hash
From Initq
[root@initq test]# hash hits command 2 /usr/bin/which 5 /usr/bin/gqview 5 /bin/umount 1 /bin/df 1 /sbin/fdisk 4 /usr/bin/mplayer 1 /usr/bin/rsync 4 /bin/chmod 42 /bin/rm 1 /usr/bin/ppmtocpva 10 /bin/cat 35 /bin/date 43 /bin/vim 1 /usr/bin/nmap 32 /usr/bin/wget 1 /bin/mount 9 /usr/sbin/urpmi 3 /bin/mv 1 /usr/bin/reset 1 /usr/bin/bc 6 /usr/bin/ssh 9 /bin/ping 2 /bin/mkdir 2 /usr/bin/namei 3 /usr/bin/man 3 /usr/bin/tr 2 /usr/sbin/ntpdate 1 /usr/bin/scp 236 /bin/ls 14 /usr/bin/gifsicle 1 /usr/bin/mesg 5 /usr/bin/urpmq 1 /usr/bin/tset 2 /usr/bin/clear
You can hack a machine by replacing the hash table. Youcan use the hash -P to replace all the commands and make a user run your commands, like this.
[root@initq test]# hash | grep logg 0 ./loggedin.sh 1 /bin/logger [root@initq test]# loggedin
