Повышение прав [задай вопрос - получи ответ]

Discussion in 'Уязвимости' started by Expl0ited, 1 Oct 2011.

  1. stepashka_

    stepashka_ Мотоциклист

    Joined:
    9 Nov 2009
    Messages:
    1,022
    Likes Received:
    423
    Reputations:
    234
    Linux srv45-h-st.jino.ru 2.6.18-164.15.1.el5 #1 SMP Wed Mar 17 11:30:06 EDT 2010 x86_64
    Есть что нибудь под это?
     
  2. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    560
    Likes Received:
    370
    Reputations:
    267
    Glibc
     
  3. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    jino врядли порутается.
     
    _________________________
    1 person likes this.
  4. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    638
    Likes Received:
    160
    Reputations:
    81
    Есть что под это? Пробовал энтертаймент, авторутер, Osstudio Box Sploits, не вышло.
     
    #124 Osstudio, 18 Dec 2011
    Last edited: 18 Dec 2011
  5. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    Если это свеб, то забей.
     
    _________________________
  6. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    Linux 3.0.4-nx #1 SMP Wed Sep 28 16:57:28 EDT 2011 i686
    Linux 2.6.18-238.9.1.el5PAE #1 SMP Tue Apr 12 18:52:55 EDT 2011 i686
    help
     
  7. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    Под эти ядра нет ничего.
     
    _________________________
  8. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    Linux 2.6.18-274.7.1.el5PAE #1 SMP Thu Oct 20 17:03:59 EDT 2011 i686 i686 i386 GNU/Linux
    Linux 2.6.32-46.1.BHsmp #1 SMP Tue Sep 6 12:18:02 MDT 2011 x86_64
    Linux infong 2.4 #1 SMP Thu Nov 25 01:59:22 UTC 2010 i686 GNU/Linux
    Linux 2.6.32.39-grsec-3.mosso5.1.x86_64 #1 SMP Mon May 16 20:37:28 CDT 2011 x86_64
    ??если нету подходящего c что ещё можно зделать, через демоны можно рутНуть
     
    #128 boortyhuhtyu, 21 Dec 2011
    Last edited: 21 Dec 2011
  9. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    ЧИТАЙ ПЕРВЫЙ ПОСТ!
     
    _________________________
  10. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    uname -a: Linux ****2.****.org 2.6.18-53.el5PAE #1 SMP Mon Nov 12 02:55:09 EST 2007 i686

    ls -la /boot
    total 22556
    drwxr-xr-x 4 root root 4096 Dec 2 02:03 .
    drwxr-xr-x 28 root root 4096 Dec 12 00:17 ..
    -rw-r--r-- 1 root root 168 Nov 29 21:07 .vmlinuz-2.6.18-274.12.1.el5debug.hmac
    -rw-r--r-- 1 root root 167 Sep 7 02:46 .vmlinuz-2.6.18-274.3.1.el5debug.hmac
    -rw-r--r-- 1 root root 167 Oct 20 22:54 .vmlinuz-2.6.18-274.7.1.el5debug.hmac
    -rw-r--r-- 1 root root 999840 Nov 29 21:07 System.map-2.6.18-274.12.1.el5debug
    -rw-r--r-- 1 root root 998864 Sep 7 02:46 System.map-2.6.18-274.3.1.el5debug
    -rw-r--r-- 1 root root 999840 Oct 20 22:54 System.map-2.6.18-274.7.1.el5debug
    -rw-r--r-- 1 root root 901453 Nov 12 2007 System.map-2.6.18-53.el5PAE
    -rwxr--r-- 1 root root 6144 Jan 27 2009 aquota.user
    -rw-r--r-- 1 root root 70210 Nov 29 21:07 config-2.6.18-274.12.1.el5debug
    -rw-r--r-- 1 root root 70209 Sep 7 02:46 config-2.6.18-274.3.1.el5debug
    -rw-r--r-- 1 root root 70209 Oct 20 22:54 config-2.6.18-274.7.1.el5debug
    -rw-r--r-- 1 root root 64504 Nov 12 2007 config-2.6.18-53.el5PAE
    drwxr-xr-x 2 root root 1024 Dec 2 02:03 grub
    -rw------- 1 root root 2613026 Dec 2 02:03 initrd-2.6.18-274.12.1.el5debug.img
    -rw------- 1 root root 2610518 Sep 16 02:03 initrd-2.6.18-274.3.1.el5debug.img
    -rw------- 1 root root 2610545 Oct 28 02:03 initrd-2.6.18-274.7.1.el5debug.img
    -rw------- 1 root root 2371691 Jan 27 2009 initrd-2.6.18-53.el5PAE.img
    drwx------ 2 root root 12288 Jan 27 2009 lost+found
    -rw-r--r-- 1 root root 80032 Mar 12 2009 message
    -rwxr--r-- 1 root root 32 Jan 27 2009 quota.user
    -rw-r--r-- 1 root root 115408 Nov 29 21:07 symvers-2.6.18-274.12.1.el5debug.gz
    -rw-r--r-- 1 root root 115347 Sep 7 02:46 symvers-2.6.18-274.3.1.el5debug.gz
    -rw-r--r-- 1 root root 115408 Oct 20 22:55 symvers-2.6.18-274.7.1.el5debug.gz
    -rw-r--r-- 1 root root 87579 Nov 12 2007 symvers-2.6.18-53.el5PAE.gz
    -rw-r--r-- 1 root root 2083572 Nov 29 21:07 vmlinuz-2.6.18-274.12.1.el5debug
    -rw-r--r-- 1 root root 2083476 Sep 7 02:46 vmlinuz-2.6.18-274.3.1.el5debug
    -rw-r--r-- 1 root root 2083476 Oct 20 22:54 vmlinuz-2.6.18-274.7.1.el5debug
    -rw-r--r-- 1 root root 1788052 Nov 12 2007 vmlinuz-2.6.18-53.el5PAE

    ls -la --full-time /lib/lib*
    -rwxr-xr-x 1 root root 7664 2011-11-28 17:28:47.000000000 +0000 /lib/libBrokenLocale-2.5.so
    lrwxrwxrwx 1 root root 22 2011-11-30 02:03:45.000000000 +0000 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
    -rwxr-xr-x 1 root root 16704 2011-11-28 17:28:47.000000000 +0000 /lib/libSegFault.so
    lrwxrwxrwx 1 root root 15 2010-05-15 02:05:18.000000000 +0000 /lib/libacl.so.1 -> libacl.so.1.1.0
    -rwxr-xr-x 1 root root 25624 2010-01-26 22:57:13.000000000 +0000 /lib/libacl.so.1.1.0
    -rwxr-xr-x 1 root root 14128 2011-11-28 17:28:47.000000000 +0000 /lib/libanl-2.5.so
    lrwxrwxrwx 1 root root 13 2011-11-30 02:03:45.000000000 +0000 /lib/libanl.so.1 -> libanl-2.5.so
    lrwxrwxrwx 1 root root 18 2009-04-02 07:08:31.000000000 +0000 /lib/libasound.so.2 -> libasound.so.2.0.0
    -rwxr-xr-x 1 root root 908940 2009-01-21 03:47:23.000000000 +0000 /lib/libasound.so.2.0.0
    lrwxrwxrwx 1 root root 16 2009-01-27 10:23:42.000000000 +0000 /lib/libattr.so.1 -> libattr.so.1.1.0
    -rwxr-xr-x 1 root root 15780 2007-01-06 05:12:05.000000000 +0000 /lib/libattr.so.1.1.0
    lrwxrwxrwx 1 root root 17 2011-04-10 02:05:47.000000000 +0000 /lib/libaudit.so.0 -> libaudit.so.0.0.0
    -rwxr-xr-x 1 root root 97220 2011-03-06 01:22:55.000000000 +0000 /lib/libaudit.so.0.0.0
    lrwxrwxrwx 1 root root 19 2011-04-10 02:05:47.000000000 +0000 /lib/libauparse.so.0 -> libauparse.so.0.0.0
    -rwxr-xr-x 1 root root 56344 2011-03-06 01:22:55.000000000 +0000 /lib/libauparse.so.0.0.0
    lrwxrwxrwx 1 root root 15 2011-09-15 02:04:52.000000000 +0000 /lib/libblkid.so.1 -> libblkid.so.1.0
    -rwxr-xr-x 1 root root 38332 2011-07-22 05:04:15.000000000 +0000 /lib/libblkid.so.1.0
    -rwxr-xr-x 1 root root 1693812 2011-11-28 17:28:47.000000000 +0000 /lib/libc-2.5.so
    lrwxrwxrwx 1 root root 11 2011-11-30 02:03:46.000000000 +0000 /lib/libc.so.6 -> libc-2.5.so
    lrwxrwxrwx 1 root root 14 2009-01-27 10:24:07.000000000 +0000 /lib/libcap.so.1 -> libcap.so.1.10

    mount
    /dev/sda7 on / type ext3 (rw,usrquota)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    /dev/sda5 on /var type ext3 (rw,usrquota)
    /dev/sda3 on /usr type ext3 (rw,usrquota)
    /dev/sda2 on /home type ext3 (rw,usrquota)
    /dev/sda1 on /boot type ext3 (rw)
    /dev/sda8 on /tmp type ext3 (rw,noexec,nosuid,nodev)
    tmpfs on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
    /dev/sdb1 on /backup type ext3 (rw)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /tmp on /tmp type none (rw,noexec,nosuid,bind)

    df -h
    Filesystem Size Used Avail Use% Mounted on
    /dev/sda7 2.0G 1.1G 794M 58% /
    /dev/sda5 15G 8.7G 5.2G 63% /var
    /dev/sda3 20G 8.8G 9.7G 48% /usr
    /dev/sda2 410G 111G 278G 29% /home
    /dev/sda1 99M 28M 66M 30% /boot
    /dev/sda8 2.0G 415M 1.5G 23% /tmp
    tmpfs 4.0G 0 4.0G 0% /dev/shm
    /dev/sdb1 459G 176G 260G 41% /backup

    cat /etc/crontab
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/

    # run-parts
    01 * * * * root run-parts /etc/cron.hourly
    02 4 * * * root run-parts /etc/cron.daily
    22 4 * * 0 root run-parts /etc/cron.weekly
    42 4 * * 2 root run-parts /etc/cron.tuesday
    42 4 1 * * root run-parts /etc/cron.monthly
    */5 * * * * root /usr/local/sim/sim -q >> /dev/null 2>&1

    cat /proc/version
    Linux version 2.6.18-53.el5PAE (****@****.org) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Mon Nov 12 02:55:09 EST 2007
     
  11. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    http://downloads.securityfocus.com/vulnerabilities/exploits/36038-6.c
     
    _________________________
  12. Faaax

    Faaax Banned

    Joined:
    30 Aug 2010
    Messages:
    329
    Likes Received:
    46
    Reputations:
    11
    Code:
    $ uname -a
    Linux *** 2.6.27.38-170.2.113.fc10.x86_64 #1 SMP Wed Nov 4 17:32:02 EST 2009 x86_64 x86_64 x86_64 GNU/Linux

    Code:
    $ ls -la /boot
    total 38272
    drwxr-xr-x  5 root root    4096 Nov 29  2009 .
    drwxr-xr-x 25 root root    4096 Nov 16 13:02 ..
    -rw-r--r--  1 root root 1082508 Apr 25  2008 System.map-2.6.25-2.fc9.x86_64.xen
    -rw-r--r--  1 root root 1101507 May 29  2008 System.map-2.6.25.3-2.fc9.x86_64.xen
    -rw-r--r--  1 root root 1409005 Mar 24  2009 System.map-2.6.27.21-170.2.56.fc10.x86_64
    -rw-r--r--  1 root root 1410175 Oct 13  2009 System.map-2.6.27.37-170.2.104.fc10.x86_64
    -rw-r--r--  1 root root 1410175 Nov  4  2009 System.map-2.6.27.38-170.2.113.fc10.x86_64
    -rw-r--r--  1 root root   79757 Apr 25  2008 config-2.6.25-2.fc9.x86_64.xen
    -rw-r--r--  1 root root   80036 May 29  2008 config-2.6.25.3-2.fc9.x86_64.xen
    -rw-r--r--  1 root root   85102 Mar 24  2009 config-2.6.27.21-170.2.56.fc10.x86_64
    -rw-r--r--  1 root root   85233 Oct 13  2009 config-2.6.27.37-170.2.104.fc10.x86_64
    -rw-r--r--  1 root root   85233 Nov  4  2009 config-2.6.27.38-170.2.113.fc10.x86_64
    drwxr-xr-x  3 root root    1024 Nov 17  2008 efi
    drwxr-xr-x  2 root root    1024 Nov 29  2009 grub
    -rw-------  1 root root 3400684 Nov 17  2008 initrd-2.6.25-2.fc9.x86_64.xen.img
    -rw-------  1 root root 3408169 Nov 24  2008 initrd-2.6.25.3-2.fc9.x86_64.xen.img
    -rw-------  1 root root 3570734 May  5  2009 initrd-2.6.27.21-170.2.56.fc10.x86_64.img
    -rw-------  1 root root 3570778 Nov  4  2009 initrd-2.6.27.37-170.2.104.fc10.x86_64.img
    -rw-------  1 root root 3578909 Nov 29  2009 initrd-2.6.27.38-170.2.113.fc10.x86_64.img
    drwx------  2 root root   12288 Nov 17  2008 lost+found
    -rwxr-xr-x  1 root root 1933229 Apr 25  2008 vmlinuz-2.6.25-2.fc9.x86_64.xen
    -rwxr-xr-x  1 root root 1993569 May 29  2008 vmlinuz-2.6.25.3-2.fc9.x86_64.xen
    -rwxr-xr-x  1 root root 2642688 Mar 24  2009 vmlinuz-2.6.27.21-170.2.56.fc10.x86_64
    -rwxr-xr-x  1 root root 2645152 Oct 13  2009 vmlinuz-2.6.27.37-170.2.104.fc10.x86_64
    -rwxr-xr-x  1 root root 2645376 Nov  4  2009 vmlinuz-2.6.27.38-170.2.113.fc10.x86_64
    -rwxr-xr-x  1 root root  950536 Apr 25  2008 xen-syms-2.6.25-2.fc9.x86_64.xen
    -rwxr-xr-x  1 root root  950544 May 29  2008 xen-syms-2.6.25.3-2.fc9.x86_64.xen
    -rw-r--r--  1 root root  410430 Apr 25  2008 xen.gz-2.6.25-2.fc9.x86_64.xen
    -rw-r--r--  1 root root  410430 May 29  2008 xen.gz-2.6.25.3-2.fc9.x86_64.xen
    
    Code:
    $ ls -la --full-time /lib/lib*
    -rwxr-xr-x 1 root root    7448 2008-12-08 13:33:08.000000000 +0000 /lib/libBrokenLocale-2.9.so
    lrwxrwxrwx 1 root root      22 2008-12-29 02:40:38.000000000 +0000 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.9.so
    -rwxr-xr-x 1 root root   16504 2008-12-08 13:33:08.000000000 +0000 /lib/libSegFault.so
    -rwxr-xr-x 1 root root   18232 2008-12-08 13:33:08.000000000 +0000 /lib/libanl-2.9.so
    lrwxrwxrwx 1 root root      13 2008-12-29 02:40:38.000000000 +0000 /lib/libanl.so.1 -> libanl-2.9.so
    -rwxr-xr-x 1 root root 1809672 2008-12-08 13:33:07.000000000 +0000 /lib/libc-2.9.so
    lrwxrwxrwx 1 root root      11 2008-12-29 02:40:38.000000000 +0000 /lib/libc.so.6 -> libc-2.9.so
    -rwxr-xr-x 1 root root  191524 2008-12-08 13:33:08.000000000 +0000 /lib/libcidn-2.9.so
    lrwxrwxrwx 1 root root      14 2008-12-29 02:40:38.000000000 +0000 /lib/libcidn.so.1 -> libcidn-2.9.so
    -rwxr-xr-x 1 root root   47660 2008-12-08 13:33:08.000000000 +0000 /lib/libcrypt-2.9.so
    lrwxrwxrwx 1 root root      15 2008-12-29 02:40:38.000000000 +0000 /lib/libcrypt.so.1 -> libcrypt-2.9.so
    -rwxr-xr-x 1 root root   18568 2008-12-08 13:33:08.000000000 +0000 /lib/libdl-2.9.so
    lrwxrwxrwx 1 root root      12 2008-12-29 02:40:38.000000000 +0000 /lib/libdl.so.2 -> libdl-2.9.so
    -rwxr-xr-x 1 root root   53664 2008-11-05 12:14:01.000000000 +0000 /lib/libgcc_s-4.3.2-20081105.so.1
    lrwxrwxrwx 1 root root      28 2008-12-04 13:28:44.000000000 +0000 /lib/libgcc_s.so.1 -> libgcc_s-4.3.2-20081105.so.1
    -rwxr-xr-x 1 root root  208276 2008-12-08 13:33:08.000000000 +0000 /lib/libm-2.9.so
    lrwxrwxrwx 1 root root      11 2008-12-29 02:40:38.000000000 +0000 /lib/libm.so.6 -> libm-2.9.so
    -rwxr-xr-x 1 root root  255352 2009-04-07 19:47:14.000000000 +0000 /lib/libmultipath.so
    lrwxrwxrwx 1 root root      17 2008-12-04 13:29:06.000000000 +0000 /lib/libncurses.so.5 -> libncurses.so.5.6
    -rwxr-xr-x 1 root root  137708 2008-10-02 13:02:39.000000000 +0000 /lib/libncurses.so.5.6
    lrwxrwxrwx 1 root root      18 2008-12-04 13:29:06.000000000 +0000 /lib/libncursesw.so.5 -> libncursesw.so.5.6
    -rwxr-xr-x 1 root root  188056 2008-10-02 13:02:39.000000000 +0000 /lib/libncursesw.so.5.6
    -rwxr-xr-x 1 root root  116028 2008-12-08 13:33:08.000000000 +0000 /lib/libnsl-2.9.so
    lrwxrwxrwx 1 root root      13 2008-12-29 02:40:38.000000000 +0000 /lib/libnsl.so.1 -> libnsl-2.9.so
    -rwxr-xr-x 1 root root   36320 2008-12-08 13:33:09.000000000 +0000 /lib/libnss_compat-2.9.so
    lrwxrwxrwx 1 root root      20 2008-12-29 02:40:38.000000000 +0000 /lib/libnss_compat.so.2 -> libnss_compat-2.9.so
    -rwxr-xr-x 1 root root   25980 2008-12-08 13:33:08.000000000 +0000 /lib/libnss_dns-2.9.so
    lrwxrwxrwx 1 root root      17 2008-12-29 02:40:38.000000000 +0000 /lib/libnss_dns.so.2 -> libnss_dns-2.9.so
    -rwxr-xr-x 1 root root   55044 2008-12-08 13:33:08.000000000 +0000 /lib/libnss_files-2.9.so
    lrwxrwxrwx 1 root root      19 2008-12-29 02:40:38.000000000 +0000 /lib/libnss_files.so.2 -> libnss_files-2.9.so
    -rwxr-xr-x 1 root root   22588 2008-12-08 13:33:08.000000000 +0000 /lib/libnss_hesiod-2.9.so
    lrwxrwxrwx 1 root root      20 2008-12-29 02:40:38.000000000 +0000 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.9.so
    -rwxr-xr-x 1 root root   50692 2008-12-08 13:33:08.000000000 +0000 /lib/libnss_nis-2.9.so
    lrwxrwxrwx 1 root root      17 2008-12-29 02:40:38.000000000 +0000 /lib/libnss_nis.so.2 -> libnss_nis-2.9.so
    -rwxr-xr-x 1 root root   59564 2008-12-08 13:33:08.000000000 +0000 /lib/libnss_nisplus-2.9.so
    lrwxrwxrwx 1 root root      21 2008-12-29 02:40:38.000000000 +0000 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.9.so
    -rwxr-xr-x 1 root root  133780 2008-12-08 13:33:08.000000000 +0000 /lib/libpthread-2.9.so
    lrwxrwxrwx 1 root root      17 2008-12-29 02:40:38.000000000 +0000 /lib/libpthread.so.0 -> libpthread-2.9.so
    -rwxr-xr-x 1 root root   92420 2008-12-08 13:33:08.000000000 +0000 /lib/libresolv-2.9.so
    lrwxrwxrwx 1 root root      16 2008-12-29 02:40:38.000000000 +0000 /lib/libresolv.so.2 -> libresolv-2.9.so
    -rwxr-xr-x 1 root root   46436 2008-12-08 13:33:08.000000000 +0000 /lib/librt-2.9.so
    lrwxrwxrwx 1 root root      12 2008-12-29 02:40:38.000000000 +0000 /lib/librt.so.1 -> librt-2.9.so
    -rwxr-xr-x 1 root root   38080 2008-12-08 13:33:08.000000000 +0000 /lib/libthread_db-1.0.so
    lrwxrwxrwx 1 root root      19 2008-12-29 02:40:38.000000000 +0000 /lib/libthread_db.so.1 -> libthread_db-1.0.so
    lrwxrwxrwx 1 root root      15 2008-12-04 13:29:06.000000000 +0000 /lib/libtinfo.so.5 -> libtinfo.so.5.6
    -rwxr-xr-x 1 root root   96520 2008-10-02 13:02:39.000000000 +0000 /lib/libtinfo.so.5.6
    -rwxr-xr-x 1 root root   13208 2008-12-08 13:33:09.000000000 +0000 /lib/libutil-2.9.so
    lrwxrwxrwx 1 root root      14 2008-12-29 02:40:38.000000000 +0000 /lib/libutil.so.1 -> libutil-2.9.so
    
    Code:
    $ mount
    /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    /dev/xvda1 on /boot type ext3 (rw)
    tmpfs on /dev/shm type tmpfs (rw)
    /dev/xvdb1 on /hosts type ext3 (rw,noatime,nodiratime,acl)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    
    Code:
    $ df -h
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/mapper/VolGroup00-LogVol00
                           48G   31G   15G  68% /
    /dev/xvda1            190M   44M  137M  24% /boot
    tmpfs                 773M     0  773M   0% /dev/shm
    /dev/xvdb1             69G   50G   16G  76% /hosts
    
    Code:
    $ cat /etc/issue
    Fedora release 10 (Cambridge)
    Kernel \r on an \m (\l)
    
    Code:
    $ cat /etc/crontab
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # run-parts
    01 * * * * root run-parts /etc/cron.hourly
    02 4 * * * root run-parts /etc/cron.daily
    22 4 * * 0 root run-parts /etc/cron.weekly
    42 4 1 * * root run-parts /etc/cron.monthly
    
    Code:
    $ cat /proc/version
    Linux version 2.6.27.38-170.2.113.fc10.x86_64 ([email protected]) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #1 SMP Wed Nov 4 17:32:02 EST 2009
    
    Code:
    $ cat /proc/sys/vm/mmap_min_addr
    32768
    
    Code:
    $ pwd
    /hosts/319338ea95a6f2d26d/.3185/htdocs1
    
    P.S. Связка сплоитов enlightenment не помогла(
     
  13. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    glibc
     
    _________________________
  14. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    ОТНЫНЕ, ПОСТЫ ОФОРМЛЕННЫЕ ОТЛИЧНО ОТ ПРАВИЛ ПЕРВОГО ПОСТА, УДАЛЯЮТСЯ!
    Так же прошу заметить, что вылаживать нужно всю информацию, даже если в ответ вы видите нечто такое:
     
    _________________________
    2 people like this.
  15. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    pipe тоже подойдёт
    http://www.securityfocus.com/bid/36901

    // прим. expl0ited: это pipe а не кернел.
     
    #135 boortyhuhtyu, 22 Dec 2011
    Last edited by a moderator: 22 Dec 2011
  16. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    кстати glib до какой версии бьёт 2.6.29?


    // прим. expl0ited: это уязвимость не в ядре, а в старых библиотеках, позволяет повысить привилегии если дата создания нужных либ до октября 2010.
     
    #136 boortyhuhtyu, 22 Dec 2011
    Last edited by a moderator: 22 Dec 2011
  17. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    понятно ещё такой вопрос как посмотреть открытые порты и какие демоны netstat -an или lsof -i, через nmap можно на шелле ?
     
  18. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    nmap разрешен только руту, юзай netstat
    Code:
    netstat -an | grep LISTEN
    tcp        0      0 0.0.0.0:544             0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:3316            0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:4949            0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:4373            0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:9080            0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:2105            0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:4444            0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:3326            0.0.0.0:*               LISTEN
    tcp6       0      0 :::80                   :::*                    LISTEN
    tcp6       0      0 :::22                   :::*                    LISTEN
    tcp6       0      0 :::443                  :::*                    LISTEN
     
    _________________________
    1 person likes this.
  19. AC//DC

    AC//DC Active Member

    Joined:
    28 Jul 2009
    Messages:
    419
    Likes Received:
    147
    Reputations:
    88
    граждане, товарищи, други....
    смотрите на само ядро......свеб, джино, валуе не рутается, хотя бы когго года не было....
     
    1 person likes this.
  20. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,035
    Likes Received:
    534
    Reputations:
    935
    Потому что администраторы серверов следят за багтреками :)
     
    _________________________