Повышение прав [задай вопрос - получи ответ]

#11

24.09.2012, 14:36

P-29

Новичок

Регистрация: 04.08.2006

Сообщений: 15

Провел на форуме:
65556

Репутация: 0

Linux cust.******.net 2.6.9-89.0.19.ELsmp #1 SMP Fri Jan 8 06:30:48 EST

2010 x86_64

Помагите подобрать exploit пробывал glibc пишет sh: ./glibc_nondebian.sh: Permission denied

Пользуюсь netcat sh-3.00$ выважу камандой sh -i это правильно или нет.

sh-3.00$ ls -la /boot

total 15401

drwxr-xr-x 4 root root 1024 Jan 23 2010 .

drwxr-xr-x 28 root root 4096 May 22 21:06 ..

-rw-r--r-- 1 root root 924745 Jul 24 2008 System.map-2.6.9-78.EL

-rw-r--r-- 1 root root 943487 Jul 25 2008 System.map-2.6.9-78.ELsmp

-rw-r--r-- 1 root root 909272 Jan 8 2010 System.map-2.6.9-89.0.19.EL

-rw-r--r-- 1 root root 928014 Jan 8 2010 System.map-2.6.9-89.0.19.ELsmp

-rw-r--r-- 1 root root 45033 Jul 24 2008 config-2.6.9-78.EL

-rw-r--r-- 1 root root 44659 Jul 25 2008 config-2.6.9-78.ELsmp

-rw-r--r-- 1 root root 45150 Jan 8 2010 config-2.6.9-89.0.19.EL

-rw-r--r-- 1 root root 44776 Jan 8 2010 config-2.6.9-89.0.19.ELsmp

drwxr-xr-x 2 root root 1024 Jan 23 2010 grub

-rw-r--r-- 1 root root 1098565 Jan 23 2010 initrd-2.6.9-78.EL.img

-rw-r--r-- 1 root root 1078331 Jan 23 2010 initrd-2.6.9-78.ELsmp.img

-rw-r--r-- 1 root root 1104619 Jan 23 2010 initrd-2.6.9-89.0.19.EL.img

-rw-r--r-- 1 root root 1082497 Jan 23 2010 initrd-2.6.9-89.0.19.ELsmp.img

drwx------ 2 root root 12288 Jan 23 2010 lost+found

-rw-r--r-- 1 root root 9371 Aug 12 2006 message

-rw-r--r-- 1 root root 9371 Aug 12 2006 message.ja

-rw-r--r-- 1 root root 66175 Jul 24 2008 symvers-2.6.9-78.EL.gz

-rw-r--r-- 1 root root 66959 Jul 25 2008 symvers-2.6.9-78.ELsmp.gz

-rw-r--r-- 1 root root 67352 Jan 8 2010 symvers-2.6.9-89.0.19.EL.gz

-rw-r--r-- 1 root root 68211 Jan 8 2010 symvers-2.6.9-89.0.19.ELsmp.gz

-rw-r--r-- 1 root root 1846088 Jul 24 2008 vmlinuz-2.6.9-78.EL

-rw-r--r-- 1 root root 1714106 Jul 25 2008 vmlinuz-2.6.9-78.ELsmp

-rw-r--r-- 1 root root 1829633 Jan 8 2010 vmlinuz-2.6.9-89.0.19.EL

-rw-r--r-- 1 root root 1700706 Jan 8 2010 vmlinuz-2.6.9-89.0.19.ELsmp

sh-3.00$ ls -la --full-time /lib/lib*

sh-3.00$ -rwxr-xr-x 1 root root 8320 2010-01-20 17:34:55.000000000 -0500 /lib/libBrokenLocale-2.3.4.s

o

lrwxrwxrwx 1 root root 24 2010-01-24 17:28:58.000000000 -0500 /lib/libBrokenLocale.so.1 -> libBroke

nLocale-2.3.4.so

-rwxr-xr-x 1 root root 8476 2010-01-20 17:34:55.000000000 -0500 /lib/libNoVersion-2.3.4.so

lrwxrwxrwx 1 root root 21 2010-01-24 17:28:58.000000000 -0500 /lib/libNoVersion.so.1 -> libNoVersio

n-2.3.4.so

-rwxr-xr-x 1 root root 17400 2010-01-20 17:34:55.000000000 -0500 /lib/libSegFault.so

-rwxr-xr-x 1 root root 14980 2010-01-20 17:34:55.000000000 -0500 /lib/libanl-2.3.4.so

lrwxrwxrwx 1 root root 15 2010-01-24 17:28:58.000000000 -0500 /lib/libanl.so.1 -> libanl-2.3.4.so

-rwxr-xr-x 1 root root 1530808 2010-01-20 17:34:56.000000000 -0500 /lib/libc-2.3.4.so

lrwxrwxrwx 1 root root 13 2010-01-24 17:28:58.000000000 -0500 /lib/libc.so.6 -> libc-2.3.4.so

-rwxr-xr-x 1 root root 192392 2010-01-20 17:34:56.000000000 -0500 /lib/libcidn-2.3.4.so

lrwxrwxrwx 1 root root 16 2010-01-24 17:28:58.000000000 -0500 /lib/libcidn.so.1 -> libcidn-2.3.4.so

-rwxr-xr-x 1 root root 40256 2010-01-20 17:34:56.000000000 -0500 /lib/libcrypt-2.3.4.so

lrwxrwxrwx 1 root root 17 2010-01-24 17:28:58.000000000 -0500 /lib/libcrypt.so.1 -> libcrypt-2.3.4.

so

-rwxr-xr-x 1 root root 15048 2010-01-20 17:34:56.000000000 -0500 /lib/libdl-2.3.4.so

lrwxrwxrwx 1 root root 14 2010-01-24 17:28:58.000000000 -0500 /lib/libdl.so.2 -> libdl-2.3.4.so

-rwxr-xr-x 1 root root 212164 2010-01-20 17:34:56.000000000 -0500 /lib/libm-2.3.4.so

lrwxrwxrwx 1 root root 13 2010-01-24 17:28:58.000000000 -0500 /lib/libm.so.6 -> libm-2.3.4.so

-rwxr-xr-x 1 root root 100048 2010-01-20 17:34:56.000000000 -0500 /lib/libnsl-2.3.4.so

lrwxrwxrwx 1 root root 15 2010-01-24 17:28:58.000000000 -0500 /lib/libnsl.so.1 -> libnsl-2.3.4.so

-rwxr-xr-x 1 root root 35788 2010-01-20 17:34:56.000000000 -0500 /lib/libnss1_compat-2.3.4.so

lrwxrwxrwx 1 root root 23 2010-01-24 17:28:58.000000000 -0500 /lib/libnss1_compat.so.1 -> libnss1_c

ompat-2.3.4.so

-rwxr-xr-x 1 root root 17960 2010-01-20 17:34:56.000000000 -0500 /lib/libnss1_dns-2.3.4.so

lrwxrwxrwx 1 root root 20 2010-01-24 17:28:58.000000000 -0500 /lib/libnss1_dns.so.1 -> libnss1_dns-

2.3.4.so

-rwxr-xr-x 1 root root 42616 2010-01-20 17:34:56.000000000 -0500 /lib/libnss1_files-2.3.4.so

lrwxrwxrwx 1 root root 22 2010-01-24 17:28:58.000000000 -0500 /lib/libnss1_files.so.1 -> libnss1_fi

les-2.3.4.so

-rwxr-xr-x 1 root root 39228 2010-01-20 17:34:56.000000000 -0500 /lib/libnss1_nis-2.3.4.so

lrwxrwxrwx 1 root root 20 2010-01-24 17:28:58.000000000 -0500 /lib/libnss1_nis.so.1 -> libnss1_nis-

2.3.4.so

-rwxr-xr-x 1 root root 40812 2010-01-20 17:34:56.000000000 -0500 /lib/libnss_compat-2.3.4.so

lrwxrwxrwx 1 root root 19 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_compat.so.1 -> libnss1_co

mpat.so.1

lrwxrwxrwx 1 root root 22 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_compat.so.2 -> libnss_com

pat-2.3.4.so

-rwxr-xr-x 1 root root 22524 2010-01-20 17:34:56.000000000 -0500 /lib/libnss_dns-2.3.4.so

lrwxrwxrwx 1 root root 16 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_dns.so.1 -> libnss1_dns.s

o.1

lrwxrwxrwx 1 root root 19 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_dns.so.2 -> libnss_dns-2.

3.4.so

-rwxr-xr-x 1 root root 47420 2010-01-20 17:34:56.000000000 -0500 /lib/libnss_files-2.3.4.so

lrwxrwxrwx 1 root root 18 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_files.so.1 -> libnss1_fil

es.so.1

lrwxrwxrwx 1 root root 21 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_files.so.2 -> libnss_file

s-2.3.4.so

-rwxr-xr-x 1 root root 23464 2010-01-20 17:34:56.000000000 -0500 /lib/libnss_hesiod-2.3.4.so

lrwxrwxrwx 1 root root 22 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_hesiod.so.2 -> libnss_hes

iod-2.3.4.so

-rwxr-xr-x 1 root root 43036 2010-01-20 17:34:56.000000000 -0500 /lib/libnss_nis-2.3.4.so

lrwxrwxrwx 1 root root 16 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_nis.so.1 -> libnss1_nis.s

o.1

lrwxrwxrwx 1 root root 19 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_nis.so.2 -> libnss_nis-2.

3.4.so

-rwxr-xr-x 1 root root 56320 2010-01-20 17:34:56.000000000 -0500 /lib/libnss_nisplus-2.3.4.so

lrwxrwxrwx 1 root root 23 2010-01-24 17:28:58.000000000 -0500 /lib/libnss_nisplus.so.2 -> libnss_ni

splus-2.3.4.so

-rwxr-xr-x 1 root root 95380 2010-01-20 17:34:56.000000000 -0500 /lib/libpthread-0.10.so

lrwxrwxrwx 1 root root 18 2010-01-24 17:28:58.000000000 -0500 /lib/libpthread.so.0 -> libpthread-0.

10.so

-rwxr-xr-x 1 root root 79396 2010-01-20 17:34:56.000000000 -0500 /lib/libresolv-2.3.4.so

lrwxrwxrwx 1 root root 18 2010-01-24 17:28:58.000000000 -0500 /lib/libresolv.so.2 -> libresolv-2.3.

4.so

-rwxr-xr-x 1 root root 47692 2010-01-20 17:34:56.000000000 -0500 /lib/librt-2.3.4.so

lrwxrwxrwx 1 root root 14 2010-01-24 17:28:58.000000000 -0500 /lib/librt.so.1 -> librt-2.3.4.so

-rwxr-xr-x 1 root root 25744 2010-01-20 17:34:56.000000000 -0500 /lib/libthread_db-1.0.so

lrwxrwxrwx 1 root root 19 2010-01-24 17:28:58.000000000 -0500 /lib/libthread_db.so.1 -> libthread_d

b-1.0.so

-rwxr-xr-x 1 root root 14160 2010-01-20 17:34:56.000000000 -0500 /lib/libutil-2.3.4.so

lrwxrwxrwx 1 root root 16 2010-01-24 17:28:58.000000000 -0500 /lib/libutil.so.1 -> libutil-2.3.4.so

sh-3.00$ mount

/dev/sda3 on / type ext3 (rw)

none on /proc type proc (rw)

none on /sys type sysfs (rw)

none on /dev/pts type devpts (rw,gid=5,mode=620)

usbfs on /proc/bus/usb type usbfs (rw)

/dev/sda1 on /boot type ext3 (rw)

none on /dev/shm type tmpfs (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

sh-3.00$ df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda3 229G 53G 164G 25% /

/dev/sda1 99M 21M 73M 23% /boot

none 3.9G 0 3.9G 0% /dev/shm

sh-3.00$ cat /etc/issue

CentOS release 4.8 (Final)

Kernel \r on an \m

sh-3.00$ cat /etc/crontab

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=root

HOME=/

# run-parts

01 * * * * root run-parts /etc/cron.hourly

02 4 * * * root run-parts /etc/cron.daily

22 4 * * 0 root run-parts /etc/cron.weekly

42 4 1 * * root run-parts /etc/cron.monthly

sh-3.00$ cat /proc/version

Linux version 2.6.9-89.0.19.ELsmp (mockbuild@builder10.centos.org) (gcc version 3.4.6 20060404 (Red Hat 3

.4.6-11)) #1 SMP Fri Jan 8 06:30:48 EST 2010

sh-3.00$ cat /proc/sys/vm/mmap_min_addr

sh-3.00$ ls -la /usr/bin/staprun

---s--x--x 1 root root 41200 Jul 25 2008 /usr/bin/staprun

0