[no subject]
Witam
Mam prosbe
Znalazlem cos takiego na koncie jednego z userow, w bashhistory widac ze to
uruchamial
Co ten sploit dokladnie robi i czy gosc mogl zyskac jakies uprawnienia
w logach nic nie ma
----------
#!/bin/sh
echo "1|nux r007 3xp10|7 by 1c4m7uf"
cd /tmp
cat >ex.c <<eof
int getuid() { return 0; }
int geteuid() { return 0; }
int getgid() { return 0; }
int getegid() { return 0; }
eof
gcc -shared ex.c -oex.so
LD_PRELOAD=/tmp/ex.so sh
rm /tmp/ex.so /tmp/ex.c
----------
coor@coolnet:~$ ./dupa
1|nux r007 3xp10|7 by 1c4m7uf
sh-2.03# whoami
root
sh-2.03# /usr/sbin/adduser test
Adding user test...
Adding new group test (1030).
Can't exec "groupadd": No such file or directory at /usr/sbin/adduser line
675.
adduser: `groupadd -g 1030 test' returned error code 255. Aborting.
Cleaning up.
Removing group `test'.
Can't exec "groupdel": No such file or directory at /usr/sbin/adduser line
695.
sh-2.03# cat /etc/sudoers
cat: /etc/sudoers: Permission denied
sh-2.03# ps aux |grep apache
root 405 0.0 2.5 5612 3208 ? S Sep29 0:00 /usr/sbin/apache
www-data 4210 0.0 3.9 7192 5028 ? S Oct07 0:00 /usr/sbin/apache
www-data 4744 0.0 4.0 7216 5096 ? S Oct07 0:00 /usr/sbin/apache
www-data 4745 0.0 4.2 7464 5344 ? S Oct07 0:00 /usr/sbin/apache
www-data 8993 0.0 3.9 7236 5044 ? S 06:22 0:00 /usr/sbin/apache
www-data 9667 0.0 4.1 7552 5236 ? S 07:40 0:00 /usr/sbin/apache
www-data 9669 0.0 3.9 7156 4988 ? S 07:40 0:00 /usr/sbin/apache
www-data 10087 0.0 2.5 5648 3300 ? S 08:28 0:00 /usr/sbin/apache
www-data 10088 0.0 4.0 7316 5176 ? S 08:28 0:00 /usr/sbin/apache
www-data 10089 0.0 2.5 5648 3304 ? S 08:28 0:00 /usr/sbin/apache
coor 10384 0.0 0.3 1124 452 pts/0 S 08:58 0:00 grep apache
sh-2.03# kill -9 405
sh: kill: (405) - Not owner
sh-2.03#
wiec jakbym byl dalej na prawach zwyklego usera
na co jeszcze zwrocic uwage?
pozdro
Michal
Reply to: