SHOW:
|
|
- or go back to the newest paste.
1 | - | =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.02.02 14:18:38 =~=~=~=~=~=~=~=~=~=~=~= |
1 | + | execve("/usr/sbin/vsftpd", ["/usr/sbin/vsftpd", "-olisten_port=5555", "-opasv_min_port=5556", "-opasv_max_port=5557", "-oport_enable=NO", "-olisten=true", "-orun_as_launching_user=true", "-oanon_world_readable_only=false", "-odual_log_enable=yes", "-olog_ftp_protocol=yes", "-ovsftpd_log_file=./vsftpd.log", "-oxferlog_file=./vsftpd.log", "-owrite_enable=true", "-oanon_upload_enable=true", "-oanon_mkdir_write_enable=true", "-oanon_other_write_enable=true", ...], [/* 25 vars */]) = 0 |
2 | - | login as: administrator |
2 | + | brk(0) = 0x7f2ac8689000 |
3 | - | administrator@172.16.0.114's password: |
3 | + | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac7546000 |
4 | - | Last login: Sat Feb 2 13:47:07 2013 from 172.16.1.58 |
4 | + | access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) |
5 | - | |
5 | + | open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 |
6 | - | ]0;administrator@webforms:~[?1034h[administrator@webforms ~]$ su |
6 | + | fstat(3, {st_mode=S_IFREG|0644, st_size=68470, ...}) = 0 |
7 | - | Password: |
7 | + | mmap(NULL, 68470, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f2ac7535000 |
8 | - | ]0;administrator@webforms:/home/administrator[?1034h[root@webforms administrator]# tcpdump -i em0 port 21 and port 20 and port 53 |
8 | + | close(3) = 0 |
9 | - | tcpdump: expression rejects all packets |
9 | + | open("/lib64/libssl.so.10", O_RDONLY|O_CLOEXEC) = 3 |
10 | - | ]0;administrator@webforms:/home/administrator[root@webforms administrator]# tcpdump -i em0 port 21 and port 20 and port 53 |
10 | + | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200G\34104\0\0\0"..., 832) = 832 |
11 | - | [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[1P tcpdump -i em0 port 21 or port 20 or[C[C[C[C[C[C[C[C[1P[1P[1P[1P[1P[1P[1P |
11 | + | fstat(3, {st_mode=S_IFREG|0755, st_size=375560, ...}) = 0 |
12 | - | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode |
12 | + | mmap(NULL, 2468088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac70cd000 |
13 | - | listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes |
13 | + | mprotect(0x7f2ac7121000, 2093056, PROT_NONE) = 0 |
14 | - | 14:22:11.780232 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [S], seq 3406589484, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 |
14 | + | mmap(0x7f2ac7320000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x53000) = 0x7f2ac7320000 |
15 | - | 14:22:11.780290 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [S.], seq 353865190, ack 3406589485, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 |
15 | + | close(3) = 0 |
16 | - | 14:22:11.780945 IP webforms.tsb.local.41085 > telecomdns.tsb.local.domain: 32542+ PTR? 114.0.16.172.in-addr.arpa. (43) |
16 | + | open("/lib64/libwrap.so.0", O_RDONLY|O_CLOEXEC) = 3 |
17 | - | 14:22:11.781259 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [.], ack 1, win 256, length 0 |
17 | + | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\00001@74\0\0\0"..., 832) = 832 |
18 | - | 14:22:11.781315 IP telecomdns.tsb.local.domain > webforms.tsb.local.41085: 32542* 1/0/0 PTR webforms.tsb.local. (75) |
18 | + | fstat(3, {st_mode=S_IFREG|0755, st_size=43296, ...}) = 0 |
19 | - | 14:22:11.781501 IP webforms.tsb.local.43267 > telecomdns.tsb.local.domain: 18390+ PTR? 58.1.16.172.in-addr.arpa. (42) |
19 | + | mmap(NULL, 2138304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac6ec2000 |
20 | - | 14:22:11.781870 IP telecomdns.tsb.local.domain > webforms.tsb.local.43267: 18390* 1/0/0 PTR htcsta1.tsb.local. (73) |
20 | + | mprotect(0x7f2ac6ecb000, 2093056, PROT_NONE) = 0 |
21 | - | 14:22:11.782144 IP webforms.tsb.local.47807 > telecomdns.tsb.local.domain: 27786+ PTR? 112.0.16.172.in-addr.arpa. (43) |
21 | + | mmap(0x7f2ac70ca000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x7f2ac70ca000 |
22 | - | 14:22:11.782484 IP telecomdns.tsb.local.domain > webforms.tsb.local.47807: 27786* 1/0/0 PTR telecomdns.tsb.local. (77) |
22 | + | mmap(0x7f2ac70cc000, 192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac70cc000 |
23 | - | 14:22:11.783285 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 1:44, ack 1, win 115, length 43 |
23 | + | close(3) = 0 |
24 | - | 14:22:11.785795 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [P.], seq 1:19, ack 44, win 256, length 18 |
24 | + | open("/lib64/libnsl.so.1", O_RDONLY|O_CLOEXEC) = 3 |
25 | - | 14:22:11.785838 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [.], ack 19, win 115, length 0 |
25 | + | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320@\24014\0\0\0"..., 832) = 832 |
26 | - | 14:22:11.785896 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 44:78, ack 19, win 115, length 34 |
26 | + | fstat(3, {st_mode=S_IFREG|0755, st_size=116264, ...}) = 0 |
27 | - | 14:22:11.791109 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [P.], seq 19:40, ack 78, win 256, length 21 |
27 | + | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac7534000 |
28 | - | 14:22:11.791974 IP webforms.tsb.local.33926 > telecomdns.tsb.local.domain: 33975+ PTR? 58.1.16.172.in-addr.arpa. (42) |
28 | + | mmap(NULL, 2198200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac6ca9000 |
29 | - | 14:22:11.792302 IP telecomdns.tsb.local.domain > webforms.tsb.local.33926: 33975* 1/0/0 PTR htcsta1.tsb.local. (73) |
29 | + | mprotect(0x7f2ac6cbf000, 2093056, PROT_NONE) = 0 |
30 | - | 14:22:11.830602 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [.], ack 40, win 115, length 0 |
30 | + | mmap(0x7f2ac6ebe000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f2ac6ebe000 |
31 | - | 14:22:26.806287 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 78:101, ack 40, win 115, length 23 |
31 | + | mmap(0x7f2ac6ec0000, 6840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac6ec0000 |
32 | - | 14:22:26.807106 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [P.], seq 40:54, ack 101, win 256, length 14 |
32 | + | close(3) = 0 |
33 | - | 14:22:26.807152 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [.], ack 54, win 115, length 0 |
33 | + | open("/lib64/libpam.so.0", O_RDONLY|O_CLOEXEC) = 3 |
34 | - | 14:22:26.807223 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 101:127, ack 54, win 115, length 26 |
34 | + | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320&\240\0275\0\0\0"..., 832) = 832 |
35 | - | 14:22:26.813992 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [P.], seq 54:59, ack 127, win 256, length 5 |
35 | + | fstat(3, {st_mode=S_IFREG|0755, st_size=58456, ...}) = 0 |
36 | - | 14:22:26.814098 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 127:148, ack 59, win 115, length 21 |
36 | + | mmap(NULL, 2150968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac6a9b000 |
37 | - | 14:22:27.016192 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [.], ack 148, win 256, length 0 |
37 | + | mprotect(0x7f2ac6aa8000, 2093056, PROT_NONE) = 0 |
38 | - | 14:22:28.449483 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [F.], seq 59, ack 148, win 256, length 0 |
38 | + | mmap(0x7f2ac6ca7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f2ac6ca7000 |
39 | - | 14:22:28.449626 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [F.], seq 148, ack 60, win 115, length 0 |
39 | + | close(3) = 0 |
40 | - | 14:22:28.449939 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [.], ack 149, win 256, length 0 |
40 | + | open("/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3 |
41 | - | ^C |
41 | + | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\25\240!4\0\0\0"..., 832) = 832 |
42 | - | 27 packets captured |
42 | + | fstat(3, {st_mode=S_IFREG|0755, st_size=19192, ...}) = 0 |
43 | - | 28 packets received by filter |
43 | + | mmap(NULL, 2111936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac6897000 |
44 | - | 0 packets dropped by kernel |
44 | + | mprotect(0x7f2ac689b000, 2093056, PROT_NONE) = 0 |
45 | - | ]0;administrator@webforms:/home/administrator[root@webforms administrator]# |
45 | + | mmap(0x7f2ac6a9a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f2ac6a9a000 |
46 | close(3) = 0 | |
47 | open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 | |
48 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\16`\0364\0\0\0"..., 832) = 832 | |
49 | fstat(3, {st_mode=S_IFREG|0755, st_size=22480, ...}) = 0 | |
50 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac7533000 | |
51 | mmap(NULL, 2109704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac6693000 | |
52 | mprotect(0x7f2ac6696000, 2093056, PROT_NONE) = 0 | |
53 | mmap(0x7f2ac6895000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f2ac6895000 | |
54 | close(3) = 0 | |
55 | open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3 | |
56 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\312\245,4\0\0\0"..., 832) = 832 | |
57 | fstat(3, {st_mode=S_IFREG|0755, st_size=1666016, ...}) = 0 | |
58 | mmap(NULL, 3774344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac62f9000 | |
59 | mprotect(0x7f2ac646d000, 2097152, PROT_NONE) = 0 | |
60 | mmap(0x7f2ac666d000, 139264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x174000) = 0x7f2ac666d000 | |
61 | mmap(0x7f2ac668f000, 14216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac668f000 | |
62 | close(3) = 0 | |
63 | open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 | |
64 | read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\30\342\0354\0\0\0"..., 832) = 832 | |
65 | fstat(3, {st_mode=S_IFREG|0755, st_size=2065552, ...}) = 0 | |
66 | mmap(NULL, 3892376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac5f42000 | |
67 | mprotect(0x7f2ac60ee000, 2097152, PROT_NONE) = 0 | |
68 | mmap(0x7f2ac62ee000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ac000) = 0x7f2ac62ee000 | |
69 | mmap(0x7f2ac62f4000, 17560, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac62f4000 | |
70 | close(3) = 0 | |
71 | open("/lib64/libgssapi_krb5.so.2", O_RDONLY|O_CLOEXEC) = 3 | |
72 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\255\240-4\0\0\0"..., 832) = 832 | |
73 | fstat(3, {st_mode=S_IFREG|0755, st_size=280568, ...}) = 0 | |
74 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac7532000 | |
75 | mmap(NULL, 2373600, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac5cfe000 | |
76 | mprotect(0x7f2ac5d3f000, 2097152, PROT_NONE) = 0 | |
77 | mmap(0x7f2ac5f3f000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x41000) = 0x7f2ac5f3f000 | |
78 | close(3) = 0 | |
79 | open("/lib64/libkrb5.so.3", O_RDONLY|O_CLOEXEC) = 3 | |
80 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\266\341-4\0\0\0"..., 832) = 832 | |
81 | fstat(3, {st_mode=S_IFREG|0755, st_size=940840, ...}) = 0 | |
82 | mmap(NULL, 3033792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac5a19000 | |
83 | mprotect(0x7f2ac5af2000, 2097152, PROT_NONE) = 0 | |
84 | mmap(0x7f2ac5cf2000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd9000) = 0x7f2ac5cf2000 | |
85 | close(3) = 0 | |
86 | open("/lib64/libcom_err.so.2", O_RDONLY|O_CLOEXEC) = 3 | |
87 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \25`,4\0\0\0"..., 832) = 832 | |
88 | fstat(3, {st_mode=S_IFREG|0755, st_size=17272, ...}) = 0 | |
89 | mmap(NULL, 2109896, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac5815000 | |
90 | mprotect(0x7f2ac5818000, 2093056, PROT_NONE) = 0 | |
91 | mmap(0x7f2ac5a17000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f2ac5a17000 | |
92 | close(3) = 0 | |
93 | open("/lib64/libk5crypto.so.3", O_RDONLY|O_CLOEXEC) = 3 | |
94 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220D .4\0\0\0"..., 832) = 832 | |
95 | fstat(3, {st_mode=S_IFREG|0755, st_size=173432, ...}) = 0 | |
96 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac7531000 | |
97 | mmap(NULL, 2269584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac55ea000 | |
98 | mprotect(0x7f2ac5612000, 2097152, PROT_NONE) = 0 | |
99 | mmap(0x7f2ac5812000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x7f2ac5812000 | |
100 | mmap(0x7f2ac5814000, 400, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac5814000 | |
101 | close(3) = 0 | |
102 | open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3 | |
103 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\37 \0374\0\0\0"..., 832) = 832 | |
104 | fstat(3, {st_mode=S_IFREG|0755, st_size=96456, ...}) = 0 | |
105 | mmap(NULL, 2189096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac53d3000 | |
106 | mprotect(0x7f2ac53ea000, 2093056, PROT_NONE) = 0 | |
107 | mmap(0x7f2ac55e9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f2ac55e9000 | |
108 | close(3) = 0 | |
109 | open("/lib64/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3 | |
110 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300( \0275\0\0\0"..., 832) = 832 | |
111 | fstat(3, {st_mode=S_IFREG|0755, st_size=99128, ...}) = 0 | |
112 | mmap(NULL, 2208288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac51b7000 | |
113 | mprotect(0x7f2ac51ce000, 2093056, PROT_NONE) = 0 | |
114 | mmap(0x7f2ac53cd000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f2ac53cd000 | |
115 | mmap(0x7f2ac53cf000, 12832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac53cf000 | |
116 | close(3) = 0 | |
117 | open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3 | |
118 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\23\340/4\0\0\0"..., 832) = 832 | |
119 | fstat(3, {st_mode=S_IFREG|0755, st_size=21160, ...}) = 0 | |
120 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac7530000 | |
121 | mmap(NULL, 2113872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac4fb2000 | |
122 | mprotect(0x7f2ac4fb6000, 2093056, PROT_NONE) = 0 | |
123 | mmap(0x7f2ac51b5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f2ac51b5000 | |
124 | close(3) = 0 | |
125 | open("/lib64/libkrb5support.so.0", O_RDONLY|O_CLOEXEC) = 3 | |
126 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`*`.4\0\0\0"..., 832) = 832 | |
127 | fstat(3, {st_mode=S_IFREG|0755, st_size=46360, ...}) = 0 | |
128 | mmap(NULL, 2139216, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac4da7000 | |
129 | mprotect(0x7f2ac4db1000, 2093056, PROT_NONE) = 0 | |
130 | mmap(0x7f2ac4fb0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f2ac4fb0000 | |
131 | close(3) = 0 | |
132 | open("/lib64/libkeyutils.so.1", O_RDONLY|O_CLOEXEC) = 3 | |
133 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \21 -4\0\0\0"..., 832) = 832 | |
134 | fstat(3, {st_mode=S_IFREG|0755, st_size=13408, ...}) = 0 | |
135 | mmap(NULL, 2106136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac4ba4000 | |
136 | mprotect(0x7f2ac4ba7000, 2093056, PROT_NONE) = 0 | |
137 | mmap(0x7f2ac4da6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f2ac4da6000 | |
138 | close(3) = 0 | |
139 | open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3 | |
140 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2609\240\0374\0\0\0"..., 832) = 832 | |
141 | fstat(3, {st_mode=S_IFREG|0755, st_size=109632, ...}) = 0 | |
142 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac752f000 | |
143 | mmap(NULL, 2198088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac498b000 | |
144 | mprotect(0x7f2ac49a1000, 2093056, PROT_NONE) = 0 | |
145 | mmap(0x7f2ac4ba0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f2ac4ba0000 | |
146 | mmap(0x7f2ac4ba2000, 6728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac4ba2000 | |
147 | close(3) = 0 | |
148 | open("/lib64/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3 | |
149 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320)\340!4\0\0\0"..., 832) = 832 | |
150 | fstat(3, {st_mode=S_IFREG|0755, st_size=89656, ...}) = 0 | |
151 | mmap(NULL, 2182584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac4776000 | |
152 | mprotect(0x7f2ac478b000, 2093056, PROT_NONE) = 0 | |
153 | mmap(0x7f2ac498a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14000) = 0x7f2ac498a000 | |
154 | close(3) = 0 | |
155 | open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 | |
156 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360j \0364\0\0\0"..., 832) = 832 | |
157 | fstat(3, {st_mode=S_IFREG|0755, st_size=144520, ...}) = 0 | |
158 | mmap(NULL, 2208776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac455a000 | |
159 | mprotect(0x7f2ac4570000, 2097152, PROT_NONE) = 0 | |
160 | mmap(0x7f2ac4770000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f2ac4770000 | |
161 | mmap(0x7f2ac4772000, 13320, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac4772000 | |
162 | close(3) = 0 | |
163 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac752e000 | |
164 | open("/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3 | |
165 | read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300_`\0374\0\0\0"..., 832) = 832 | |
166 | fstat(3, {st_mode=S_IFREG|0755, st_size=128888, ...}) = 0 | |
167 | mmap(NULL, 2230304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2ac4339000 | |
168 | mprotect(0x7f2ac4357000, 2093056, PROT_NONE) = 0 | |
169 | mmap(0x7f2ac4556000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d000) = 0x7f2ac4556000 | |
170 | mmap(0x7f2ac4558000, 6176, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2ac4558000 | |
171 | close(3) = 0 | |
172 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac752d000 | |
173 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac752c000 | |
174 | mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac752a000 | |
175 | arch_prctl(ARCH_SET_FS, 0x7f2ac752a800) = 0 | |
176 | mprotect(0x7f2ac62ee000, 16384, PROT_READ) = 0 | |
177 | mprotect(0x7f2ac6895000, 4096, PROT_READ) = 0 | |
178 | mprotect(0x7f2ac4556000, 4096, PROT_READ) = 0 | |
179 | mprotect(0x7f2ac4770000, 4096, PROT_READ) = 0 | |
180 | mprotect(0x7f2ac4ba0000, 4096, PROT_READ) = 0 | |
181 | mprotect(0x7f2ac4fb0000, 4096, PROT_READ) = 0 | |
182 | mprotect(0x7f2ac51b5000, 4096, PROT_READ) = 0 | |
183 | mprotect(0x7f2ac53cd000, 4096, PROT_READ) = 0 | |
184 | mprotect(0x7f2ac5812000, 4096, PROT_READ) = 0 | |
185 | mprotect(0x7f2ac5a17000, 4096, PROT_READ) = 0 | |
186 | mprotect(0x7f2ac5cf2000, 40960, PROT_READ) = 0 | |
187 | mprotect(0x7f2ac5f3f000, 4096, PROT_READ) = 0 | |
188 | mprotect(0x7f2ac6ca7000, 4096, PROT_READ) = 0 | |
189 | mprotect(0x7f2ac6ebe000, 4096, PROT_READ) = 0 | |
190 | mprotect(0x7f2ac70ca000, 4096, PROT_READ) = 0 | |
191 | mprotect(0x7f2ac7771000, 4096, PROT_READ) = 0 | |
192 | mprotect(0x7f2ac7547000, 4096, PROT_READ) = 0 | |
193 | munmap(0x7f2ac7535000, 68470) = 0 | |
194 | set_tid_address(0x7f2ac752aad0) = 1716 | |
195 | set_robust_list(0x7f2ac752aae0, 24) = 0 | |
196 | rt_sigaction(SIGRTMIN, {0x7f2ac4560650, [], SA_RESTORER|SA_SIGINFO, 0x7f2ac4568fe0}, NULL, 8) = 0 | |
197 | rt_sigaction(SIGRT_1, {0x7f2ac45606d0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f2ac4568fe0}, NULL, 8) = 0 | |
198 | rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 | |
199 | getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 | |
200 | statfs("/sys/fs/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 | |
201 | statfs("/sys/fs/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 | |
202 | stat("/sys/fs/selinux", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 | |
203 | brk(0) = 0x7f2ac8689000 | |
204 | brk(0x7f2ac86aa000) = 0x7f2ac86aa000 | |
205 | open("/root/.emptyconfig", O_RDONLY|O_NONBLOCK) = 3 | |
206 | fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 | |
207 | mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ac7544000 | |
208 | mprotect(0x7f2ac7545000, 4096, PROT_NONE) = 0 | |
209 | mprotect(0x7f2ac7544000, 4096, PROT_NONE) = 0 | |
210 | read(3, "", 0) = 0 | |
211 | mprotect(0x7f2ac7544000, 4096, PROT_READ) = 0 | |
212 | munmap(0x7f2ac7544000, 8192) = 0 | |
213 | close(3) = 0 | |
214 | stat("/root/.emptyconfig", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 | |
215 | getuid() = 0 | |
216 | rt_sigaction(SIGALRM, {0x7f2ac755ed20, ~[RTMIN RT_1], SA_RESTORER, 0x7f2ac5f779b0}, {SIG_DFL, [], 0}, 8) = 0 | |
217 | rt_sigaction(SIGUSR1, {0x7f2ac755ed10, ~[RTMIN RT_1], SA_RESTORER, 0x7f2ac5f779b0}, {SIG_DFL, [], 0}, 8) = 0 | |
218 | clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f2ac752aad0) = 1717 | |
219 | alarm(3) = 0 | |
220 | pause() = ? ERESTARTNOHAND (Interrupted by signal) | |
221 | --- SIGUSR1 {si_signo=SIGUSR1, si_code=SI_USER, si_pid=1717, si_uid=0} --- | |
222 | exit_group(0) = ? | |
223 | +++ exited with 0 +++ |