Тема: Повышение прав [задай вопрос - получи ответ]
Показать сообщение отдельно

  #477  
Старый 06.03.2013, 06:35
kacergei
Новичок
Регистрация: 26.05.2007
Сообщений: 8
Провел на форуме:
23906

Репутация: -5
По умолчанию
Есть эксплойт для поднятия root для этой системы

Код:
Server software: Apache/2.2.13 (FreeBSD) mod_ssl/2.2.13 OpenSSL/0.9.8e DAV/2 PHP/5.2.10 with Suhosin-Patch
Loaded Apache modules: core, prefork, http_core, mod_so, mod_authn_file, mod_authn_dbm, mod_authn_anon, mod_authn_default, mod_authn_alias, mod_authz_host, mod_authz_groupfile, mod_authz_user, mod_authz_dbm, mod_authz_owner, mod_authz_default, mod_auth_basic, mod_auth_digest, mod_file_cache, mod_cache, mod_disk_cache, mod_dumpio, mod_include, mod_filter, mod_charset_lite, mod_deflate, mod_log_config, mod_logio, mod_env, mod_mime_magic, mod_cern_meta, mod_expires, mod_headers, mod_usertrack, mod_unique_id, mod_setenvif, mod_version, mod_ssl, mod_mime, mod_dav, mod_status, mod_autoindex, mod_asis, mod_info, mod_suexec, mod_cgi, mod_dav_fs, mod_vhost_alias, mod_negotiation, mod_dir, mod_imagemap, mod_actions, mod_speling, mod_userdir, mod_alias, mod_rewrite, mod_php5
Disabled PHP Functions: none
cURL support: enabled
Supported databases: MySql (5.1.38)

Readable /etc/passwd: yes [view]
Readable /etc/shadow: no

Userful: gcc, cc, ld, make, php, perl, python, tar, gzip, bzip2, nc, locate
Danger: clamd, ipfw
Downloaders: fetch, curl, lwp-mirror
$ uname -a

Код:
FreeBSD www.site.ru 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #0: Thu Sep 10 19:05:02 UTC 2009   root@www.site.ru:/usr/obj/usr/src/sys/SI_TE  i386
$ id

Код:
uid=80(www) gid=80(www) groups=80(www)
$ whoami

Код:
www
$ ls -la /boot

Код:
total 998
drwxr-xr-x   8 root  wheel    1024 Sep 10  2009 .
drwxr-xr-x  21 root  wheel     512 May 30  2011 ..
-r--r--r--   1 root  wheel    7642 Sep 10  2009 beastie.4th
-r--r--r--   1 root  wheel    8192 Sep 10  2009 boot
-r--r--r--   1 root  wheel     512 Sep 10  2009 boot0
-r--r--r--   1 root  wheel     512 Sep 10  2009 boot0sio
-r--r--r--   1 root  wheel     512 Sep 10  2009 boot1
-r--r--r--   1 root  wheel    7680 Sep 10  2009 boot2
-r--r--r--   1 root  wheel    1201 Sep 10  2009 cdboot
drwxr-xr-x   2 root  wheel     512 Sep 10  2009 defaults
-r--r--r--   1 root  wheel    1745 May  1  2009 device.hints
drwxr-xr-x   2 root  wheel     512 May  1  2009 firmware
-r--r--r--   1 root  wheel    2258 Sep 10  2009 frames.4th
-r--r--r--   1 root  wheel    7567 Sep 10  2009 gptboot
drwxr-xr-x   2 root  wheel   11776 Sep 10  2009 kernel
drwxr-xr-x   2 root  wheel   28160 Sep 10  2009 kernel.old
-r-xr-xr-x   1 root  wheel  262144 Sep 10  2009 loader
-r--r--r--   1 root  wheel    5865 Sep 10  2009 loader.4th
-rw-r--r--   1 root  wheel      21 Sep 11  2009 loader.conf
-r--r--r--   1 root  wheel   15219 Sep 10  2009 loader.help
-r-xr-xr-x   1 root  wheel  262144 May  1  2009 loader.old
-r--r--r--   1 root  wheel     392 May  1  2009 loader.rc
-r--r--r--   1 root  wheel     512 Sep 10  2009 mbr
drwxr-xr-x   2 root  wheel     512 May  1  2009 modules
-r--r--r--   1 root  wheel     512 Sep 10  2009 pmbr
-r--r--r--   1 root  wheel  264192 Sep 10  2009 pxeboot
-r--r--r--   1 root  wheel     699 Sep 10  2009 screen.4th
-r--r--r--   1 root  wheel   35136 Sep 10  2009 support.4th
drwxr-xr-x   2 root  wheel     512 May  1  2009 zfs
$ mount

Код:
/dev/mirror/gm0s1a on / (ufs, local)
devfs on /dev (devfs, local)
/dev/mirror/gm0s1h on /home (ufs, local, soft-updates)
/dev/mirror/gm0s1g on /tmp (ufs, local, soft-updates)
/dev/mirror/gm0s1d on /usr (ufs, local, soft-updates)
/dev/mirror/gm0s1e on /var (ufs, local, soft-updates)
/dev/mirror/gm0s1f on /var/log (ufs, local, soft-updates)
$ df -h

Код:
Filesystem            Size    Used   Avail Capacity  Mounted on
/dev/mirror/gm0s1a    1.9G    176M    1.6G    10%    /
devfs                 1.0K    1.0K      0B   100%    /dev
/dev/mirror/gm0s1h    234G     73G    143G    34%    /home
/dev/mirror/gm0s1g    1.9G    131M    1.6G     7%    /tmp
/dev/mirror/gm0s1d     19G    3.0G     15G    17%    /usr
/dev/mirror/gm0s1e     19G    792M     17G     4%    /var
/dev/mirror/gm0s1f    9.7G    9.0G   -123M   101%    /var/log
$ cat /etc/issue

Код:
пусто
$ cat /etc/crontab

Код:
# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD: src/etc/crontab,v 1.32.34.1 2009/04/15 03:14:26 kensmith Exp $
#
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#
#minute	hour	mday	month	wday	who	command
#
*/5	*	*	*	*	root	/usr/libexec/atrun
#
# Save some entropy so that /dev/random can re-seed on boot.
*/11	*	*	*	*	operator /usr/libexec/save-entropy
#
# Rotate log files every hour, if necessary.
0	*	*	*	*	root	newsyslog
#
# Perform daily/weekly/monthly maintenance.
1	3	*	*	*	root	periodic daily
15	4	*	*	6	root	periodic weekly
30	5	1	*	*	root	periodic monthly
#
# Adjust the time zone if the CMOS clock keeps local time, as opposed to
# UTC time.  See adjkerntz(8) for details.
1,31	0-5	*	*	*	root	adjkerntz -a
 
Ответить с цитированием