Повышение прав [задай вопрос - получи ответ]

0day

 

не порутало

 

uname -a

 

sh-3.1$ uname -a

Code:

Linux srv004 2.6.26-2-686-bigmem #1 SMP Thu Nov 25 01:59:22 UTC 2010 i686 GNU/Linux

sh-3.1$ ls -la /boot

Code:

total 15243
drwxr-xr-x  4 root root    1024 Jan 14  2011 .
drwxr-xr-x 18 root root    4096 Mar 18  2011 ..
-rw-r--r--  1 root root  721188 Feb 20  2010 System.map-2.6.18-6-686-bigmem
-rw-r--r--  1 root root  950427 Nov 25  2010 System.map-2.6.26-2-686-bigmem
-rw-r--r--  1 root root   70678 Feb 20  2010 config-2.6.18-6-686-bigmem
-rw-r--r--  1 root root   91775 Nov 25  2010 config-2.6.26-2-686-bigmem
drwxr-xr-x  2 root root    1024 May  5  2011 grub
-rw-r--r--  1 root root 4546640 Mar  4  2010 initrd.img-2.6.18-6-686-bigmem
-rw-r--r--  1 root root 6226585 Jan 12  2011 initrd.img-2.6.26-2-686-bigmem
drwxr-xr-x  2 root root   12288 Sep 13  2006 lost+found
-rw-r--r--  1 root root   94356 Feb  3  2005 memtest86.bin
-rw-r--r--  1 root root 1261619 Feb 20  2010 vmlinuz-2.6.18-6-686-bigmem
-rw-r--r--  1 root root 1549744 Nov 25  2010 vmlinuz-2.6.26-2-686-bigmem

sh-3.1$ ls -la --full-time /lib/lib*

Code:

-rw-r--r-- 1 root root    5448 2010-01-21 21:05:48.000000000 +0300 /lib/libBroke
nLocale-2.3.6.so
lrwxrwxrwx 1 root root      24 2011-01-14 14:38:00.000000000 +0300 /lib/libBroke
nLocale.so.1 -> libBrokenLocale-2.3.6.so
-rw-r--r-- 1 root root   13652 2010-01-21 21:05:48.000000000 +0300 /lib/libSegFa
ult.so
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libacl.s
o.1 -> libacl.so.1.1.0
-rw-r--r-- 1 root root   22156 2006-07-21 03:40:44.000000000 +0400 /lib/libacl.s
o.1.1.0
-rw-r--r-- 1 root root    9868 2010-01-21 21:05:48.000000000 +0300 /lib/libanl-2
.3.6.so
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libanl.s
o.1 -> libanl-2.3.6.so
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:03.000000000 +0300 /lib/libatm.s
o.1 -> libatm.so.1.0.0
-rw-r--r-- 1 root root   34768 2005-03-19 05:26:50.000000000 +0300 /lib/libatm.s
o.1.0.0
lrwxrwxrwx 1 root root      16 2011-01-14 14:38:00.000000000 +0300 /lib/libattr.
so.1 -> libattr.so.1.1.0
-rw-r--r-- 1 root root   12840 2006-03-28 09:25:06.000000000 +0400 /lib/libattr.
so.1.1.0
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libblkid
.so.1 -> libblkid.so.1.0
-rw-r--r-- 1 root root   32248 2007-12-06 22:57:51.000000000 +0300 /lib/libblkid
.so.1.0
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libbz2.s
o.1 -> libbz2.so.1.0.3
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libbz2.s
o.1.0 -> libbz2.so.1.0.3
-rw-r--r-- 1 root root   66200 2006-08-25 21:20:30.000000000 +0400 /lib/libbz2.s
o.1.0.3
-rwxr-xr-x 1 root root 1147548 2010-01-21 21:05:47.000000000 +0300 /lib/libc-2.3
.6.so
lrwxrwxrwx 1 root root      13 2011-01-14 14:38:00.000000000 +0300 /lib/libc.so.
6 -> libc-2.3.6.so
lrwxrwxrwx 1 root root      14 2011-01-14 14:38:00.000000000 +0300 /lib/libcap.s
o.1 -> libcap.so.1.10
-rw-r--r-- 1 root root   11024 2004-04-14 02:10:45.000000000 +0400 /lib/libcap.s
o.1.10
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:03.000000000 +0300 /lib/libcfont
.so.0 -> libcfont.so.0.0.0
-rw-r--r-- 1 root root   10644 2006-09-05 20:26:20.000000000 +0400 /lib/libcfont
.so.0.0.0
-rw-r--r-- 1 root root  181684 2010-01-21 21:05:48.000000000 +0300 /lib/libcidn-
2.3.6.so
lrwxrwxrwx 1 root root      16 2011-01-14 14:38:03.000000000 +0300 /lib/libcidn.
so.1 -> libcidn-2.3.6.so
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:00.000000000 +0300 /lib/libcom_e
rr.so.2 -> libcom_err.so.2.1
-rw-r--r-- 1 root root    5820 2007-12-06 22:57:50.000000000 +0300 /lib/libcom_e
rr.so.2.1
lrwxrwxrwx 1 root root      19 2011-01-14 14:38:03.000000000 +0300 /lib/libconso
le.so.0 -> libconsole.so.0.0.0
-rw-r--r-- 1 root root   73540 2006-09-05 20:26:20.000000000 +0400 /lib/libconso
le.so.0.0.0
-rw-r--r-- 1 root root   21868 2010-01-21 21:05:48.000000000 +0300 /lib/libcrypt
-2.3.6.so
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:00.000000000 +0300 /lib/libcrypt
.so.1 -> libcrypt-2.3.6.so
lrwxrwxrwx 1 root root      19 2011-01-14 14:38:03.000000000 +0300 /lib/libctuti
ls.so.0 -> libctutils.so.0.0.0
-rw-r--r-- 1 root root   18380 2006-09-05 20:26:20.000000000 +0400 /lib/libctuti
ls.so.0.0.0
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libdb.so
.2 -> libdb1-2.2.5.so
-rw-r--r-- 1 root root  260828 2004-06-10 19:27:14.000000000 +0400 /lib/libdb.so
.3
-rw-r--r-- 1 root root   55052 2006-02-15 01:06:32.000000000 +0300 /lib/libdb1-2
.2.5.so
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libdb1.s
o.2 -> libdb1-2.2.5.so
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:03.000000000 +0300 /lib/libdb2.s
o.2 -> libdb2.so.2.7.7
-rw-r--r-- 1 root root  291624 2004-06-10 19:27:14.000000000 +0400 /lib/libdb2.s
o.2.7.7
-rw-r--r-- 1 root root   31044 2006-10-14 01:42:44.000000000 +0400 /lib/libdevma
pper.so.1.01
-rw-r--r-- 1 root root   65332 2006-08-09 02:39:02.000000000 +0400 /lib/libdevma
pper.so.1.02
-rw-r--r-- 1 root root    9592 2010-01-21 21:05:47.000000000 +0300 /lib/libdl-2.
3.6.so
lrwxrwxrwx 1 root root      14 2011-01-14 14:38:00.000000000 +0300 /lib/libdl.so
.2 -> libdl-2.3.6.so
lrwxrwxrwx 1 root root      14 2011-01-14 14:38:03.000000000 +0300 /lib/libdm.so
.0 -> libdm.so.0.0.4
-rw-r--r-- 1 root root   23408 2006-03-22 02:18:05.000000000 +0300 /lib/libdm.so
.0.0.4
lrwxrwxrwx 1 root root      13 2011-01-14 14:38:00.000000000 +0300 /lib/libe2p.s
o.2 -> libe2p.so.2.3
-rw-r--r-- 1 root root   19132 2007-12-06 22:57:51.000000000 +0300 /lib/libe2p.s
o.2.3
lrwxrwxrwx 1 root root      16 2011-01-14 14:38:00.000000000 +0300 /lib/libext2f
s.so.2 -> libext2fs.so.2.4
-rw-r--r-- 1 root root  102892 2007-12-06 22:57:51.000000000 +0300 /lib/libext2f
s.so.2.4
-rw-r--r-- 1 root root   41096 2006-12-10 17:45:12.000000000 +0300 /lib/libgcc_s
.so.1
lrwxrwxrwx 1 root root      18 2011-01-14 14:38:03.000000000 +0300 /lib/libhandl
e.so.1 -> libhandle.so.1.0.3
-rw-r--r-- 1 root root    7012 2006-08-21 09:24:33.000000000 +0400 /lib/libhandl
e.so.1.0.3
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:03.000000000 +0300 /lib/libhisto
ry.so.4 -> libhistory.so.4.3
-rw-r--r-- 1 root root   23872 2004-06-13 23:02:12.000000000 +0400 /lib/libhisto
ry.so.4.3
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:00.000000000 +0300 /lib/libhisto
ry.so.5 -> libhistory.so.5.2
-rw-r--r-- 1 root root   26444 2006-12-19 18:51:33.000000000 +0300 /lib/libhisto
ry.so.5.2
-rw-r--r-- 1 root root  141040 2010-01-21 21:05:47.000000000 +0300 /lib/libm-2.3
.6.so
lrwxrwxrwx 1 root root      13 2011-01-14 14:38:00.000000000 +0300 /lib/libm.so.
6 -> libm-2.3.6.so
-rw-r--r-- 1 root root   13644 2010-01-21 21:05:48.000000000 +0300 /lib/libmemus
age.so
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:00.000000000 +0300 /lib/libncurs
es.so.5 -> libncurses.so.5.5
-rw-r--r-- 1 root root  263040 2006-10-19 15:02:31.000000000 +0400 /lib/libncurs
es.so.5.5
lrwxrwxrwx 1 root root      18 2011-01-14 14:38:03.000000000 +0300 /lib/libncurs
esw.so.5 -> libncursesw.so.5.5
-rw-r--r-- 1 root root  308288 2006-10-19 15:02:32.000000000 +0400 /lib/libncurs
esw.so.5.5
-rw-r--r-- 1 root root   72452 2010-01-21 21:05:48.000000000 +0300 /lib/libnsl-2
.3.6.so
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libnsl.s
o.1 -> libnsl-2.3.6.so
-rw-r--r-- 1 root root   26332 2010-01-21 21:05:47.000000000 +0300 /lib/libnss_c
ompat-2.3.6.so
lrwxrwxrwx 1 root root      22 2011-01-14 14:38:00.000000000 +0300 /lib/libnss_c
ompat.so.2 -> libnss_compat-2.3.6.so
-rw-r--r-- 1 root root   17840 2010-01-21 21:05:47.000000000 +0300 /lib/libnss_d
ns-2.3.6.so
lrwxrwxrwx 1 root root      19 2011-01-14 14:38:00.000000000 +0300 /lib/libnss_d
ns.so.2 -> libnss_dns-2.3.6.so
-rw-r--r-- 1 root root   34276 2010-01-21 21:05:48.000000000 +0300 /lib/libnss_f
iles-2.3.6.so
lrwxrwxrwx 1 root root      21 2011-01-14 14:38:00.000000000 +0300 /lib/libnss_f
iles.so.2 -> libnss_files-2.3.6.so
-rw-r--r-- 1 root root   17856 2010-01-21 21:05:48.000000000 +0300 /lib/libnss_h
esiod-2.3.6.so
lrwxrwxrwx 1 root root      22 2011-01-14 14:38:00.000000000 +0300 /lib/libnss_h
esiod.so.2 -> libnss_hesiod-2.3.6.so
lrwxrwxrwx 1 root root      21 2011-01-14 14:38:03.000000000 +0300 /lib/libnss_l
wres.so -> libnss_lwres.so.2.0.0
lrwxrwxrwx 1 root root      21 2011-01-14 14:38:03.000000000 +0300 /lib/libnss_l
wres.so.2 -> libnss_lwres.so.2.0.0
-rw-r--r-- 1 root root    4144 2006-02-19 23:26:01.000000000 +0300 /lib/libnss_l
wres.so.2.0.0
-rw-r--r-- 1 root root   34320 2010-01-21 21:05:48.000000000 +0300 /lib/libnss_n
is-2.3.6.so
lrwxrwxrwx 1 root root      19 2011-01-14 14:38:00.000000000 +0300 /lib/libnss_n
is.so.2 -> libnss_nis-2.3.6.so
-rw-r--r-- 1 root root   38340 2010-01-21 21:05:48.000000000 +0300 /lib/libnss_n
isplus-2.3.6.so
lrwxrwxrwx 1 root root      23 2011-01-14 14:38:00.000000000 +0300 /lib/libnss_n
isplus.so.2 -> libnss_nisplus-2.3.6.so
lrwxrwxrwx 1 root root      14 2011-01-14 14:38:00.000000000 +0300 /lib/libpam.s
o.0 -> libpam.so.0.79
-rw-r--r-- 1 root root   29700 2009-03-18 02:58:08.000000000 +0300 /lib/libpam.s
o.0.79
lrwxrwxrwx 1 root root      19 2011-01-14 14:38:00.000000000 +0300 /lib/libpam_m
isc.so.0 -> libpam_misc.so.0.79
-rw-r--r-- 1 root root    8264 2009-03-18 02:58:08.000000000 +0300 /lib/libpam_m
isc.so.0.79
lrwxrwxrwx 1 root root      15 2011-01-14 14:38:00.000000000 +0300 /lib/libpamc.
so.0 -> libpamc.so.0.79
-rw-r--r-- 1 root root    9660 2009-03-18 02:58:08.000000000 +0300 /lib/libpamc.
so.0.79
-rw-r--r-- 1 root root    5400 2010-01-21 21:05:48.000000000 +0300 /lib/libpcpro
file.so
lrwxrwxrwx 1 root root      16 2011-01-14 14:38:00.000000000 +0300 /lib/libpopt.
so.0 -> libpopt.so.0.0.0
-rw-r--r-- 1 root root   26444 2006-08-08 04:47:49.000000000 +0400 /lib/libpopt.
so.0.0.0
-rw-r--r-- 1 root root   48256 2006-09-13 05:54:01.000000000 +0400 /lib/libproc-
3.2.7.so
-rw-r--r-- 1 root root   81701 2010-01-21 21:05:51.000000000 +0300 /lib/libpthre
ad-0.10.so
lrwxrwxrwx 1 root root      18 2011-01-14 14:38:00.000000000 +0300 /lib/libpthre
ad.so.0 -> libpthread-0.10.so
lrwxrwxrwx 1 root root      18 2011-01-14 14:38:03.000000000 +0300 /lib/libreadl
ine.so.4 -> libreadline.so.4.3
-rw-r--r-- 1 root root  172592 2004-06-13 23:02:12.000000000 +0400 /lib/libreadl
ine.so.4.3
lrwxrwxrwx 1 root root      18 2011-01-14 14:38:00.000000000 +0300 /lib/libreadl
ine.so.5 -> libreadline.so.5.2
-rw-r--r-- 1 root root  188760 2006-12-19 18:51:33.000000000 +0300 /lib/libreadl
ine.so.5.2
-rw-r--r-- 1 root root   59172 2010-01-21 21:05:48.000000000 +0300 /lib/libresol
v-2.3.6.so
lrwxrwxrwx 1 root root      18 2011-01-14 14:38:00.000000000 +0300 /lib/libresol
v.so.2 -> libresolv-2.3.6.so
-rw-r--r-- 1 root root   30616 2010-01-21 21:05:48.000000000 +0300 /lib/librt-2.
3.6.so
lrwxrwxrwx 1 root root      14 2011-01-14 14:38:00.000000000 +0300 /lib/librt.so
.1 -> librt-2.3.6.so
-rw-r--r-- 1 root root   79368 2006-11-05 22:27:33.000000000 +0300 /lib/libselin
ux.so.1
-rw-r--r-- 1 root root  219824 2006-11-15 11:59:54.000000000 +0300 /lib/libsepol
.so.1
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:03.000000000 +0300 /lib/libslang
.so.1 -> libslang.so.1.4.9
lrwxrwxrwx 1 root root      22 2011-01-14 14:38:03.000000000 +0300 /lib/libslang
.so.1-UTF8 -> libslang.so.1-UTF8.4.9
-rw-r--r-- 1 root root  374952 2004-09-21 23:57:44.000000000 +0400 /lib/libslang
.so.1-UTF8.4.9
-rw-r--r-- 1 root root  374920 2004-09-21 23:57:44.000000000 +0400 /lib/libslang
.so.1.4.9
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:03.000000000 +0300 /lib/libslang
.so.2 -> libslang.so.2.0.6
-rw-r--r-- 1 root root  644012 2006-10-18 23:50:19.000000000 +0400 /lib/libslang
.so.2.0.6
lrwxrwxrwx 1 root root      12 2011-01-14 14:38:00.000000000 +0300 /lib/libss.so
.2 -> libss.so.2.0
-rw-r--r-- 1 root root   18520 2007-12-06 22:57:50.000000000 +0300 /lib/libss.so
.2.0
lrwxrwxrwx 1 root root      17 2011-01-14 14:38:03.000000000 +0300 /lib/libsysfs
.so.2 -> libsysfs.so.2.0.1
-rw-r--r-- 1 root root   37496 2006-10-29 20:23:07.000000000 +0300 /lib/libsysfs
.so.2.0.1
-rw-r--r-- 1 root root   17860 2010-01-21 21:05:48.000000000 +0300 /lib/libthrea
d_db-1.0.so
lrwxrwxrwx 1 root root      19 2011-01-14 14:38:00.000000000 +0300 /lib/libthrea
d_db.so.1 -> libthread_db-1.0.so
lrwxrwxrwx 1 root root      19 2011-01-14 14:38:03.000000000 +0300 /lib/libusb-0
.1.so.4 -> libusb-0.1.so.4.4.4
-rw-r--r-- 1 root root   28740 2007-02-13 04:05:37.000000000 +0300 /lib/libusb-0
.1.so.4.4.4
-rw-r--r-- 1 root root    9656 2010-01-21 21:05:48.000000000 +0300 /lib/libutil-
2.3.6.so
lrwxrwxrwx 1 root root      16 2011-01-14 14:38:00.000000000 +0300 /lib/libutil.
so.1 -> libutil-2.3.6.so
lrwxrwxrwx 1 root root      14 2011-01-14 14:38:00.000000000 +0300 /lib/libuuid.
so.1 -> libuuid.so.1.2
-rw-r--r-- 1 root root    9128 2007-12-06 22:57:50.000000000 +0300 /lib/libuuid.
so.1.2
lrwxrwxrwx 1 root root      22 2011-01-14 14:38:03.000000000 +0300 /lib/libvolum
e_id.so.0 -> libvolume_id.so.0.75.0
-rw-r--r-- 1 root root   23264 2009-04-16 01:46:50.000000000 +0400 /lib/libvolum
e_id.so.0.75.0
lrwxrwxrwx 1 root root      16 2011-01-14 14:38:03.000000000 +0300 /lib/libwrap.
so.0 -> libwrap.so.0.7.6
-rw-r--r-- 1 root root   27596 2007-02-25 23:06:02.000000000 +0300 /lib/libwrap.
so.0.7.6

sh-3.1$ mount

Code:

/dev/sda2 on / type ext3 (rw,noatime,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755,size=16m)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
procbususb on /proc/bus/usb type usbfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,size=16m)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw,noatime)
/dev/sda6 on /home type ext3 (rw,nosuid,nodev,noatime,usrquota)
/dev/sda5 on /var type ext3 (rw,noatime)

sh-3.1$ df -h

Code:

sh: /bin/df: Permission denied

sh-3.1$ cat /etc/issue

Code:

Debian GNU/Linux 4.0 \n \l

sh-3.1$ cat /etc/crontab

Code:

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --repor
t /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --repor
t /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --repor
t /etc/cron.monthly )
#

sh-3.1$ cat /proc/version

Code:

cat: /proc/version: Permission denied

sh-3.1$ cat /proc/sys/vm/mmap_min_addr

Code:

4096

sh-3.1$ ls -la /usr/bin/staprun

Code:

ls: /usr/bin/staprun: No such file or directory

Glibc:

Code:

ln /bin/ping /tmp/exploit/target
ln: creating hard link `/tmp/exploit/target' to `/bin/ping': Invalid cross-device link

 

попробуй pipe

 

Под ядро нет ничего, ищи сторонние процессы, скрипты.

_Spamer_, у тебя же

Code:

-rw-r--r-- 1 root root 5400 [B]2010-01-21[/B] 21:05:48.000000000 +0300 /lib/libpcprofile.so
-rw-r--r-- 1 root root   13644 [B]2010-01-21[/B] 21:05:48.000000000 +0300 /lib/libmemusage.so

Попробуй их.

 

uname -a:
Linux cnitws 2.6.26-2-686 #1 SMP Mon Aug 30 07:01:57 UTC 2010 i686 GNU/Linux
ls -la /boot:
total 10100 drwxr-xr-x 4 root root 1024 Sep 24 02:21 . drwxr-xr-x 21 root root 1024 Feb 28 2011 .. -rw-r--r-- 1 root root 928806 Aug 30 2010 System.map-2.6.26-2-686 -rw-r--r-- 1 root root 91746 Aug 30 2010 config-2.6.26-2-686 drwxr-xr-x 2 root root 1024 Sep 22 2010 grub -rw-r--r-- 1 root root 7750947 Sep 24 02:21 initrd.img-2.6.26-2-686 drwxr-xr-x 2 root root 12288 Sep 22 2010 lost+found -rw-r--r-- 1 root root 1507408 Aug 30 2010 vmlinuz-2.6.26-2-686
mount:
/dev/mapper/cnitws-root on / type ext3 (rw,errors=remount-ro) tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) udev on /dev type tmpfs (rw,mode=0755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) /dev/sda1 on /boot type ext2 (rw) /dev/mapper/cnitws-home on /home type ext3 (rw) /dev/mapper/cnitws-tmp on /tmp type ext3 (rw) /dev/mapper/cnitws-usr on /usr type ext3 (rw) /dev/mapper/cnitws-var on /var type ext3 (rw) /dev/sdb1 on /mnt/storage1 type ext3 (rw)
df -h
Filesystem Size Used Avail Use% Mounted on /dev/mapper/cnitws-root 322M 84M 222M 28% / tmpfs 1014M 0 1014M 0% /lib/init/rw udev 10M 604K 9.5M 6% /dev tmpfs 1014M 0 1014M 0% /dev/shm /dev/sda1 228M 11M 206M 5% /boot /dev/mapper/cnitws-home 8.2G 147M 7.7G 2% /home /dev/mapper/cnitws-tmp 368M 11M 339M 3% /tmp /dev/mapper/cnitws-usr 4.6G 642M 3.8G 15% /usr /dev/mapper/cnitws-var 2.8G 1.6G 1.2G 58% /var /dev/sdb1 99G 12G 82G 13% /mnt/storage1
cat /etc/issue
Debian GNU/Linux 6.0 \n \l
cat /proc/version
Linux version 2.6.26-2-686 (Debian 2.6.26-25) ([email protected]) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Mon Aug 30 07:01:57 UTC 2010
mmap_min_addr
4096
whoami
www-data


Испытал два сплойта - цель не достигнута:
(1)
Ac1dB1tCh3z VS Linux kernel 2.6 kernel 0d4y $$$ Kallsyms +r $$$ K3rn3l r3l3as3: 2.6.26-2-686 ??? Trying the F0PPPPPPPPPPPPPPPPpppppppppp_____ m3th34d !!! N0t a RH3l k3rn3l !!! u4bl3 t0 f1nd t4rg3t!? W3'll s33 ab0ut th4t! 255

(2)

[*] Resolving kernel addresses... [+] Resolved econet_ioctl to 0xf8a0f206 [+] Resolved econet_ops to 0xf8a0ffe0 [*] Failed to resolve kernel symbols. 255

 

ls -la /lib/lib*

и вообще первый пост для кого сделан?

 

uname -a

ls -la /boot

ls -la --full-time /lib/lib*

mount

df -h

cat /etc/issue

cat /etc/crontab

cat /proc/version

cat /proc/sys/vm/mmap_min_addr

pwd

sh-3.2$ ls -la /usr/bin/staprun

 

AppS, вот этот пост

 

uname -a

ls -la /boot

mount

cat /etc/issue

cat /etc/crontab

cat /proc/version

cat /proc/sys/vm/mmap_min_addr

pwd

ls -la /usr/bin/staprun

 

Code:

-rw-r--r-- 1 root root 5500 Jan 24 2011 /lib/libBrokenLocale-2.11.2.so lrwxrwxrwx 1 root root 25 Mar 4 2011 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.11.2.so -rw-r--r-- 1 root root 13748 Jan 24 2011 /lib/libSegFault.so lrwxrwxrwx 1 root root 15 Sep 24 02:19 /lib/libacl.so.1 -> libacl.so.1.1.0 -rw-r--r-- 1 root root 26492 Sep 21 2010 /lib/libacl.so.1.1.0 -rw-r--r-- 1 root root 9864 Jan 24 2011 /lib/libanl-2.11.2.so lrwxrwxrwx 1 root root 16 Mar 4 2011 /lib/libanl.so.1 -> libanl-2.11.2.so lrwxrwxrwx 1 root root 16 Sep 24 02:19 /lib/libattr.so.1 -> libattr.so.1.1.0 -rw-r--r-- 1 root root 14888 Jun 8 2010 /lib/libattr.so.1.1.0 lrwxrwxrwx 1 root root 17 Sep 24 02:18 /lib/libblkid.so.1 -> libblkid.so.1.1.0 -rw-r--r-- 1 root root 110452 Jan 25 2011 /lib/libblkid.so.1.1.0 lrwxrwxrwx 1 root root 15 Sep 24 02:19 /lib/libbz2.so.1 -> libbz2.so.1.0.4 lrwxrwxrwx 1 root root 15 Sep 24 02:19 /lib/libbz2.so.1.0 -> libbz2.so.1.0.4 -rw-r--r-- 1 root root 70428 Sep 21 2010 /lib/libbz2.so.1.0.4 -rwxr-xr-x 1 root root 1319176 Jan 24 2011 /lib/libc-2.11.2.so lrwxrwxrwx 1 root root 14 Mar 4 2011 /lib/libc.so.6 -> libc-2.11.2.so lrwxrwxrwx 1 root root 14 Sep 24 02:19 /lib/libcap.so.2 -> libcap.so.2.19 -rw-r--r-- 1 root root 13456 Aug 17 2010 /lib/libcap.so.2.19 lrwxrwxrwx 1 root root 17 Sep 24 02:18 /lib/libcfont.so.0 -> libcfont.so.0.0.0 -rw-r--r-- 1 root root 10788 Dec 17 2010 /lib/libcfont.so.0.0.0 -rw-r--r-- 1 root root 181780 Jan 24 2011 /lib/libcidn-2.11.2.so lrwxrwxrwx 1 root root 17 Mar 4 2011 /lib/libcidn.so.1 -> libcidn-2.11.2.so lrwxrwxrwx 1 root root 17 Sep 24 02:19 /lib/libcom_err.so.2 -> libcom_err.so.2.1 -rw-r--r-- 1 root root 9148 Jun 18 2011 /lib/libcom_err.so.2.1 lrwxrwxrwx 1 root root 19 Sep 24 02:18 /lib/libconsole.so.0 -> libconsole.so.0.0.0 -rw-r--r-- 1 root root 73420 Dec 17 2010 /lib/libconsole.so.0.0.0 -rw-r--r-- 1 root root 38360 Jan 24 2011 /lib/libcrypt-2.11.2.so lrwxrwxrwx 1 root root 18 Mar 4 2011 /lib/libcrypt.so.1 -> libcrypt-2.11.2.so lrwxrwxrwx 1 root root 19 Sep 24 02:18 /lib/libctutils.so.0 -> libctutils.so.0.0.0 -rw-r--r-- 1 root root 17328 Dec 17 2010 /lib/libctutils.so.0.0.0 -rw-r--r-- 1 root root 93052 Oct 1 2008 /lib/libdevmapper.so.1.02.1 -rw-r--r-- 1 root root 9736 Jan 24 2011 /lib/libdl-2.11.2.so lrwxrwxrwx 1 root root 15 Mar 4 2011 /lib/libdl.so.2 -> libdl-2.11.2.so lrwxrwxrwx 1 root root 13 Sep 24 02:19 /lib/libe2p.so.2 -> libe2p.so.2.3 -rw-r--r-- 1 root root 22972 Jun 18 2011 /lib/libe2p.so.2.3 lrwxrwxrwx 1 root root 16 Sep 24 02:19 /lib/libext2fs.so.2 -> libext2fs.so.2.4 -rw-r--r-- 1 root root 172088 Jun 18 2011 /lib/libext2fs.so.2.4 -rw-r--r-- 1 root root 116600 Nov 14 2010 /lib/libgcc_s.so.1 lrwxrwxrwx 1 root root 23 Sep 24 02:19 /lib/libglib-2.0.so.0 -> libglib-2.0.so.0.2400.2 -rw-r--r-- 1 root root 822344 Sep 11 2010 /lib/libglib-2.0.so.0.2400.2 lrwxrwxrwx 1 root root 17 Sep 24 02:19 /lib/libhistory.so.5 -> libhistory.so.5.2 -rw-r--r-- 1 root root 28616 Nov 2 2009 /lib/libhistory.so.5.2 lrwxrwxrwx 1 root root 18 Sep 24 02:19 /lib/libkeyutils.so.1 -> libkeyutils.so.1.3 -rw-r--r-- 1 root root 6560 Mar 27 2010 /lib/libkeyutils.so.1.3 -rw-r--r-- 1 root root 149392 Jan 24 2011 /lib/libm-2.11.2.so lrwxrwxrwx 1 root root 14 Mar 4 2011 /lib/libm.so.6 -> libm-2.11.2.so -rw-r--r-- 1 root root 13804 Jan 24 2011 /lib/libmemusage.so lrwxrwxrwx 1 root root 17 Sep 24 02:18 /lib/libncurses.so.5 -> libncurses.so.5.7 -rw-r--r-- 1 root root 231576 Jan 4 2011 /lib/libncurses.so.5.7 lrwxrwxrwx 1 root root 18 Sep 24 02:19 /lib/libncursesw.so.5 -> libncursesw.so.5.7 -rw-r--r-- 1 root root 282648 Jan 4 2011 /lib/libncursesw.so.5.7 -rw-r--r-- 1 root root 79676 Jan 24 2011 /lib/libnsl-2.11.2.so lrwxrwxrwx 1 root root 16 Mar 4 2011 /lib/libnsl.so.1 -> libnsl-2.11.2.so -rw-r--r-- 1 root root 30496 Jan 24 2011 /lib/libnss_compat-2.11.2.so lrwxrwxrwx 1 root root 23 Mar 4 2011 /lib/libnss_compat.so.2 -> libnss_compat-2.11.2.so -rw-r--r-- 1 root root 22036 Jan 24 2011 /lib/libnss_dns-2.11.2.so lrwxrwxrwx 1 root root 20 Mar 4 2011 /lib/libnss_dns.so.2 -> libnss_dns-2.11.2.so -rw-r--r-- 1 root root 42572 Jan 24 2011 /lib/libnss_files-2.11.2.so lrwxrwxrwx 1 root root 22 Mar 4 2011 /lib/libnss_files.so.2 -> libnss_files-2.11.2.so -rw-r--r-- 1 root root 17956 Jan 24 2011 /lib/libnss_hesiod-2.11.2.so lrwxrwxrwx 1 root root 23 Mar 4 2011 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.11.2.so -rw-r--r-- 1 root root 38504 Jan 24 2011 /lib/libnss_nis-2.11.2.so lrwxrwxrwx 1 root root 20 Mar 4 2011 /lib/libnss_nis.so.2 -> libnss_nis-2.11.2.so -rw-r--r-- 1 root root 46664 Jan 24 2011 /lib/libnss_nisplus-2.11.2.so lrwxrwxrwx 1 root root 24 Mar 4 2011 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.11.2.so lrwxrwxrwx 1 root root 16 Sep 24 02:17 /lib/libpam.so.0 -> libpam.so.0.82.2 -rw-r--r-- 1 root root 43360 Oct 19 2010 /lib/libpam.so.0.82.2 lrwxrwxrwx 1 root root 21 Sep 24 02:17 /lib/libpam_misc.so.0 -> libpam_misc.so.0.82.0 -rw-r--r-- 1 root root 8436 Oct 19 2010 /lib/libpam_misc.so.0.82.0 lrwxrwxrwx 1 root root 17 Sep 24 02:17 /lib/libpamc.so.0 -> libpamc.so.0.82.1 -rw-r--r-- 1 root root 9280 Oct 19 2010 /lib/libpamc.so.0.82.1 -rw-r--r-- 1 root root 5496 Jan 24 2011 /lib/libpcprofile.so lrwxrwxrwx 1 root root 17 Mar 4 2011 /lib/libpcre.so.3 -> libpcre.so.3.12.1 -rw-r--r-- 1 root root 205716 Aug 6 2010 /lib/libpcre.so.3.12.1 lrwxrwxrwx 1 root root 18 Sep 24 02:19 /lib/libpng12.so.0 -> libpng12.so.0.44.0 -rw-r--r-- 1 root root 141804 Jul 25 18:21 /lib/libpng12.so.0.44.0 lrwxrwxrwx 1 root root 16 Sep 24 02:19 /lib/libpopt.so.0 -> libpopt.so.0.0.0 -rw-r--r-- 1 root root 40732 May 13 2010 /lib/libpopt.so.0.0.0 -rw-r--r-- 1 root root 57296 May 4 2010 /lib/libproc-3.2.8.so -rwxr-xr-x 1 root root 117105 Jan 24 2011 /lib/libpthread-2.11.2.so lrwxrwxrwx 1 root root 20 Mar 4 2011 /lib/libpthread.so.0 -> libpthread-2.11.2.so lrwxrwxrwx 1 root root 18 Sep 24 02:19 /lib/libreadline.so.5 -> libreadline.so.5.2 -rw-r--r-- 1 root root 205204 Nov 2 2009 /lib/libreadline.so.5.2 -rw-r--r-- 1 root root 71432 Jan 24 2011 /lib/libresolv-2.11.2.so lrwxrwxrwx 1 root root 19 Mar 4 2011 /lib/libresolv.so.2 -> libresolv-2.11.2.so -rw-r--r-- 1 root root 30684 Jan 24 2011 /lib/librt-2.11.2.so lrwxrwxrwx 1 root root 15 Mar 4 2011 /lib/librt.so.1 -> librt-2.11.2.so -rw-r--r-- 1 root root 104276 Jul 21 2010 /lib/libselinux.so.1 -rw-r--r-- 1 root root 215520 May 26 2010 /lib/libsepol.so.1 lrwxrwxrwx 1 root root 17 Sep 24 02:19 /lib/libslang.so.2 -> libslang.so.2.2.2 -rw-r--r-- 1 root root 800348 Mar 18 2010 /lib/libslang.so.2.2.2 lrwxrwxrwx 1 root root 12 Sep 24 02:19 /lib/libss.so.2 -> libss.so.2.0 -rw-r--r-- 1 root root 18696 Jun 18 2011 /lib/libss.so.2.0 -rw-r--r-- 1 root root 26348 Jan 24 2011 /lib/libthread_db-1.0.so lrwxrwxrwx 1 root root 19 Mar 4 2011 /lib/libthread_db.so.1 -> libthread_db-1.0.so lrwxrwxrwx 1 root root 13 Sep 24 02:18 /lib/libtic.so.5 -> libtic.so.5.7 -rw-r--r-- 1 root root 48540 Jan 4 2011 /lib/libtic.so.5.7 lrwxrwxrwx 1 root root 14 Sep 24 02:19 /lib/libticw.so.5 -> libticw.so.5.7 -rw-r--r-- 1 root root 48540 Jan 4 2011 /lib/libticw.so.5.7 lrwxrwxrwx 1 root root 19 Sep 24 02:19 /lib/libusb-0.1.so.4 -> libusb-0.1.so.4.4.4 -rw-r--r-- 1 root root 29228 Sep 1 2010 /lib/libusb-0.1.so.4.4.4 -rw-r--r-- 1 root root 9748 Jan 24 2011 /lib/libutil-2.11.2.so lrwxrwxrwx 1 root root 17 Mar 4 2011 /lib/libutil.so.1 -> libutil-2.11.2.so lrwxrwxrwx 1 root root 16 Sep 24 02:18 /lib/libuuid.so.1 -> libuuid.so.1.3.0 -rw-r--r-- 1 root root 13276 Jan 25 2011 /lib/libuuid.so.1.3.0 lrwxrwxrwx 1 root root 22 Sep 22 2010 /lib/libvolume_id.so.0 -> libvolume_id.so.0.85.0 -rw-r--r-- 1 root root 28156 Aug 26 2009 /lib/libvolume_id.so.0.85.0 lrwxrwxrwx 1 root root 16 Sep 24 02:19 /lib/libwrap.so.0 -> libwrap.so.0.7.6 -rw-r--r-- 1 root root 31360 May 23 2010 /lib/libwrap.so.0.7.6 lrwxrwxrwx 1 root root 19 Sep 22 2010 /lib/libxtables.so.0 -> libxtables.so.0.0.0 -rw-r--r-- 1 root root 18380 Feb 9 2009 /lib/libxtables.so.0.0.0

 

Osstudio
Linux ***** 2.6.18-194.el5
под эту красавицу врятли что найдёшь.....

 

Osstudio, попробуй Ac1db1tch3z
Anti-lamer, дому что врядли получится.

 

Какие сплойты еще можно попробовать?

 

http://www.exploit-db.com/exploits/15024/
этот?

 

uname -a

ls -la /boot

ls -la --full-time /lib/lib*

mount

df -h

cat /etc/issue

cat /etc/crontab

cat /proc/version

cat /proc/sys/vm/mmap_min_addr

pwd

Можно ли чем то пробить?

 

Anti-lamer, никакие.
Osstudio, да.
BLurpi^_^, нет.

 

Заметка маленькая: ничего не выдало, ибо система 64битная (x86_64 в выводе uname). Соответственно - ls -la --full-time /lib64/lib* надо.

 

У кого есть, скомпилированный этот сплоит, а то у меня что-то не выходит. Поделитесь, заранее спасибо
http://www.securitylab.ru/poc/extra/370448.php