Повышение прав [задай вопрос - получи ответ]

Discussion in 'Уязвимости' started by Expl0ited, 1 Oct 2011.

Page 37 of 37
  1. BenderMR

    BenderMR Member

    Joined:
    23 Feb 2019
    Messages:
    65
    Likes Received:
    25
    Reputations:
    10
    Неужели тут нет никого кто бы знал как зарутаться?
     
    #721 BenderMR, 3 Jul 2019
    1. Nibiru

      Nibiru New Member

      Joined:
      13 Jun 2019
      Messages:
      17
      Likes Received:
      0
      Reputations:
      0
      Добрый день, есть WSO шел, задача повысить привилегии ну нужен бек конект. Ну сервер не тает соединится бэк конектом, пробовал https://github.com/pentestmonkey/php-findsock-shell тоже безуспешно т.к там nginx У кого ксть кике либо идеи сделать нормальный шел? Заранее спасибо
       
      #722 Nibiru, 27 Sep 2019
      1. Imperou$

        Imperou$ Elder - Старейшина

        Joined:
        23 May 2008
        Messages:
        90
        Likes Received:
        42
        Reputations:
        0
        Не понял, а какая разница, nginx там или нет...
        Попробуй https://github.com/0x00-0x00/ShellPop (инструкция там же) и выполнить сгенеренный код через шелл. Меня не раз выручал, бэкконнект устанавливался без проблем, когда иные варианты не срабатывали.
         
        #723 Imperou$, 27 Sep 2019
        1. Nibiru

          Nibiru New Member

          Joined:
          13 Jun 2019
          Messages:
          17
          Likes Received:
          0
          Reputations:
          0
          Это не подходит бэк конект не идет на мой хост пробовал и юдп итд итп, только в локалке видно где-то прописано в правилах, есть еще идее попробовал юдп итд, порт тоже биндит ну закрыт циской.
           
          #724 Nibiru, 30 Sep 2019
          1. winstrool

            winstrool ~~*MasterBlind*~~

            Joined:
            6 Mar 2007
            Messages:
            1,414
            Likes Received:
            911
            Reputations:
            863
            Понимаю, что не актуально, но чисто на заметку, можно было попробовать эксплоит:

            https://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html
             
            _________________________
            #725 winstrool, 30 Sep 2019
            BenderMR likes this.
            1. user6334

              user6334 Member

              Joined:
              29 Jun 2015
              Messages:
              296
              Likes Received:
              17
              Reputations:
              12
              Code: 
              $ uname -a
Linux ek240119-2 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

$ ls -la /boot
итого 101072
drwxr-xr-x  4 root root     4096 окт  4 06:02 .
drwxr-xr-x 24 root root     4096 окт  2 06:20 ..
-rw-r--r--  1 root root   217373 сен 12 14:30 config-4.15.0-64-generic
-rw-r--r--  1 root root   217362 сен 17 21:12 config-4.15.0-65-generic
drwx------  3 root root     4096 янв  1  1970 efi
drwxr-xr-x  5 root root     4096 окт  3 06:33 grub
-rw-r--r--  1 root root 38826123 окт  1 06:14 initrd.img-4.15.0-64-generic
-rw-r--r--  1 root root 38823483 окт  2 06:20 initrd.img-4.15.0-65-generic
-rw-r--r--  1 root root   182704 янв 28  2016 memtest86+.bin
-rw-r--r--  1 root root   184380 янв 28  2016 memtest86+.elf
-rw-r--r--  1 root root   184840 янв 28  2016 memtest86+_multiboot.bin
-rw-------  1 root root  4062624 сен 12 14:30 System.map-4.15.0-64-generic
-rw-------  1 root root  4064177 сен 17 21:12 System.map-4.15.0-65-generic
-rw-------  1 root root  8330904 сен 12 17:38 vmlinuz-4.15.0-64-generic
-rw-------  1 root root  8359576 сен 17 21:20 vmlinuz-4.15.0-65-generic

$ ls -la --full-time /lib64
итого 8
drwxr-xr-x  2 root root 4096 2018-07-25 08:03:05.000000000 +0500 .
drwxr-xr-x 24 root root 4096 2019-10-02 06:20:15.195644895 +0500 ..
lrwxrwxrwx  1 root root   32 2019-01-24 13:11:42.802432577 +0500 ld-linux-x86-64.so.2 -> /lib/x86_64-linux-gnu/ld-2.27.so

$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=1934996k,nr_inodes=483749,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=391424k,mode=755)
/dev/sda2 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=24,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=13569)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/sda1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
tmpfs on /run/user/1001 type tmpfs (rw,nosuid,nodev,relatime,size=391424k,mode=700,uid=1001,gid=1001)
gvfsd-fuse on /run/user/1001/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1001,group_id=1001)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=391424k,mode=700,uid=1000,gid=1000)
tmpfs on /run/user/110 type tmpfs (rw,nosuid,nodev,relatime,size=391424k,mode=700,uid=110,gid=115)
gvfsd-fuse on /run/user/110/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=110,group_id=115)

$ df -h
Файл.система   Размер Использовано  Дост Использовано% Cмонтировано в
udev             1,9G            0  1,9G            0% /dev
tmpfs            383M         3,0M  380M            1% /run
/dev/sda2        110G          13G   92G           12% /
tmpfs            1,9G         111M  1,8G            6% /dev/shm
tmpfs            5,0M         4,0K  5,0M            1% /run/lock
tmpfs            1,9G            0  1,9G            0% /sys/fs/cgroup
/dev/sda1        511M         6,1M  505M            2% /boot/efi
tmpfs            383M          24K  383M            1% /run/user/1001
tmpfs            383M            0  383M            0% /run/user/1000
tmpfs            383M         4,0K  383M            1% /run/user/110

$ cat /etc/issue
Ubuntu 18.04.2 LTS \n \l

$ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

$ cat /proc/version
Linux version 4.15.0-65-generic (buildd@lgw01-amd64-006) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019

$ cat /proc/sys/vm/mmap_min_addr
65536

$ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
-rwsr-xr-- 1 root messagebus 42992 июн 10 23:05 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-sr-x 1 root root 105336 июн  5 11:41 /usr/lib/snapd/snap-confine
-rwsr-xr-x 1 root root 14328 мар 27  2019 /usr/lib/policykit-1/polkit-agent-helper-1
-rwsr-xr-x 1 root root 10232 мар 28  2017 /usr/lib/eject/dmcrypt-get-device
-rwsr-sr-x 1 root root 10232 мая 31 16:10 /usr/lib/xorg/Xorg.wrap
-rwsr-xr-x 1 root root 436552 мар  4  2019 /usr/lib/openssh/ssh-keysign
-rwsr-xr-x 1 root root 6312 ноя 13  2018 /usr/local/share/tsc/printer/thermalprinterut
-rwsr-xr-x 1 root root 22520 мар 27  2019 /usr/bin/pkexec
-rwsr-xr-x 1 root root 76496 мар 23  2019 /usr/bin/chfn
-rwsr-xr-x 1 root root 75824 мар 23  2019 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 149080 янв 18  2018 /usr/bin/sudo
-rwsr-xr-x 1 root root 18448 июн 28 16:05 /usr/bin/traceroute6.iputils
-rwsr-xr-x 1 root root 22528 июн 28 16:05 /usr/bin/arping
-rwsr-xr-x 1 root root 40344 мар 23  2019 /usr/bin/newgrp
-rwsr-xr-x 1 root root 59640 мар 23  2019 /usr/bin/passwd
-rwsr-xr-x 1 root root 44528 мар 23  2019 /usr/bin/chsh
-rwsr-xr-- 1 root dip 378600 июн 12  2018 /usr/sbin/pppd
-rwsr-xr-x 1 root root 30800 авг 11  2016 /bin/fusermount
-rwsr-xr-x 1 root root 44664 мар 23  2019 /bin/su
-rwsr-xr-x 1 root root 43088 окт 16  2018 /bin/mount
-rwsr-xr-x 1 root root 64424 июн 28 16:05 /bin/ping
-rwsr-xr-x 1 root root 26696 окт 16  2018 /bin/umount
-rwsr-xr-x 1 root root 227832 июл 13 04:16 /opt/google/chrome/chrome-sandbox
-rwsr-xr-x 1 root root 19800 дек 10  2015 /opt/brick/bin/chrome-sandbox
              Подскажите, что с этим можно сделать?
               
              #726 user6334, 12 Oct 2019
              1. kacergei

                kacergei Member

                Joined:
                26 May 2007
                Messages:
                298
                Likes Received:
                89
                Reputations:
                1
                Code: 
                pastebin.com/JGwa0EXr
                Ребят подскажите, есть варианты побороть данную машину?
                 
                #727 kacergei, 29 Oct 2019
                1. Muracha

                  Muracha Member

                  Joined:
                  30 Jul 2011
                  Messages:
                  153
                  Likes Received:
                  10
                  Reputations:
                  0
                  FreeBSD 9.2-RELEASE-p5

                  На системе сделано так, что файл /etc/hosts различается. Даже /etc/passwd

                  Возможно ли повысить права на шелле?

                   
                  #728 Muracha, 15 Dec 2019
                  1. UN77H92ZE1

                    UN77H92ZE1 New Member

                    Joined:
                    23 Jan 2020
                    Messages:
                    20
                    Likes Received:
                    0
                    Reputations:
                    0
                    Приветствую. Подскажите, кому не трудно, что можно сделать, куда копнуть. Ничего дельного найти не смог в силу мизерного опыта. Буду благодарен за любую помощь.

                    Linux ***.**.**.*** 4.15.0-76-generic #86~16.04.1-Ubuntu SMP Mon Jan 20 11:02:50 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
                    total 840124
                    drwxr-xr-x 3 root root 4096 Apr 21 06:55 .
                    drwxr-xr-x 27 root root 4096 May 6 14:43 ..
                    -rw------- 1 root root 4049376 Feb 12 2019 System.map-4.15.0-46-generic
                    -rw------- 1 root root 4049889 Mar 15 2019 System.map-4.15.0-47-generic
                    -rw------- 1 root root 4051368 Apr 5 2019 System.map-4.15.0-48-generic
                    -rw-r----- 1 root root 4052501 May 8 2019 System.map-4.15.0-50-generic
                    -rw------- 1 root root 4050792 May 16 2019 System.map-4.15.0-51-generic
                    -rw------- 1 root root 4050825 Jun 6 2019 System.map-4.15.0-52-generic
                    -rw------- 1 root root 4050903 Jun 24 2019 System.map-4.15.0-54-generic
                    -rw------- 1 root root 4054631 Aug 7 2019 System.map-4.15.0-58-generic
                    -rw------- 1 root root 4061501 Aug 26 2019 System.map-4.15.0-60-generic
                    -rw------- 1 root root 4061501 Sep 6 2019 System.map-4.15.0-62-generic
                    -rw------- 1 root root 4061501 Sep 13 2019 System.map-4.15.0-64-generic
                    -rw------- 1 root root 4062077 Sep 18 2019 System.map-4.15.0-65-generic
                    -rw------- 1 root root 4062584 Oct 1 2019 System.map-4.15.0-66-generic
                    -rw------- 1 root root 4064065 Nov 12 18:23 System.map-4.15.0-70-generic
                    -rw------- 1 root root 4064436 Nov 26 22:04 System.map-4.15.0-72-generic
                    -rw-r----- 1 root root 4066237 Dec 18 09:15 System.map-4.15.0-74-generic
                    -rw-r----- 1 root root 4066237 Jan 20 15:23 System.map-4.15.0-76-generic
                    -rw------- 1 root root 4067466 Feb 12 08:35 System.map-4.15.0-88-generic
                    -rw------- 1 root root 4067536 Feb 28 20:24 System.map-4.15.0-91-generic
                    -rw------- 1 root root 4068326 Apr 1 08:44 System.map-4.15.0-96-generic
                    -rw-r----- 1 root root 3841523 Jan 5 2018 System.map-4.9.75-timeweb
                    -rw-r--r-- 1 root root 217004 Feb 12 2019 config-4.15.0-46-generic
                    -rw-r--r-- 1 root root 217004 Mar 15 2019 config-4.15.0-47-generic
                    -rw-r--r-- 1 root root 217286 Apr 5 2019 config-4.15.0-48-generic
                    -rw-r--r-- 1 root root 217286 May 8 2019 config-4.15.0-50-generic
                    -rw-r--r-- 1 root root 217286 May 16 2019 config-4.15.0-51-generic
                    -rw-r--r-- 1 root root 217286 Jun 6 2019 config-4.15.0-52-generic
                    -rw-r--r-- 1 root root 217286 Jun 24 2019 config-4.15.0-54-generic
                    -rw-r--r-- 1 root root 217262 Aug 7 2019 config-4.15.0-58-generic
                    -rw-r--r-- 1 root root 217381 Aug 26 2019 config-4.15.0-60-generic
                    -rw-r--r-- 1 root root 217381 Sep 6 2019 config-4.15.0-62-generic
                    -rw-r--r-- 1 root root 217381 Sep 13 2019 config-4.15.0-64-generic
                    -rw-r--r-- 1 root root 217370 Sep 18 2019 config-4.15.0-65-generic
                    -rw-r--r-- 1 root root 217370 Oct 1 2019 config-4.15.0-66-generic
                    -rw-r--r-- 1 root root 217488 Nov 12 18:23 config-4.15.0-70-generic
                    -rw-r--r-- 1 root root 217468 Nov 26 22:04 config-4.15.0-72-generic
                    -rw-r--r-- 1 root root 217503 Dec 18 09:15 config-4.15.0-74-generic
                    -rw-r--r-- 1 root root 217503 Jan 20 15:23 config-4.15.0-76-generic
                    -rw-r--r-- 1 root root 217503 Feb 12 08:35 config-4.15.0-88-generic
                    -rw-r--r-- 1 root root 217465 Feb 28 20:24 config-4.15.0-91-generic
                    -rw-r--r-- 1 root root 217465 Apr 1 08:44 config-4.15.0-96-generic
                    -rw-r--r-- 1 root root 163824 Jan 5 2018 config-4.9.75-timeweb
                    -rw-r--r-- 1 root root 163824 Jan 5 2018 config-4.9.75-timeweb.old
                    drwxr-xr-x 5 root root 12288 Apr 21 06:55 grub
                    -rw-r--r-- 1 root root 38087263 May 15 2019 initrd.img-4.15.0-50-generic
                    -rw-r--r-- 1 root root 38087364 Jun 21 2019 initrd.img-4.15.0-52-generic
                    -rw-r--r-- 1 root root 38080526 Jul 3 2019 initrd.img-4.15.0-54-generic
                    -rw-r--r-- 1 root root 38084498 Sep 3 2019 initrd.img-4.15.0-58-generic
                    -rw-r--r-- 1 root root 38091332 Sep 6 2019 initrd.img-4.15.0-60-generic
                    -rw-r--r-- 1 root root 38092722 Sep 15 2019 initrd.img-4.15.0-62-generic
                    -rw-r--r-- 1 root root 38091156 Sep 20 2019 initrd.img-4.15.0-64-generic
                    -rw-r--r-- 1 root root 38092258 Oct 3 2019 initrd.img-4.15.0-65-generic
                    -rw-r--r-- 1 root root 38093333 Oct 23 2019 initrd.img-4.15.0-66-generic
                    -rw-r--r-- 1 root root 38103191 Nov 20 06:47 initrd.img-4.15.0-70-generic
                    -rw-r--r-- 1 root root 38100730 Dec 11 06:42 initrd.img-4.15.0-72-generic
                    -rw-r--r-- 1 root root 38108528 Jan 16 07:11 initrd.img-4.15.0-74-generic
                    -rw-r--r-- 1 root root 38109016 Feb 5 07:06 initrd.img-4.15.0-76-generic
                    -rw-r--r-- 1 root root 38110808 Feb 26 07:03 initrd.img-4.15.0-88-generic
                    -rw-r--r-- 1 root root 38115311 Mar 26 07:15 initrd.img-4.15.0-91-generic
                    -rw-r--r-- 1 root root 38116820 Apr 21 06:55 initrd.img-4.15.0-96-generic
                    -rw-r--r-- 1 root root 22714999 Jan 10 2018 initrd.img-4.9.75-timeweb
                    -rw-r--r-- 1 root root 176500 Mar 12 2014 memtest86+.bin
                    -rw-r--r-- 1 root root 178176 Mar 12 2014 memtest86+.elf
                    -rw-r--r-- 1 root root 178680 Mar 12 2014 memtest86+_multiboot.bin
                    -rw------- 1 root root 8141336 May 14 2019 vmlinuz-4.15.0-50-generic
                    -rw------- 1 root root 8141080 Jun 17 2019 vmlinuz-4.15.0-52-generic
                    -rw------- 1 root root 8140856 Jun 25 2019 vmlinuz-4.15.0-54-generic
                    -rw------- 1 root root 8148696 Aug 8 2019 vmlinuz-4.15.0-58-generic
                    -rw------- 1 root root 8173112 Aug 26 2019 vmlinuz-4.15.0-60-generic
                    -rw------- 1 root root 8172440 Sep 6 2019 vmlinuz-4.15.0-62-generic
                    -rw------- 1 root root 8172440 Sep 17 2019 vmlinuz-4.15.0-64-generic
                    -rw------- 1 root root 8181016 Sep 19 2019 vmlinuz-4.15.0-65-generic
                    -rw------- 1 root root 8181656 Oct 3 2019 vmlinuz-4.15.0-66-generic
                    -rw------- 1 root root 8184600 Nov 13 10:24 vmlinuz-4.15.0-70-generic
                    -rw------- 1 root root 8185592 Nov 27 12:18 vmlinuz-4.15.0-72-generic
                    -rw------- 1 root root 8187192 Dec 19 14:43 vmlinuz-4.15.0-74-generic
                    -rw------- 1 root root 8187320 Jan 21 18:48 vmlinuz-4.15.0-76-generic
                    -rw------- 1 root root 8193496 Feb 12 16:28 vmlinuz-4.15.0-88-generic
                    -rw------- 1 root root 8193432 Mar 1 13:28 vmlinuz-4.15.0-91-generic
                    -rw------- 1 root root 8191544 Apr 6 19:08 vmlinuz-4.15.0-96-generic
                    -rw-r--r-- 1 root root 6761232 Jan 5 2018 vmlinuz-4.9.75-timeweb
                    total 332
                    drwxr-xr-x 21 root root 4096 2019-03-20 06:39:13.338937021 +0300 .
                    drwxr-xr-x 27 root root 4096 2020-05-06 14:52:50.318163636 +0300 ..
                    lrwxrwxrwx 1 root root 21 2016-02-16 13:18:42.115126992 +0300 cpp -> /etc/alternatives/cpp
                    drwxr-xr-x 3 root root 4096 2019-03-20 06:39:13.478937018 +0300 crda
                    drwxr-xr-x 2 root root 4096 2017-02-21 03:33:36.203966177 +0300 discover
                    drwxr-xr-x 2 root root 4096 2017-02-21 03:34:26.419965014 +0300 drbd
                    drwxr-xr-x 72 root root 32768 2019-07-20 13:16:38.864405916 +0300 firmware
                    drwxr-xr-x 2 root root 4096 2017-02-21 03:30:18.631970753 +0300 hdparm
                    drwxr-xr-x 2 root root 4096 2018-07-05 06:45:20.437203377 +0300 ifupdown
                    drwxr-xr-x 2 root root 4096 2019-01-16 06:49:08.667034612 +0300 init
                    -rwxr-xr-x 1 root root 71528 2017-06-13 18:47:43.000000000 +0300 klibc-gLiulUM5C1Zpwc25rCxX8UZ6S-s.so
                    lrwxrwxrwx 1 root root 17 2014-01-09 02:32:00.000000000 +0400 libip4tc.so.0 -> libip4tc.so.0.1.0
                    -rw-r--r-- 1 root root 27392 2014-01-09 02:32:05.000000000 +0400 libip4tc.so.0.1.0
                    lrwxrwxrwx 1 root root 17 2014-01-09 02:32:00.000000000 +0400 libip6tc.so.0 -> libip6tc.so.0.1.0
                    -rw-r--r-- 1 root root 31520 2014-01-09 02:32:05.000000000 +0400 libip6tc.so.0.1.0
                    lrwxrwxrwx 1 root root 16 2014-01-09 02:32:00.000000000 +0400 libiptc.so.0 -> libiptc.so.0.0.0
                    -rw-r--r-- 1 root root 5816 2014-01-09 02:32:05.000000000 +0400 libiptc.so.0.0.0
                    lrwxrwxrwx 1 root root 20 2014-01-09 02:32:00.000000000 +0400 libxtables.so.10 -> libxtables.so.10.0.0
                    -rw-r--r-- 1 root root 47712 2014-01-09 02:32:06.000000000 +0400 libxtables.so.10.0.0
                    drwxr-xr-x 3 root root 4096 2017-02-21 03:29:05.103972456 +0300 lsb
                    drwxr-xr-x 2 root root 4096 2020-04-21 06:54:38.683867507 +0300 modprobe.d
                    drwxr-xr-x 24 root root 4096 2020-04-21 06:54:37.623867532 +0300 modules
                    drwxr-xr-x 2 root root 4096 2017-02-21 03:32:07.783968225 +0300 modules-load.d
                    drwxr-xr-x 3 root root 4096 2018-05-30 06:25:18.758465321 +0300 plymouth
                    drwxr-xr-x 3 root root 4096 2016-02-16 13:17:51.699128162 +0300 recovery-mode
                    drwxr-xr-x 3 root root 4096 2019-04-12 07:07:29.311777451 +0300 systemd
                    drwxr-xr-x 15 root root 4096 2016-02-16 13:01:39.123150686 +0300 terminfo
                    drwxr-xr-x 4 root root 4096 2019-04-12 07:07:52.995928901 +0300 udev
                    drwxr-xr-x 2 root root 4096 2017-02-21 03:33:25.463966426 +0300 ufw
                    drwxr-xr-x 4 root root 16384 2019-04-12 07:07:29.515675446 +0300 x86_64-linux-gnu
                    drwxr-xr-x 2 root root 20480 2017-02-21 03:33:22.667966491 +0300 xtables
                    /dev/sda1 on / type ext4 (rw,noatime,discard)
                    proc on /proc type proc (rw,noexec,nosuid,nodev,hidepid=1)
                    sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
                    none on /sys/fs/cgroup type tmpfs (rw)
                    none on /sys/fs/fuse/connections type fusectl (rw)
                    none on /sys/kernel/debug type debugfs (rw)
                    none on /sys/kernel/security type securityfs (rw)
                    udev on /dev type devtmpfs (rw,mode=0755)
                    devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
                    none on /tmp type tmpfs (rw,noexec,nosuid,nodev,noatime,size=4g)
                    tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
                    none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
                    shm on /run/shm type tmpfs (rw,nosuid,nodev,size=1g)
                    none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
                    none on /sys/fs/pstore type pstore (rw)
                    none on /var/spool/exim4 type tmpfs (rw,noexec,nosuid,nodev,noatime,size=1g)
                    systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,relatime,name=systemd)
                    /dev/drbd0 on /home type ext4 (rw,nosuid,noatime,nodiratime,usrjquota=aquota.user,jqfmt=vfsv0,usrquota,discard,_netdev)
                    /tmp on /var/tmp type none (rw,bind,_netdev)
                    /tmp on /var/tmp type none (rw,bind,_netdev)
                    none on /run/shm type tmpfs (rw,nosuid,nodev,size=1g)
                    //***.**.**.***/on_demand on /mnt/on_demand_storage-cs3-old type cifs (ro,noexec,nosuid,nodev)
                    //***.**.**.***/homes on /mnt/backup type cifs (ro,noexec,nosuid,nodev)
                    //***.**.**.***/on_demand on /mnt/on_demand_storage-cs2 type cifs (ro,noexec,nosuid,nodev)
                    //***.**.**.***/on_demand on /mnt/on_demand_storage-cs1 type cifs (ro,noexec,nosuid,nodev)
                    Filesystem Size Used Avail Use% Mounted on
                    /dev/sda1 46G 33G 11G 76% /
                    none 4.0K 0 4.0K 0% /sys/fs/cgroup
                    udev 32G 12K 32G 1% /dev
                    /tmp 4.0G 400M 3.7G 10% /var/tmp
                    tmpfs 6.3G 872K 6.3G 1% /run
                    none 5.0M 4.0K 5.0M 1% /run/lock
                    shm 1.0G 36K 1.0G 1% /run/shm
                    none 100M 8.0K 100M 1% /run/user
                    none 1.0G 736K 1.0G 1% /var/spool/exim4
                    /dev/drbd0 1.3T 1.3T 38G 98% /home
                    none 1.0G 36K 1.0G 1% /run/shm
                    Ubuntu 14.04.6 LTS \n \l
                    # /etc/crontab: system-wide crontab
                    # Unlike any other crontab you don't have to run the `crontab'
                    # command to install the new version when you edit this file
                    # and files in /etc/cron.d. These files also have username fields,
                    # that none of the other crontabs do.
                    SHELL=/bin/sh
                    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
                    # m h dom mon dow user command
                    17 * * * * root cd / && run-parts --report /etc/cron.hourly
                    25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
                    47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
                    52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
                    #
                    Linux version 4.15.0-76-generic (buildd@lgw01-amd64-023) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12)) #86~16.04.1-Ubuntu SMP Mon Jan 20 11:02:50 UTC 2020
                    -rwsr-xr-x 1 root root 30800 May 15 2015 /bin/fusermount
                    -rwsr-xr-x 1 root root 94792 Nov 24 2016 /bin/mount
                    -rwsr-xr-x 1 root root 69120 Nov 24 2016 /bin/umount
                    -rwsr-xr-x 1 root root 36936 May 17 2017 /bin/su
                    -rwsr-xr-x 1 root root 36592 May 17 2017 /usr/bin/newgrp
                    -rwsr-xr-x 1 root root 75256 Oct 21 2013 /usr/bin/mtr
                    -rwsr-xr-x 1 root root 23104 Mar 15 2014 /usr/bin/traceroute6.iputils
                    -rwsr-xr-x 1 root root 46424 May 17 2017 /usr/bin/chfn
                    -rwsr-sr-x 1 daemon daemon 51464 Oct 21 2013 /usr/bin/at
                    -rwsr-xr-x 1 root root 35712 Nov 8 2009 /usr/bin/tcptraceroute.mt
                    -rwsr-xr-x 1 root root 23304 Mar 27 2019 /usr/bin/pkexec
                    -rwsr-xr-x 1 root root 41336 May 17 2017 /usr/bin/chsh
                    -rwsr-xr-x 1 root root 72280 May 17 2017 /usr/bin/gpasswd
                    -rwsr-xr-x 1 root root 47032 May 17 2017 /usr/bin/passwd
                    -rwsr-xr-x 1 root root 155008 May 29 2017 /usr/bin/sudo
                    -rwsr-sr-x 1 libuuid libuuid 18904 Nov 24 2016 /usr/sbin/uuidd
                    -r-sr-x--- 1 root customers 983424 Feb 10 2018 /usr/sbin/exim4
                    -rwsr-xr-- 1 root dip 347296 Jun 12 2018 /usr/sbin/pppd
                    -rwsr-xr-x 1 root root 440416 Mar 4 2019 /usr/lib/openssh/ssh-keysign
                    -rwsr-xr-- 1 root messagebus 310800 Dec 7 2016 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
                    -rwsr-xr-x 1 root root 10240 Mar 27 2017 /usr/lib/eject/dmcrypt-get-device
                    -rwsr-xr-x 1 root root 14808 Mar 27 2019 /usr/lib/policykit-1/polkit-agent-helper-1
                    -rwsr-xr-x 1 root root 35608 Jun 28 2013 /sbin/mount.cifs
                     
                    #729 UN77H92ZE1, 6 May 2020
                    1. aberkroft

                      aberkroft Member

                      Joined:
                      9 Feb 2020
                      Messages:
                      43
                      Likes Received:
                      14
                      Reputations:
                      3
                      https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
                       
                      #730 aberkroft, 13 May 2020
                      fandor9 likes this.
                      1. steven_coppes

                        steven_coppes New Member

                        Joined:
                        24 Nov 2018
                        Messages:
                        5
                        Likes Received:
                        0
                        Reputations:
                        0
                        Всем Привет подскажите есть ли сплойт под это ядро:
                        Linux 3.10.0-862.3.2.el7.x86_64 #1 SMP Mon May 21 23:36:36 UTC 2018 x86_64
                         
                        #731 steven_coppes, 13 Oct 2020
                        Last edited: 14 Oct 2020
                        1. b3

                          b3 Banned

                          Joined:
                          5 Dec 2004
                          Messages:
                          2,170
                          Likes Received:
                          1,155
                          Reputations:
                          202
                          Ищите хорошо, система старенькая, должно пробить)
                           
                          #732 b3, 13 Oct 2020
                          1. sn0w

                            sn0w Статус пользователя:

                            Joined:
                            26 Jul 2005
                            Messages:
                            1,032
                            Likes Received:
                            1,320
                            Reputations:
                            327
                            ищите драйверы, тех кто исполняет syscall/sysenter с загрузкой MSR LSTAR, я так например официально подписанный драйвер cheatengine под монастырь подвёл - спасибо DarkByte за исходный код
                             
                            #733 sn0w, 31 Jan 2025
                            (You must log in or sign up to post here.)
                            Page 37 of 37