and money. Also, it would kill my cat, and that would make me sad.
I've thought of bringing him his usual friends from a donor.
I dare not try to scp them in, in case ssh tries to load it and cuts the line (the binary is gone anyway). This sounds like a job for my cat's cousin:
root@system:~# netcat -l 1234 > /tmp/less
-bash: netcat: command not found
Unfortunately he's long gone.
Now, I can sort of trick my cat to resurrect him:
cat > netcat < /dev/tcp/localhost/9999
And that sort of worked. He's almost alive:
root@system:/tmp# /tmp/netcat
-bash: /tmp/netcat: Permission denied
He just needs a tiny spark of life. That little +x
magic incantation that I cannot recite at the moment.
Can you please help me bringing my cat's friends back?
bash filesystems cat root-filesystem system-recovery
bash filesystems cat root-filesystem system-recovery
asked 3 hours ago
goncalopp
1,68211423
1,68211423
Can you run/lib/ld-linux.so.2 ./netcat
(or your system's equivalent) and get something going?
â Michael Homer
2 hours ago
Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
â Michael Homer
2 hours ago
add a comment |Â
Can you run/lib/ld-linux.so.2 ./netcat
(or your system's equivalent) and get something going?
â Michael Homer
2 hours ago
Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
â Michael Homer
2 hours ago
Can you run
/lib/ld-linux.so.2 ./netcat
(or your system's equivalent) and get something going?â Michael Homer
2 hours ago
Can you run
/lib/ld-linux.so.2 ./netcat
(or your system's equivalent) and get something going?â Michael Homer
2 hours ago
Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
â Michael Homer
2 hours ago
Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
â Michael Homer
2 hours ago
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.
You might be able to get the dynamic loader to run an executable for you. Assuming
cat
is dynamically-linked, your platform's equivalent of/lib/ld-linux.so.2
will likely also be in memory and thus usable to run a binary:# /lib64/ld-linux-x86-64.so.2 ./chmod
chmod: missing operandYou may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.
If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.
# cat > /mnt/windows/chmod < /dev/tcp/localhost/9999
- If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.
If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want -
cat
should be fine for this in the role people usually usedd
for, and you can provide the image over the network.# cat > /dev/sdb1 < ...
This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.
If there is any accessible file that has execute permission on any writable filesystem, you can
cat >
into it to replace the contents with a binary of your choosing.# cat > ~/test.py < ...
- Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load
ctypes.sh
, which provides a foreign function interface to Bash, and thendlcall chmod ./netcat 511
. You could bring in a dynamic library file
foo.so
of your construction and then havecat
load it on your behalf by way ofLD_PRELOAD
, allowing you to execute arbitrary code.# LD_PRELOAD=./hack.so cat /dev/null
If you intercept, for example,
open
:
int open(const char *path, int flags, ...)
chmod(path, 0755);
return -1;then you can do whatever you need to do in there.
My suggestion would be to bring in a statically-linked busybox
executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.
You might be able to get the dynamic loader to run an executable for you. Assuming
cat
is dynamically-linked, your platform's equivalent of/lib/ld-linux.so.2
will likely also be in memory and thus usable to run a binary:# /lib64/ld-linux-x86-64.so.2 ./chmod
chmod: missing operandYou may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.
If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.
# cat > /mnt/windows/chmod < /dev/tcp/localhost/9999
- If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.
If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want -
cat
should be fine for this in the role people usually usedd
for, and you can provide the image over the network.# cat > /dev/sdb1 < ...
This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.
If there is any accessible file that has execute permission on any writable filesystem, you can
cat >
into it to replace the contents with a binary of your choosing.# cat > ~/test.py < ...
- Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load
ctypes.sh
, which provides a foreign function interface to Bash, and thendlcall chmod ./netcat 511
. You could bring in a dynamic library file
foo.so
of your construction and then havecat
load it on your behalf by way ofLD_PRELOAD
, allowing you to execute arbitrary code.# LD_PRELOAD=./hack.so cat /dev/null
If you intercept, for example,
open
:
int open(const char *path, int flags, ...)
chmod(path, 0755);
return -1;then you can do whatever you need to do in there.
My suggestion would be to bring in a statically-linked busybox
executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.
add a comment |Â
up vote
1
down vote
There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.
You might be able to get the dynamic loader to run an executable for you. Assuming
cat
is dynamically-linked, your platform's equivalent of/lib/ld-linux.so.2
will likely also be in memory and thus usable to run a binary:# /lib64/ld-linux-x86-64.so.2 ./chmod
chmod: missing operandYou may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.
If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.
# cat > /mnt/windows/chmod < /dev/tcp/localhost/9999
- If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.
If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want -
cat
should be fine for this in the role people usually usedd
for, and you can provide the image over the network.# cat > /dev/sdb1 < ...
This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.
If there is any accessible file that has execute permission on any writable filesystem, you can
cat >
into it to replace the contents with a binary of your choosing.# cat > ~/test.py < ...
- Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load
ctypes.sh
, which provides a foreign function interface to Bash, and thendlcall chmod ./netcat 511
. You could bring in a dynamic library file
foo.so
of your construction and then havecat
load it on your behalf by way ofLD_PRELOAD
, allowing you to execute arbitrary code.# LD_PRELOAD=./hack.so cat /dev/null
If you intercept, for example,
open
:
int open(const char *path, int flags, ...)
chmod(path, 0755);
return -1;then you can do whatever you need to do in there.
My suggestion would be to bring in a statically-linked busybox
executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.
You might be able to get the dynamic loader to run an executable for you. Assuming
cat
is dynamically-linked, your platform's equivalent of/lib/ld-linux.so.2
will likely also be in memory and thus usable to run a binary:# /lib64/ld-linux-x86-64.so.2 ./chmod
chmod: missing operandYou may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.
If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.
# cat > /mnt/windows/chmod < /dev/tcp/localhost/9999
- If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.
If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want -
cat
should be fine for this in the role people usually usedd
for, and you can provide the image over the network.# cat > /dev/sdb1 < ...
This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.
If there is any accessible file that has execute permission on any writable filesystem, you can
cat >
into it to replace the contents with a binary of your choosing.# cat > ~/test.py < ...
- Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load
ctypes.sh
, which provides a foreign function interface to Bash, and thendlcall chmod ./netcat 511
. You could bring in a dynamic library file
foo.so
of your construction and then havecat
load it on your behalf by way ofLD_PRELOAD
, allowing you to execute arbitrary code.# LD_PRELOAD=./hack.so cat /dev/null
If you intercept, for example,
open
:
int open(const char *path, int flags, ...)
chmod(path, 0755);
return -1;then you can do whatever you need to do in there.
My suggestion would be to bring in a statically-linked busybox
executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.
There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.
You might be able to get the dynamic loader to run an executable for you. Assuming
cat
is dynamically-linked, your platform's equivalent of/lib/ld-linux.so.2
will likely also be in memory and thus usable to run a binary:# /lib64/ld-linux-x86-64.so.2 ./chmod
chmod: missing operandYou may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.
If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.
# cat > /mnt/windows/chmod < /dev/tcp/localhost/9999
- If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.
If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want -
cat
should be fine for this in the role people usually usedd
for, and you can provide the image over the network.# cat > /dev/sdb1 < ...
This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.
If there is any accessible file that has execute permission on any writable filesystem, you can
cat >
into it to replace the contents with a binary of your choosing.# cat > ~/test.py < ...
- Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load
ctypes.sh
, which provides a foreign function interface to Bash, and thendlcall chmod ./netcat 511
. You could bring in a dynamic library file
foo.so
of your construction and then havecat
load it on your behalf by way ofLD_PRELOAD
, allowing you to execute arbitrary code.# LD_PRELOAD=./hack.so cat /dev/null
If you intercept, for example,
open
:
int open(const char *path, int flags, ...)
chmod(path, 0755);
return -1;then you can do whatever you need to do in there.
My suggestion would be to bring in a statically-linked busybox
executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.
answered 1 hour ago
Michael Homer
43.3k6110150
43.3k6110150
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475353%2fchange-permisions-of-a-file-with-my-cats-help%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Can you run
/lib/ld-linux.so.2 ./netcat
(or your system's equivalent) and get something going?â Michael Homer
2 hours ago
Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
â Michael Homer
2 hours ago