Change permisions of a file with my cat's help

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
6
down vote

favorite
1












I realize the question title probably sounds weird, theoretical, or just plain stupid. There's a long backstory to this!



root@system:~# less myfile
-bash: /bin/less: Input/output error


The root filesystem is dead. But my cat is still alive (in my memory):



root@system:~# cat > /tmp/somefile
C^d
root@system:~#


He's kind of lonely though, all his friends are gone:



root@system:~# mount
-bash: /bin/mount: Input/output error
root@system:~# dmesg
-bash: /bin/dmesg: Input/output error
root@system:~# less
-bash: /bin/less: Input/output error
root@system:~# chmod
-bash: /bin/chmod: Input/output error


The system is still running, and fulfilling its purpose.
I know, I know, the only sane response to this is to get the system down and replace the root drive. Unfortunately that's not a option as it would cost a lot of time and money. Also, it would kill my cat, and that would make me sad.



I've thought of bringing him his usual friends from a donor.
I dare not try to scp them in, in case ssh tries to load it and cuts the line (the binary is gone anyway). This sounds like a job for my cat's cousin:



root@system:~# netcat -l 1234 > /tmp/less
-bash: netcat: command not found


Unfortunately he's long gone.



Now, I can sort of trick my cat to resurrect him:



cat > netcat < /dev/tcp/localhost/9999


And that sort of worked. He's almost alive:



root@system:/tmp# /tmp/netcat
-bash: /tmp/netcat: Permission denied


He just needs a tiny spark of life. That little +x magic incantation that I cannot recite at the moment.



Can you please help me bringing my cat's friends back?










share|improve this question





















  • Can you run /lib/ld-linux.so.2 ./netcat (or your system's equivalent) and get something going?
    – Michael Homer
    2 hours ago










  • Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
    – Michael Homer
    2 hours ago















up vote
6
down vote

favorite
1












I realize the question title probably sounds weird, theoretical, or just plain stupid. There's a long backstory to this!



root@system:~# less myfile
-bash: /bin/less: Input/output error


The root filesystem is dead. But my cat is still alive (in my memory):



root@system:~# cat > /tmp/somefile
C^d
root@system:~#


He's kind of lonely though, all his friends are gone:



root@system:~# mount
-bash: /bin/mount: Input/output error
root@system:~# dmesg
-bash: /bin/dmesg: Input/output error
root@system:~# less
-bash: /bin/less: Input/output error
root@system:~# chmod
-bash: /bin/chmod: Input/output error


The system is still running, and fulfilling its purpose.
I know, I know, the only sane response to this is to get the system down and replace the root drive. Unfortunately that's not a option as it would cost a lot of time and money. Also, it would kill my cat, and that would make me sad.



I've thought of bringing him his usual friends from a donor.
I dare not try to scp them in, in case ssh tries to load it and cuts the line (the binary is gone anyway). This sounds like a job for my cat's cousin:



root@system:~# netcat -l 1234 > /tmp/less
-bash: netcat: command not found


Unfortunately he's long gone.



Now, I can sort of trick my cat to resurrect him:



cat > netcat < /dev/tcp/localhost/9999


And that sort of worked. He's almost alive:



root@system:/tmp# /tmp/netcat
-bash: /tmp/netcat: Permission denied


He just needs a tiny spark of life. That little +x magic incantation that I cannot recite at the moment.



Can you please help me bringing my cat's friends back?










share|improve this question





















  • Can you run /lib/ld-linux.so.2 ./netcat (or your system's equivalent) and get something going?
    – Michael Homer
    2 hours ago










  • Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
    – Michael Homer
    2 hours ago













up vote
6
down vote

favorite
1









up vote
6
down vote

favorite
1






1





I realize the question title probably sounds weird, theoretical, or just plain stupid. There's a long backstory to this!



root@system:~# less myfile
-bash: /bin/less: Input/output error


The root filesystem is dead. But my cat is still alive (in my memory):



root@system:~# cat > /tmp/somefile
C^d
root@system:~#


He's kind of lonely though, all his friends are gone:



root@system:~# mount
-bash: /bin/mount: Input/output error
root@system:~# dmesg
-bash: /bin/dmesg: Input/output error
root@system:~# less
-bash: /bin/less: Input/output error
root@system:~# chmod
-bash: /bin/chmod: Input/output error


The system is still running, and fulfilling its purpose.
I know, I know, the only sane response to this is to get the system down and replace the root drive. Unfortunately that's not a option as it would cost a lot of time and money. Also, it would kill my cat, and that would make me sad.



I've thought of bringing him his usual friends from a donor.
I dare not try to scp them in, in case ssh tries to load it and cuts the line (the binary is gone anyway). This sounds like a job for my cat's cousin:



root@system:~# netcat -l 1234 > /tmp/less
-bash: netcat: command not found


Unfortunately he's long gone.



Now, I can sort of trick my cat to resurrect him:



cat > netcat < /dev/tcp/localhost/9999


And that sort of worked. He's almost alive:



root@system:/tmp# /tmp/netcat
-bash: /tmp/netcat: Permission denied


He just needs a tiny spark of life. That little +x magic incantation that I cannot recite at the moment.



Can you please help me bringing my cat's friends back?










share|improve this question













I realize the question title probably sounds weird, theoretical, or just plain stupid. There's a long backstory to this!



root@system:~# less myfile
-bash: /bin/less: Input/output error


The root filesystem is dead. But my cat is still alive (in my memory):



root@system:~# cat > /tmp/somefile
C^d
root@system:~#


He's kind of lonely though, all his friends are gone:



root@system:~# mount
-bash: /bin/mount: Input/output error
root@system:~# dmesg
-bash: /bin/dmesg: Input/output error
root@system:~# less
-bash: /bin/less: Input/output error
root@system:~# chmod
-bash: /bin/chmod: Input/output error


The system is still running, and fulfilling its purpose.
I know, I know, the only sane response to this is to get the system down and replace the root drive. Unfortunately that's not a option as it would cost a lot of time and money. Also, it would kill my cat, and that would make me sad.



I've thought of bringing him his usual friends from a donor.
I dare not try to scp them in, in case ssh tries to load it and cuts the line (the binary is gone anyway). This sounds like a job for my cat's cousin:



root@system:~# netcat -l 1234 > /tmp/less
-bash: netcat: command not found


Unfortunately he's long gone.



Now, I can sort of trick my cat to resurrect him:



cat > netcat < /dev/tcp/localhost/9999


And that sort of worked. He's almost alive:



root@system:/tmp# /tmp/netcat
-bash: /tmp/netcat: Permission denied


He just needs a tiny spark of life. That little +x magic incantation that I cannot recite at the moment.



Can you please help me bringing my cat's friends back?







bash filesystems cat root-filesystem system-recovery






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 3 hours ago









goncalopp

1,68211423




1,68211423











  • Can you run /lib/ld-linux.so.2 ./netcat (or your system's equivalent) and get something going?
    – Michael Homer
    2 hours ago










  • Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
    – Michael Homer
    2 hours ago

















  • Can you run /lib/ld-linux.so.2 ./netcat (or your system's equivalent) and get something going?
    – Michael Homer
    2 hours ago










  • Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
    – Michael Homer
    2 hours ago
















Can you run /lib/ld-linux.so.2 ./netcat (or your system's equivalent) and get something going?
– Michael Homer
2 hours ago




Can you run /lib/ld-linux.so.2 ./netcat (or your system's equivalent) and get something going?
– Michael Homer
2 hours ago












Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
– Michael Homer
2 hours ago





Also: what operating system is this? Do you have any vfat or NTFS filesystems mounted? Network filesystems? Partitions you can erase the contents of? Are there any accessible files with execute permission?
– Michael Homer
2 hours ago











1 Answer
1






active

oldest

votes

















up vote
1
down vote













There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.




  • You might be able to get the dynamic loader to run an executable for you. Assuming cat is dynamically-linked, your platform's equivalent of /lib/ld-linux.so.2 will likely also be in memory and thus usable to run a binary:



    # /lib64/ld-linux-x86-64.so.2 ./chmod
    chmod: missing operand


    You may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.




  • If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.



    # cat > /mnt/windows/chmod < /dev/tcp/localhost/9999


  • If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.


  • If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want - cat should be fine for this in the role people usually use dd for, and you can provide the image over the network.



    # cat > /dev/sdb1 < ...


    This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.




  • If there is any accessible file that has execute permission on any writable filesystem, you can cat > into it to replace the contents with a binary of your choosing.



    # cat > ~/test.py < ...


  • Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load ctypes.sh, which provides a foreign function interface to Bash, and then dlcall chmod ./netcat 511.


  • You could bring in a dynamic library file foo.so of your construction and then have cat load it on your behalf by way of LD_PRELOAD, allowing you to execute arbitrary code.



    # LD_PRELOAD=./hack.so cat /dev/null


    If you intercept, for example, open:



    int open(const char *path, int flags, ...) 
    chmod(path, 0755);
    return -1;



    then you can do whatever you need to do in there.



My suggestion would be to bring in a statically-linked busybox executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475353%2fchange-permisions-of-a-file-with-my-cats-help%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.




    • You might be able to get the dynamic loader to run an executable for you. Assuming cat is dynamically-linked, your platform's equivalent of /lib/ld-linux.so.2 will likely also be in memory and thus usable to run a binary:



      # /lib64/ld-linux-x86-64.so.2 ./chmod
      chmod: missing operand


      You may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.




    • If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.



      # cat > /mnt/windows/chmod < /dev/tcp/localhost/9999


    • If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.


    • If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want - cat should be fine for this in the role people usually use dd for, and you can provide the image over the network.



      # cat > /dev/sdb1 < ...


      This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.




    • If there is any accessible file that has execute permission on any writable filesystem, you can cat > into it to replace the contents with a binary of your choosing.



      # cat > ~/test.py < ...


    • Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load ctypes.sh, which provides a foreign function interface to Bash, and then dlcall chmod ./netcat 511.


    • You could bring in a dynamic library file foo.so of your construction and then have cat load it on your behalf by way of LD_PRELOAD, allowing you to execute arbitrary code.



      # LD_PRELOAD=./hack.so cat /dev/null


      If you intercept, for example, open:



      int open(const char *path, int flags, ...) 
      chmod(path, 0755);
      return -1;



      then you can do whatever you need to do in there.



    My suggestion would be to bring in a statically-linked busybox executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.






    share|improve this answer
























      up vote
      1
      down vote













      There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.




      • You might be able to get the dynamic loader to run an executable for you. Assuming cat is dynamically-linked, your platform's equivalent of /lib/ld-linux.so.2 will likely also be in memory and thus usable to run a binary:



        # /lib64/ld-linux-x86-64.so.2 ./chmod
        chmod: missing operand


        You may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.




      • If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.



        # cat > /mnt/windows/chmod < /dev/tcp/localhost/9999


      • If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.


      • If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want - cat should be fine for this in the role people usually use dd for, and you can provide the image over the network.



        # cat > /dev/sdb1 < ...


        This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.




      • If there is any accessible file that has execute permission on any writable filesystem, you can cat > into it to replace the contents with a binary of your choosing.



        # cat > ~/test.py < ...


      • Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load ctypes.sh, which provides a foreign function interface to Bash, and then dlcall chmod ./netcat 511.


      • You could bring in a dynamic library file foo.so of your construction and then have cat load it on your behalf by way of LD_PRELOAD, allowing you to execute arbitrary code.



        # LD_PRELOAD=./hack.so cat /dev/null


        If you intercept, for example, open:



        int open(const char *path, int flags, ...) 
        chmod(path, 0755);
        return -1;



        then you can do whatever you need to do in there.



      My suggestion would be to bring in a statically-linked busybox executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.






      share|improve this answer






















        up vote
        1
        down vote










        up vote
        1
        down vote









        There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.




        • You might be able to get the dynamic loader to run an executable for you. Assuming cat is dynamically-linked, your platform's equivalent of /lib/ld-linux.so.2 will likely also be in memory and thus usable to run a binary:



          # /lib64/ld-linux-x86-64.so.2 ./chmod
          chmod: missing operand


          You may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.




        • If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.



          # cat > /mnt/windows/chmod < /dev/tcp/localhost/9999


        • If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.


        • If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want - cat should be fine for this in the role people usually use dd for, and you can provide the image over the network.



          # cat > /dev/sdb1 < ...


          This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.




        • If there is any accessible file that has execute permission on any writable filesystem, you can cat > into it to replace the contents with a binary of your choosing.



          # cat > ~/test.py < ...


        • Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load ctypes.sh, which provides a foreign function interface to Bash, and then dlcall chmod ./netcat 511.


        • You could bring in a dynamic library file foo.so of your construction and then have cat load it on your behalf by way of LD_PRELOAD, allowing you to execute arbitrary code.



          # LD_PRELOAD=./hack.so cat /dev/null


          If you intercept, for example, open:



          int open(const char *path, int flags, ...) 
          chmod(path, 0755);
          return -1;



          then you can do whatever you need to do in there.



        My suggestion would be to bring in a statically-linked busybox executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.






        share|improve this answer












        There are several possibilities, all depending on the exact parameters of your situation right now. I'm going to assume Linux in the following examples where applicable, but similar functionality exists on other platforms in most cases.




        • You might be able to get the dynamic loader to run an executable for you. Assuming cat is dynamically-linked, your platform's equivalent of /lib/ld-linux.so.2 will likely also be in memory and thus usable to run a binary:



          # /lib64/ld-linux-x86-64.so.2 ./chmod
          chmod: missing operand


          You may have multiple of these (32- and 64-bit are likely) and there may be multiple copies available, or symlinks that need resolving. One of those may work.




        • If you have a mounted vfat or NTFS filesystem, or another that treats all files as 777, you can create your executable on there.



          # cat > /mnt/windows/chmod < /dev/tcp/localhost/9999


        • If you have a mounted network filesystem, even if it's not locally writable, you can create files on the remote system and use those normally.


        • If there's a mounted partition you don't care about the contents of, on a drive that is still mostly working, you can replace the contents with a new image of the same filesystem type containing executables you want - cat should be fine for this in the role people usually use dd for, and you can provide the image over the network.



          # cat > /dev/sdb1 < ...


          This one is plausible, but has a lot of places not to work depending on what exactly is still in memory from that partition.




        • If there is any accessible file that has execute permission on any writable filesystem, you can cat > into it to replace the contents with a binary of your choosing.



          # cat > ~/test.py < ...


        • Since Bash is still running, you could dynamically load a Bash plugin into the process that exposes chmod. In particular, you could install and load ctypes.sh, which provides a foreign function interface to Bash, and then dlcall chmod ./netcat 511.


        • You could bring in a dynamic library file foo.so of your construction and then have cat load it on your behalf by way of LD_PRELOAD, allowing you to execute arbitrary code.



          # LD_PRELOAD=./hack.so cat /dev/null


          If you intercept, for example, open:



          int open(const char *path, int flags, ...) 
          chmod(path, 0755);
          return -1;



          then you can do whatever you need to do in there.



        My suggestion would be to bring in a statically-linked busybox executable as the first item (or really, only item) so that you've got the full range of commands available without reusing whatever hack got you to that point to exhaustion.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 1 hour ago









        Michael Homer

        43.3k6110150




        43.3k6110150



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475353%2fchange-permisions-of-a-file-with-my-cats-help%23new-answer', 'question_page');

            );

            Post as a guest













































































            Comments

            Popular posts from this blog

            What does second last employer means? [closed]

            Installing NextGIS Connect into QGIS 3?

            One-line joke