Re: your mail

To: Michal Niezbecki <coor@coolnet.com.pl>
Cc: debian-user-polish@lists.debian.org
Subject: Re: your mail
From: Pawel Dudek <paweld@debian.pl-linux.net>
Date: Fri, 12 Oct 2001 16:45:50 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.21.0110121644450.3269-100000@debian.pl-linux.net>
In-reply-to: <[🔎] BLEEJCGBJGJEFEABNINBOEKNCDAA.coor@coolnet.com.pl>

Hm, napisz moze raczej na debian-security@
Wyglada na zapodawanie jakiegos exploita prawde mowiac.
Pozdrawiam,
Pawel

On Fri, 12 Oct 2001, Michal Niezbecki wrote:

> Witam
> Mam prosbe
> Znalazlem cos takiego na koncie jednego z userow, w bashhistory widac ze to
> uruchamial
> Co ten sploit dokladnie robi i czy gosc mogl zyskac jakies uprawnienia
> w logach nic nie ma
> 
> ----------
> 
> #!/bin/sh
> echo "1|nux r007 3xp10|7 by 1c4m7uf"
> cd /tmp
> cat >ex.c <<eof
> int getuid() { return 0; }
> int geteuid() { return 0; }
> int getgid() { return 0; }
> int getegid() { return 0; }
> eof
> gcc -shared ex.c -oex.so
> LD_PRELOAD=/tmp/ex.so sh
> rm /tmp/ex.so /tmp/ex.c
> 
> ----------
> 
> coor@coolnet:~$ ./dupa
> 1|nux r007 3xp10|7 by 1c4m7uf
> sh-2.03# whoami
> root
> sh-2.03# /usr/sbin/adduser test
> Adding user test...
> Adding new group test (1030).
> Can't exec "groupadd": No such file or directory at /usr/sbin/adduser line
> 675.
> adduser: `groupadd -g 1030 test' returned error code 255. Aborting.
> Cleaning up.
> Removing group `test'.
> Can't exec "groupdel": No such file or directory at /usr/sbin/adduser line
> 695.
> sh-2.03# cat /etc/sudoers
> cat: /etc/sudoers: Permission denied
> sh-2.03# ps aux |grep apache
> root 405 0.0 2.5 5612 3208 ? S Sep29 0:00 /usr/sbin/apache
> www-data 4210 0.0 3.9 7192 5028 ? S Oct07 0:00 /usr/sbin/apache
> www-data 4744 0.0 4.0 7216 5096 ? S Oct07 0:00 /usr/sbin/apache
> www-data 4745 0.0 4.2 7464 5344 ? S Oct07 0:00 /usr/sbin/apache
> www-data 8993 0.0 3.9 7236 5044 ? S 06:22 0:00 /usr/sbin/apache
> www-data 9667 0.0 4.1 7552 5236 ? S 07:40 0:00 /usr/sbin/apache
> www-data 9669 0.0 3.9 7156 4988 ? S 07:40 0:00 /usr/sbin/apache
> www-data 10087 0.0 2.5 5648 3300 ? S 08:28 0:00 /usr/sbin/apache
> www-data 10088 0.0 4.0 7316 5176 ? S 08:28 0:00 /usr/sbin/apache
> www-data 10089 0.0 2.5 5648 3304 ? S 08:28 0:00 /usr/sbin/apache
> coor 10384 0.0 0.3 1124 452 pts/0 S 08:58 0:00 grep apache
> sh-2.03# kill -9 405
> sh: kill: (405) - Not owner
> sh-2.03#
> 
> wiec jakbym byl dalej na prawach zwyklego usera
> na co jeszcze zwrocic uwage?
> pozdro
> Michal
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-polish-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: your mail
  - From: "Michal Trojnara" <Michal.Trojnara@mirt.net>

References:
- [no subject]
  - From: "Michal Niezbecki" <coor@coolnet.com.pl>

Prev by Date: [no subject]
Next by Date: Re: your mail
Previous by thread: [no subject]
Next by thread: Re: your mail
Index(es):
- Date
- Thread