Тема: Повышение прав [задай вопрос - получи ответ]
Показать сообщение отдельно

  #685  
Старый 27.03.2018, 22:09
vasyaz
Новичок
Регистрация: 29.10.2012
Сообщений: 12
С нами: 7124726

Репутация: 0
По умолчанию
Подскажите сплоит для поднятия прав.

$ uname -a

Linux ga***4126.host****.com 3.10.0-693.11.6.1.ELK.el6.x86_64 #1 SMP Tue Jan 23 10:30:30 MST 2018 x86_64 x86_64 x86_64 GNU/Linux

$ mount

/dev/sda2 on / type ext4 (rw,usrjquota=quota.user,jqfmt=vfsv0)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

tmpfs on /dev/shm type tmpfs (rw,noexec,nosuid,nodev,noatime,mode=711,size=500M )

/dev/sda3 on /tmp type ext4 (rw,noexec,nosuid,nodev,noatime)

/dev/sda1 on /usr type ext4 (rw,nodev,usrjquota=quota.user,jqfmt=vfsv0)

/dev/sda6 on /var type ext4 (rw,nosuid,nodev,noatime,nodiratime,usrjquota=quot a.user,jqfmt=vfsv0)

/dev/sdb1 on /home1 type ext4 (rw,nosuid,nodev,noatime,usrjquota=quota.user,jqfm t=vfsv0)

/dev/sdc1 on /home2 type ext4 (rw,nosuid,nodev,noatime,usrjquota=quota.user,jqfm t=vfsv0)

/dev/sdd1 on /home3 type ext4 (rw,nosuid,nodev,noatime,usrjquota=quota.user,jqfm t=vfsv0)

/dev/sde1 on /home4 type ext4 (rw,nosuid,nodev,noatime,usrjquota=quota.user,jqfm t=vfsv0)

tmpfs on /ramdisk type tmpfs (rw,nosuid,nodev,noatime,size=4096m)

none on /var/spool/exim type tmpfs (rw,noexec,nosuid,nodev,noatime,uid=47,gid=12,mode =750)

tmpfs on /var/mysqltmp type tmpfs (rw,noexec,nosuid,nodev,noatime,mode=700,uid=498,g id=498,size=4096m)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

/tmp on /var/tmp type none (rw,noexec,nosuid,bind)

/ramdisk/home on /home type none (ro,nosuid,nodev,bind,noatime,nodiratime)

none on /sys/fs/cgroup type cgroup (rw,hugetlb,blkio,freezer,devices,memory,cpuacct,c pu,cpuset,clone_children)

/dev/mapper/vg_dr-lv_backups_root on /eig_backup type ext4 (rw,noexec,nosuid,nodev,_netdev,noatime,noquota,di scard)

/dev/mapper/vg_dr-lv_backups_home1 on /eig_backup/****3176.host****.com/backup1 type ext4 (rw,noexec,nosuid,nodev,_netdev,noatime,noquota,di scard)

/dev/mapper/vg_dr-lv_backups_home2 on /eig_backup/****3176.host****.com/backup2 type ext4 (rw,noexec,nosuid,nodev,_netdev,noatime,noquota,di scard)

/dev/mapper/vg_dr-lv_backups_home3 on /eig_backup/****3176.host****.com/backup3 type ext4 (rw,noexec,nosuid,nodev,_netdev,noatime,noquota,di scard)

/dev/mapper/vg_dr-lv_backups_home4 on /eig_backup/****3176.host****.com/backup4 type ext4 (rw,noexec,nosuid,nodev,_netdev,noatime,noquota,di scard)

$ df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda2 15G 12G 1.9G 87% /

tmpfs 500M 40K 500M 1% /dev/shm

/dev/sda3 9.5G 562M 8.5G 7% /tmp

/dev/sda1 39G 33G 3.6G 91% /usr

/dev/sda6 152G 134G 16G 90% /var

/dev/sdb1 1.8T 1.7T 158G 92% /home1

/dev/sdc1 1.8T 1.7T 101G 95% /home2

/dev/sdd1 1.8T 1.7T 97G 95% /home3

/dev/sde1 1.8T 1.7T 109G 95% /home4

tmpfs 4.0G 0 4.0G 0% /ramdisk

none 32G 20M 32G 1% /var/spool/exim

tmpfs 4.0G 8.0K 4.0G 1% /var/mysqltmp

/dev/mapper/vg_dr-lv_backups_root

589G 195G 364G 35% /eig_backup

/dev/mapper/vg_dr-lv_backups_home1

1.8T 1.3T 470G 74% /eig_backup/****3176.host****.com/backup1

/dev/mapper/vg_dr-lv_backups_home2

1.8T 1.5T 306G 83% /eig_backup/****3176.host****.com/backup2

/dev/mapper/vg_dr-lv_backups_home3

1.8T 1.4T 324G 82% /eig_backup/****3176.host****.com/backup3

/dev/mapper/vg_dr-lv_backups_home4

1.8T 1.2T 612G 65% /eig_backup/****3176.host****.com/backup4

$ pwd

/home4/omar/public_html/sitename.net/admin/uploads

$ ls -la /usr/bin/staprun

---s--x--- 1 root stapusr 183072 Mar 21 2017 /usr/bin/staprun

$ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null

-rwsr-xr-x 1 root root 38718 Sep 18 2017 /usr/local/apache/bin/suexec

-r-sr-xr-x 1 root root 232863 Jun 9 2017 /usr/local/bin/cdcc

-r-sr-xr-x 1 root root 629345 Jun 9 2017 /usr/local/bin/dccproc

-rwsr-xr-x. 1 root root 28968 Aug 30 2012 /usr/local/apache.backup/bin/suexec

-rws--x--x 1 root root 14736 Jun 19 2017 /usr/libexec/pt_chown

-rwsr-xr-x 1 root root 257824 Aug 31 2017 /usr/libexec/openssh/ssh-keysign

-rwsr-xr-x 1 root root 14368 Mar 17 2015 /usr/libexec/polkit-1/polkit-agent-helper-1

-rwsr-xr-x 1 abrt abrt 10296 Mar 23 2017 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache

---s--x--- 1 root stapusr 183072 Mar 21 2017 /usr/bin/staprun

-rws--x--x 1 root root 20184 Jan 26 01:41 /usr/bin/chfn

-rwsr-xr-x 1 root root 30768 Nov 23 2015 /usr/bin/passwd

---s--x--x 1 root root 123832 Jun 22 2017 /usr/bin/sudo

-rwsr-xr-x. 1 root root 128282 Mar 11 2013 /usr/bin/crontab

-rwsr-xr-x 1 root root 70480 May 10 2016 /usr/bin/chage

-rwsr-xr-x 1 root root 75640 May 10 2016 /usr/bin/gpasswd

-rwsr-xr-x 1 root root 82752 Jul 23 2015 /usr/bin/quota

-rwsr-xr-x 1 root root 54464 Mar 21 2017 /usr/bin/at

-rwsr-xr-x 1 root root 40240 May 10 2016 /usr/bin/newgrp

-rwsr-xr-x 1 root root 22544 Mar 17 2015 /usr/bin/pkexec

-r-s--x---. 1 root 48 13984 Jul 7 2011 /usr/sbin/suexec

-rwsr-xr-x 1 root root 9000 Oct 3 21:26 /usr/sbin/usernetctl

-rwsr-xr-x 1 root root 1255280 Feb 7 13:23 /usr/sbin/exim

-rwsr-xr-x 1 root root 2862863 Nov 2 2016 /opt/suphp/sbin/suphp

-rwsr-xr-x 1 root root 34840 Mar 22 2017 /sbin/unix_chkpwd

-rwsr-xr-x 1 root root 10272 Mar 22 2017 /sbin/pam_timestamp_check

-r-sr-xr-x 1 root root 185196 Jun 9 2017 /var/dcc/libexec/dccsight

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/confirm

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/admin

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/edithtml

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/roster

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/options

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/listinfo

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/admindb

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/subscribe

-rwsr-sr-x 1 mailman mailman 21647 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/cgi-bin/private

-rwsr-xr-x 1 mailman mailman 24119 Aug 3 2017 /eig_backup/****3176.host****.com/usr/local/cpanel/3rdparty/mailman/bin/setuid-wrapper

-rwsr-x--- 1 root dbus 46232 Apr 22 2015 /lib64/dbus-1/dbus-daemon-launch-helper

-rwsr-xr-x 1 root root 38520 Mar 21 2017 /bin/ping

-rwsr-xr-x 1 root root 53480 Jan 26 01:41 /bin/umount

-rwsr-xr-x 1 root root 77560 Jan 26 01:41 /bin/mount

-rwsr-x--- 1 root wheel 34904 Mar 22 2017 /bin/su

-rwsr-xr-x 1 root root 36488 Mar 21 2017 /bin/ping6

$ id

uid=32200(omar) gid=32202(omar) groups=32202(omar)

Остальные команды не выводятся.
 
Ответить с цитированием