02.01.2013, 15:49
|
|
Постоянный
Регистрация: 13.10.2010
Сообщений: 375
Провел на форуме:
97332
Репутация:
38
|
|
Код:
root 5334 0.0 0.9 148852 36628 ? Sl 2012 16:29 /usr/local/billing/LBccd-Shaiba -c /etc/netflow.shaiba.conf -L /usr/local/billing/log/netflow_shaiba.log
root 6044 0.0 0.9 148868 36520 ? Sl 2012 15:55 /usr/local/billing/LBccd_zvezda13 -c /etc/netflow.zvezda13.conf -L /usr/local/billing/log/netflow_zvezda13.log
root 6282 0.7 0.0 0 0 ? Z 16:09 0:00 [miniserv.pl]
root 6284 0.0 0.0 40172 1176 ? S 16:10 0:00 CROND
apache 6286 0.0 0.0 9312 1372 ? Ss 16:10 0:00 /bin/sh -c php /usr/share/cacti/poller.php > /dev/null 2>&1
apache 6287 2.0 0.5 201368 20216 ? S 16:10 0:00 php /usr/share/cacti/poller.php
apache 6308 0.3 0.0 58200 1896 ? S 16:10 0:00 /usr/bin/rrdtool -
apache 6332 0.0 0.0 11632 1408 ? S 16:10 0:00 /bin/sh -i
apache 6359 0.0 0.0 8500 960 ? R 16:10 0:00 ps -aux
root 6814 0.0 0.1 57060 7688 ? SN 06:02 0:14 sendmail: ./qBTMjijh007880 dfre.com.: user open
mail 8211 0.0 0.0 39068 2204 ? SN 16:02 0:00 sendmail: ./r01B8fmw003188 from queue
root 8212 0.0 0.1 56036 5756 ? SN 16:02 0:00 sendmail: ./r029id2C007018 hormail.com.: user open
root 8516 0.0 0.1 56912 7552 ? SN 01:02 0:15 sendmail: ./qBSANbq4015205 hotmal.com.: user open
root 9118 0.0 0.1 56848 7376 ? SN 13:02 0:03 sendmail: ./r01G1txK007555 order.de.: user open
root 9506 0.0 0.1 57144 7724 ? SN 09:02 0:07 sendmail: ./qBVHjXxD002641 hotmai.com.: user open
root 10757 0.0 0.0 0 0 ? S 2012 1:14 [pdflush]
root 12000 0.0 0.1 56948 7612 ? SN 03:02 0:14 sendmail: ./qBT6aaQk010445 uol.com.: user open
root 12172 0.0 0.1 57084 7688 ? SN 10:02 0:06 sendmail: ./qBVLupM3016550 live.co.: user open
root 13906 0.0 0.1 56964 7600 ? SN 04:02 0:13 sendmail: ./qBTHwg5t024913 mail.co.: user open
root 16454 0.0 0.0 47620 2476 ? SNs 2012 0:24 sendmail: accepting connections
mail 16467 0.0 0.0 39024 1780 ? SNs 2012 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
root 17704 0.0 0.0 45500 1512 ? Ss 2012 0:01 sshd: oleg [priv]
root 17744 0.0 0.1 56908 7444 ? SN 14:02 0:02 sendmail: ./r01LDgoE017306 pop.dresssmall.com.: client greetin
root 18319 0.0 0.0 29332 892 ? Sl 2012 9:28 /usr/local/billing/LBctcd_tda600 -c /etc/billing.tda600com.conf -L /usr/local/billing/log/tda600com.log
oleg 19201 0.0 0.0 45648 1088 ? S 2012 0:05 sshd: oleg@pts/0
oleg 19208 0.0 0.0 17320 1140 pts/0 Ss 2012 0:00 -bash
root 19524 0.0 0.0 47320 792 pts/0 S 2012 0:00 su
root 19961 0.0 0.0 16816 1296 pts/0 S+ 2012 0:00 bash
root 21905 0.0 0.1 56940 7568 ? SN 02:02 0:15 sendmail: ./qBS7k4IT019774 live.co.: user open
root 23216 0.0 0.1 56852 7412 ? SN 15:02 0:02 sendmail: ./r0202ok8012728 from queue
root 23345 0.0 0.1 57096 7652 ? SN 05:02 0:14 sendmail: ./qBTJPhY3001197 live.co.: user open
root 24159 0.0 0.0 0 0 ? S 2012 3:15 [pdflush]
root 24541 0.0 0.1 56980 7648 ? SN 07:02 0:10 sendmail: ./qBV1VKoh026301 trollmail.com.: user open
root 25688 0.0 0.0 10456 880 ? S 2012 0:00 /bin/sh /var/lib/mysql//bin/mysqld_safe --datadir=/var/lib/mysql//var --pid-file=/var/lib/mysql//var/billing.pid
root 25798 0.0 1.0 69180 40376 ? Ssl 2012 0:41 /usr/local/billing/LBarcd_cisco831 -c /etc/billing.cisco831.conf -L /usr/local/billing/log/rad_cisco831.log
root 25799 0.0 1.0 78276 40864 ? Sl 2012 1:53 /usr/local/billing/LBarcd_cisco831 -c /etc/billing.cisco831.conf -L /usr/local/billing/log/rad_cisco831.log
root 25818 0.0 1.0 69196 39972 ? Ssl 2012 0:47 /usr/local/billing/LBarcd_cisco -c /etc/billing.radius.cisco.conf -L /usr/local/billing/log/radius_cisco.log
root 25819 0.0 1.0 78400 41040 ? Sl 2012 14:40 /usr/local/billing/LBarcd_cisco -c /etc/billing.radius.cisco.conf -L /usr/local/billing/log/radius_cisco.log
root 25837 0.0 1.0 69200 40476 ? Ssl 2012 0:43 /usr/local/billing/LBarcd_cosm -c /etc/billing.radius.cosm.conf -L /usr/local/billing/log/radius_cosm.log
root 25838 0.0 1.0 78404 40904 ? Sl 2012 4:02 /usr/local/billing/LBarcd_cosm -c /etc/billing.radius.cosm.conf -L /usr/local/billing/log/radius_cosm.log
root 25856 0.0 0.9 70200 39536 ? Ssl 2012 0:47 /usr/local/billing/LBarcd_dz59 -c /etc/billing.radius.dz59.conf -L /usr/local/billing/log/radius_dz59.log
root 25857 0.0 1.0 78388 40808 ? Sl 2012 2:43 /usr/local/billing/LBarcd_dz59 -c /etc/billing.radius.dz59.conf -L /usr/local/billing/log/radius_dz59.log
root 25875 0.0 1.0 69184 39928 ? Ssl 2012 0:44 /usr/local/billing/LBarcd_kirova37 -c /etc/billing.radius.kirova37.conf -L /usr/local/billing/log/radius_kirova37.log
root 25876 0.0 1.0 78280 40860 ? Sl 2012 4:00 /usr/local/billing/LBarcd_kirova37 -c /etc/billing.radius.kirova37.conf -L /usr/local/billing/log/radius_kirova37.log
root 25894 0.0 1.0 69200 40084 ? Ssl 2012 0:45 /usr/local/billing/LBarcd_kirovogr -c /etc/billing.radius.kirovogr.conf -L /usr/local/billing/log/radius_kirovogr.log
root 25895 0.0 1.0 78404 40924 ? Sl 2012 6:09 /usr/local/billing/LBarcd_kirovogr -c /etc/billing.radius.kirovogr.conf -L /usr/local/billing/log/radius_kirovogr.log
root 25913 0.0 1.0 61004 40412 ? Ss 2012 0:00 /usr/local/billing/LBarcd_krym -c /etc/billing.radius.krym.conf -L /usr/local/billing/log/radius_krym.log
root 25914 0.0 1.0 78408 40852 ? Sl 2012 2:14 /usr/local/billing/LBarcd_krym -c /etc/billing.radius.krym.conf -L /usr/local/billing/log/radius_krym.log
root 25931 0.0 0.9 69196 39196 ? Ssl 2012 0:57 /usr/local/billing/LBarcd_lasv -c /etc/billing.radius.lasv.conf -L /usr/local/billing/log/radius_lasv.log
root 25932 0.0 1.0 78400 40976 ? Sl 2012 10:14 /usr/local/billing/LBarcd_lasv -c /etc/billing.radius.lasv.conf -L /usr/local/billing/log/radius_lasv.log
root 25950 0.0 1.0 69200 40520 ? Ssl 2012 0:41 /usr/local/billing/LBarcd_lebedeva -c /etc/billing.radius.lebedeva.conf -L /usr/local/billing/log/radius_lebedeva.log
root 25951 0.0 1.0 78404 40896 ? Sl 2012 3:09 /usr/local/billing/LBarcd_lebedeva -c /etc/billing.radius.lebedeva.conf -L /usr/local/billing/log/radius_lebedeva.log
root 26045 0.0 1.0 69200 40056 ? Ssl 2012 0:44 /usr/local/billing/LBarcd_org -c /etc/billing.radius.org.conf -L /usr/local/billing/log/radius_org.log
root 26046 0.0 1.0 78404 40980 ? Sl 2012 12:15 /usr/local/billing/LBarcd_org -c /etc/billing.radius.org.conf -L /usr/local/billing/log/radius_org.log
root 26194 0.0 1.0 69180 40168 ? Ssl 2012 0:41 /usr/local/billing/LBarcd_shaiba -c /etc/billing.radius.shaiba.conf -L /usr/local/billing/log/radius_shaiba.log
root 26195 0.0 1.0 78408 40836 ? Sl 2012 3:17 /usr/local/billing/LBarcd_shaiba -c /etc/billing.radius.shaiba.conf -L /usr/local/billing/log/radius_shaiba.log
root 26540 0.0 1.0 69200 40176 ? Ssl 2012 0:44 /usr/local/billing/LBarcd_tramvainaya33 -c /etc/billing.radius.tramvainaya33.conf -L /usr/local/billing/log/radius_tramvainaya33.log
root 26541 0.0 1.0 78404 40912 ? Sl 2012 3:33 /usr/local/billing/LBarcd_tramvainaya33 -c /etc/billing.radius.tramvainaya33.conf -L /usr/local/billing/log/radius_tramvainaya33.log
root 26847 0.0 1.0 69180 39824 ? Ssl 2012 0:40 /usr/local/billing/LBarcd_ural -c /etc/billing.radius.ural.conf -L /usr/local/billing/log/radius_ural.log
root 26848 0.0 1.0 78400 40832 ? Sl 2012 1:28 /usr/local/billing/LBarcd_ural -c /etc/billing.radius.ural.conf -L /usr/local/billing/log/radius_ural.log
root 27378 0.0 1.0 69180 40276 ? Ssl 2012 0:40 /usr/local/billing/LBarcd_zvezda13 -c /etc/billing.radius.zvezda13.conf -L /usr/local/billing/log/radius_zvezda13.log
root 27379 0.0 1.0 78276 40884 ? Sl 2012 1:53 /usr/local/billing/LBarcd_zvezda13 -c /etc/billing.radius.zvezda13.conf -L /usr/local/billing/log/radius_zvezda13.log
root 27912 0.0 0.3 359668 15464 ? Ss 2012 0:07 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHAVE_PERL -DHAVE_PHP5 -DHAVE_RANDOM -DHAVE_ACTIONS -DHAVE_ALIAS -DHAVE_ASIS -DHAVE_AUTH_BASIC -DHAVE_AUTH_DIGEST -DHAVE_AUTHN_ALIAS -DHAVE_AUTHN_ANON -DHAVE_AUTHN_DBM -DHAVE_AUTHN_DEFAULT -DHAVE_AUTHN_FILE -DHAVE_AUTHZ_DBM -DHAVE_AUTHZ_DEFAULT -DHAVE_AUTHZ_GROUPFILE -DHAVE_AUTHZ_HOST -DHAVE_AUTHZ_OWNER -DHAVE_AUTHZ_USER -DHAVE_AUTOINDEX -DHAVE_BUCKETEER -DHAVE_CASE_FILTER -DHAVE_CASE_FILTER_IN -DHAVE_CERN_META -DHAVE_CGI -DHAVE_CGID -DHAVE_CHARSET_LITE -DHAVE_DIR -DHAVE_DUMPIO -DHAVE_ECHO -DHAVE_ENV -DHAVE_EXAMPLE -DHAVE_EXPIRES -DHAVE_EXT_FILTER -DHAVE_FILTER -DHAVE_HEADERS -DHAVE_IDENT -DHAVE_IMAGEMAP -DHAVE_INCLUDE -DHAVE_INFO -DHAVE_LOG_CONFIG -DHAVE_LOG_FORENSIC -DHAVE_LOGIO -DHAVE_MIME -DHAVE_MIME_MAGIC -DHAVE_NEGOTIATION -DHAVE_OPTIONAL_FN_EXPORT -DHAVE_OPTIONAL_FN_IMPORT -DHAVE_OPTIONAL_HOOK_EXPORT -DHAVE_OPTIONAL_HOOK_IMPORT -DHAVE_REWRITE -DHAVE_SETENVIF -DHAVE_SPELING -DHAVE_STATUS -DHAVE_SUBSTITUTE -DHAVE_SUEXEC -DHAVE_UNIQUE_ID -DHAVE_USERTRACK -DHAVE_VERSION -DHAVE_VHOST_ALIAS
root 27966 0.0 1.0 69180 40440 ? Ssl 2012 0:43 /usr/local/billing/LBarcd_zvezda20 -c /etc/billing.radius.zvezda20.conf -L /usr/local/billing/log/radius_zvezda20.log
root 27967 0.0 1.0 78276 40840 ? Sl 2012 2:53 /usr/local/billing/LBarcd_zvezda20 -c /etc/billing.radius.zvezda20.conf -L /usr/local/billing/log/radius_zvezda20.log
root 28362 0.2 0.9 148880 36740 ? Sl 2012 91:26 /usr/local/billing/LBccd -c /etc/netflow.cisco.conf -L /usr/local/billing/log/netflow_cisco.log
root 28931 0.1 0.9 157076 36724 ? Sl 2012 83:58 /usr/local/billing/LBccd_org -c /etc/netflow.org.conf -L /usr/local/billing/log/netflow_org.log
root 30298 0.0 0.1 57252 7816 ? SN 11:02 0:05 sendmail: ./r01BMfQF029614 idoo.com.: user open
root 30748 0.0 0.1 57168 7756 ? SN 08:02 0:09 sendmail: ./qBV5B457021129 homail.com.: user open
root 30849 0.0 0.0 3632 256 ? Ss 2012 0:00 /usr/local/billing/LBircd_1751 -c /etc/billing.voip1751.conf -L /usr/local/billing/log/LBvoip1751.log
root 30850 0.0 0.0 30328 924 ? Sl 2012 16:48 /usr/local/billing/LBircd_1751 -c /etc/billing.voip1751.conf -L /usr/local/billing/log/LBvoip1751.log
Код:
================================================SUID FILES:================================================
-rwsr-xr-x 1 root root 484 Sep 14 2011 /home/vaskolot/nagiosxi/nagiosxi/basedir/scripts/reset_config_perms.sh
-r-sr-xr-x 1 root root 103160 Sep 21 2009 /sbin/mount.nfs
-rwsr-xr-x 1 root root 10592 Oct 7 2009 /sbin/pam_timestamp_check
-rwsr-xr-x 1 root root 36088 Sep 2 2009 /bin/ping
-rwsr-xr-x 1 root root 15176 Oct 1 2009 /bin/umount.cifs3
-rwsr-xr-x 1 root root 27120 Sep 27 2009 /bin/fusermount
-rwsr-xr-x 1 root root 44096 Oct 14 2009 /bin/umount
-rwsr-xr-x 1 root root 99112 Oct 14 2009 /bin/mount
-rwsr-xr-x 1 root root 36360 Oct 1 2009 /bin/mount.cifs3
-rwsr-xr-x 1 root root 31320 Jan 23 2010 /bin/su
-rwsr-x--- 1 root messagebus 47384 Oct 5 2009 /lib64/dbus-1/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 27201 Nov 25 2011 /usr/libexec/pt_chown
-rwsr-xr-t 1 root root 353856 May 27 2009 /usr/sbin/pppd
-rwsr-xr-x 1 root bin 52144 Sep 3 2009 /usr/sbin/traceroute
-rwsr-xr-x 1 root root 15168 Sep 2 2009 /usr/sbin/traceroute6
-rwsr-xr-x 1 root root 39752 Sep 27 2009 /usr/sbin/userhelper
-rwsr-xr-x 1 root root 12424 Oct 4 2009 /usr/sbin/suexec
-rwsr-xr-x 1 root root 8968 Oct 27 2009 /usr/sbin/usernetctl
-rwsr-xr-x 1 root root 10787 Oct 30 2009 /usr/sbin/fileshareset
-rwsr-xr-x 1 root root 51024 Sep 3 2009 /usr/bin/gpasswd
-rwsr-sr-x 1 daemon daemon 137 Sep 2 2009 /usr/bin/batch
-rws--x--x 1 root root 69640 Sep 28 2009 /usr/bin/sperl5.10.1
-rwsr-sr-x 1 root root 40008 Sep 24 2009 /usr/bin/crontab
-rwsr-xr-x 1 root root 23848 Sep 3 2009 /usr/bin/expiry
-rws--x--x 1 root root 18968 Oct 14 2009 /usr/bin/chsh
-rwsr-xr-x 1 root root 435328 Sep 9 2009 /usr/bin/gpgsm
-rws--x--x 1 root root 19064 Oct 14 2009 /usr/bin/chfn
-rwsr-xr-x 1 root root 14744 Aug 13 2009 /usr/bin/pkexec
-rwsr-sr-x 1 daemon daemon 48240 Sep 2 2009 /usr/bin/at
---s--x--x 2 root root 172904 Aug 10 2009 /usr/bin/sudo
-rwsr-xr-x 1 root root 20720 Feb 24 2010 /usr/bin/rcp.netkit
-rwsr-xr-x 1 root root 721008 Oct 6 2009 /usr/bin/kppp
-rwsr-sr-x 1 root cdwriter 573480 Oct 6 2009 /usr/bin/cdrdao
-r-s--x--x 1 root shadow 27144 Sep 16 2009 /usr/bin/passwd
-rwsr-xr-x 1 root root 15664 Feb 24 2010 /usr/bin/rlogin.netkit
-rwsr-xr-x 1 root root 11440 Feb 24 2010 /usr/bin/rsh.netkit
-rws--x--x 1 root root 28144 Sep 3 2009 /usr/bin/newgrp
-rwsr-xr-x 1 root root 31824 Sep 2 2009 /usr/bin/ping6
---s--x--x 2 root root 172904 Aug 10 2009 /usr/bin/sudoedit
-rwsr-xr-x 1 root root 1028376 Sep 3 2009 /usr/bin/gpg
-rwsr-sr-x 1 root mail 89192 Aug 25 2009 /usr/bin/procmail
-rwsr-xr-x 1 root root 10312 Oct 13 2009 /usr/bin/Xwrapper
-rwsr-xr-x 1 root polkituser 10352 Aug 26 2009 /usr/lib64/polkit-resolve-exe-helper
-rws--x--x 1 root root 203848 Jun 8 2010 /usr/lib64/ssh/ssh-keysign
-rwsr-xr-- 1 root polkituser 10424 Aug 26 2009 /usr/lib64/polkit-grant-helper-pam
-rwsr-xr-x 1 polkituser root 22856 Aug 26 2009 /usr/lib64/polkit-set-default-helper
-rwsr-xr-x 1 root root 14576 Aug 13 2009 /usr/lib64/polkit-1/polkit-agent-helper-1
-rwsr-xr-x 1 root root 10999 Dec 22 2008 /usr/lib64/kde4/libexec/fileshareset
-rwsr-xr-x 1 root root 19072 Oct 27 2009 /usr/lib64/kde4/libexec/kcheckpass
Пробовал:
Эсидбитчез - фэйл
Новый глибц - фэйл
Судо - фэйл
RDS (http://www.exploit-db.com/exploits/15285/)
sh-4.0$ gcc -o ab ab.c
sh-4.0$ ls
Сообщение от None
ab
ab.c
sh-4.0$ ./ab
Сообщение от None
sh: [23778: 2 (255)] tcsetattr: Invalid argument
После этого рядом появляется дамп ядра
sh-4.0$
Что делать? |
|
|