Поднятие прав в freebsd 5.4 -RELEASE

Discussion in 'Безопасность и Анонимность' started by Ershik, 20 May 2008.

  1. Ershik

    Ershik Elder - Старейшина

    Joined:
    7 Nov 2007
    Messages:
    301
    Likes Received:
    46
    Reputations:
    6
    Есть пользователь с нормальными правами. Есть система с фряха 5.
    Меня интересует возможно поднятие прав и "гуляние" по пользовательским каталогам.
    Каким образом можно это реализовать?
     
    #1 Ershik, 20 May 2008
  2. Ky3bMu4

    Ky3bMu4 Elder - Старейшина

    Joined:
    3 Feb 2007
    Messages:
    487
    Likes Received:
    284
    Reputations:
    42
    Попробуй поискать suid-файлы
    find / -perm +4000
     
    #2 Ky3bMu4, 21 May 2008
  3. zer0ska

    zer0ska Elder - Старейшина

    Joined:
    5 Dec 2007
    Messages:
    103
    Likes Received:
    9
    Reputations:
    0
    Найти все файлы в системе с установлеными битами SUID и SGID, владельцем которых является root, можно командой:
    find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;

    Для поиска всех файлов доступных на запись используйте команду
    find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;

    Для поиска всех каталогов доступных на запись - команда
    find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \;

    и
    find / -name "pass"
    find / -name ".htacces"
    итд ....
     
    #3 zer0ska, 21 May 2008
  4. Ershik

    Ershik Elder - Старейшина

    Joined:
    7 Nov 2007
    Messages:
    301
    Likes Received:
    46
    Reputations:
    6
    Нашел, теперь нужно просматривать каждый файл с помощью cat?

    find / -perm +4000
    /usr/bin/at
    /usr/bin/chpass
    /usr/bin/lock
    /usr/bin/opieinfo
    /usr/bin/login
    /usr/bin/opiepasswd
    /usr/bin/passwd
    /usr/bin/rlogin
    /usr/bin/rsh
    /usr/bin/su
    /usr/bin/crontab
    /usr/bin/lpq
    /usr/bin/lpr
    /usr/bin/lprm
    /usr/bin/batch
    /usr/bin/atrm
    /usr/bin/atq
    /usr/bin/ypchsh
    /usr/bin/ypchfn
    /usr/bin/ypchpass
    /usr/bin/chsh
    /usr/bin/chfn
    /usr/bin/yppasswd
    /usr/libexec/pt_chown
    /usr/sbin/authpf
    /usr/sbin/timedc
    /usr/sbin/sliplogin
    /usr/sbin/traceroute
    /usr/sbin/traceroute6
    /usr/sbin/mrinfo
    /usr/sbin/mtrace
    /usr/sbin/ppp
    /usr/sbin/pppd
    /usr/local/apache/bin/suexec
    /usr/local/bin/sudoedit
    /usr/local/bin/sudo
    /usr/local/apache.bak/bin/suexec
    /bin/rcp
    /sbin/mksnap_ffs
    /sbin/ping
    /sbin/ping6
    /sbin/shutdown




    find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;

    -r-sr-xr-x 4 root wheel 21448 Apr 3 2006 /usr/bin/at
    -r-xr-sr-x 1 root kmem 8712 Apr 3 2006 /usr/bin/btsockstat
    -r-sr-xr-x 6 root wheel 17780 Apr 3 2006 /usr/bin/chpass
    -r-xr-sr-x 1 root kmem 14716 Apr 3 2006 /usr/bin/fstat
    -r-sr-xr-x 1 root wheel 7924 Apr 3 2006 /usr/bin/lock
    -r-sr-xr-x 1 root wheel 4312 Apr 3 2006 /usr/bin/opieinfo
    -r-sr-xr-x 1 root wheel 17192 Apr 3 2006 /usr/bin/login
    -r-sr-xr-x 1 root wheel 10904 Apr 3 2006 /usr/bin/opiepasswd
    -r-sr-xr-x 2 root wheel 6052 Apr 3 2006 /usr/bin/passwd
    -r-xr-sr-x 1 root kmem 95308 Apr 3 2006 /usr/bin/netstat
    -r-xr-sr-x 1 root tty 8468 Apr 3 2006 /usr/bin/write
    -r-sr-xr-x 1 root wheel 10228 Apr 3 2006 /usr/bin/rlogin
    -r-sr-xr-x 1 root wheel 8164 Apr 3 2006 /usr/bin/rsh
    -r-sr-xr-x 1 root wheel 12244 Apr 3 2006 /usr/bin/su
    -r-xr-sr-x 1 root tty 10848 Apr 3 2006 /usr/bin/wall
    -r-sr-xr-x 1 root wheel 26968 Apr 3 2006 /usr/bin/crontab
    -r-sr-sr-x 1 root daemon 25040 Apr 3 2006 /usr/bin/lpq
    -r-sr-sr-x 1 root daemon 28080 Apr 3 2006 /usr/bin/lpr
    -r-sr-sr-x 1 root daemon 23664 Apr 3 2006 /usr/bin/lprm
    -r-sr-xr-x 4 root wheel 21448 Apr 3 2006 /usr/bin/batch
    -r-sr-xr-x 4 root wheel 21448 Apr 3 2006 /usr/bin/atrm
    -r-sr-xr-x 4 root wheel 21448 Apr 3 2006 /usr/bin/atq
    -r-sr-xr-x 6 root wheel 17780 Apr 3 2006 /usr/bin/ypchsh
    -r-sr-xr-x 6 root wheel 17780 Apr 3 2006 /usr/bin/ypchfn
    -r-sr-xr-x 6 root wheel 17780 Apr 3 2006 /usr/bin/ypchpass
    -r-sr-xr-x 6 root wheel 17780 Apr 3 2006 /usr/bin/chsh
    -r-sr-xr-x 6 root wheel 17780 Apr 3 2006 /usr/bin/chfn
    -r-sr-xr-x 2 root wheel 6052 Apr 3 2006 /usr/bin/yppasswd
    -r-xr-sr-x 1 root smmsp 588020 Apr 3 2006 /usr/libexec/sendmail/sendmail
    -r-sr-xr-x 1 root wheel 3520 Apr 3 2006 /usr/libexec/pt_chown
    -r-sr-sr-x 1 root authpf 129988 Apr 3 2006 /usr/sbin/authpf
    -r-xr-sr-x 1 root daemon 43980 Apr 3 2006 /usr/sbin/lpc
    -r-sr-xr-x 1 root wheel 15668 Apr 3 2006 /usr/sbin/timedc
    -r-sr-x--- 1 root network 14472 Apr 3 2006 /usr/sbin/sliplogin
    -r-sr-xr-x 1 root wheel 19960 Apr 3 2006 /usr/sbin/traceroute
    -r-sr-xr-x 1 root wheel 16840 Apr 3 2006 /usr/sbin/traceroute6
    -r-xr-sr-x 1 root kmem 8272 Apr 3 2006 /usr/sbin/trpt
    -r-sr-xr-x 1 root wheel 16540 Apr 3 2006 /usr/sbin/mrinfo
    -r-sr-xr-x 1 root wheel 30504 Apr 3 2006 /usr/sbin/mtrace
    -r-sr-x--- 1 root network 333432 Apr 3 2006 /usr/sbin/ppp
    -r-sr-x--- 1 root dialer 94672 Apr 3 2006 /usr/sbin/pppd
    ---s--x--- 1 root nogroup 611844 Jun 29 2006 /usr/local/apache/bin/suexec
    ---s--x--x 1 root wheel 95216 Apr 4 2006 /usr/local/bin/sudoedit
    ---s--x--x 1 root wheel 95216 Apr 4 2006 /usr/local/bin/sudo
    -rwxr-sr-x 1 root maildrop 133182 Apr 4 2006 /usr/local/sbin/postdrop
    -rwxr-sr-x 1 root maildrop 127968 Apr 4 2006 /usr/local/sbin/postqueue
    -r-xr-s--x 1 root mail 9187 Jun 15 2006 /usr/local/sbin/sendmail
    ---s--x--- 1 root nogroup 611567 Apr 5 2006 /usr/local/apache.bak/bin/suexec
    -r-sr-xr-x 1 root wheel 18388 Apr 3 2006 /bin/rcp
    -r-sr-x--- 1 root operator 5052 Apr 3 2006 /sbin/mksnap_ffs
    -r-sr-xr-x 1 root wheel 21108 Apr 3 2006 /sbin/ping
    -r-sr-xr-x 1 root wheel 30792 Apr 3 2006 /sbin/ping6
    -r-sr-x--- 1 root operator 10200 Apr 3 2006 /sbin/shutdown


    find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;

    -rw-rw-r-- 1 root operator 0 May 8 2005 /etc/dumpdates

    drwxrwxr-x 2 root operator 512 Apr 20 2006 /.snap
    drwxrwxr-x 2 root operator 512 Feb 14 21:21 /logs/.snap
    drwxrwxr-x 2 root operator 512 Apr 20 2006 /usr/.snap
    drwxrwx--- 2 root mail 512 May 24 00:15 /usr/local/etc/postfix/db
    drwxrwx--x 10 mass w3mass 1024 May 28 2007 /usr/local/mass.rbc.ru.bak
    drwxrwxr-x 2 root operator 512 Apr 20 2006 /var/.snap
    drwx-wx-wx 2 root wheel 11264 May 15 16:24 /var/log/sudosh
    drwxrwxr-x 2 root mail 23552 May 23 14:49 /var/mail
    drwxrwx--- 2 root network 512 May 8 2005 /var/run/ppp
    drwxrwxr-x 2 root daemon 512 May 8 2005 /var/rwho
    drwxrwxr-x 2 uucp dialer 512 Feb 14 21:18 /var/spool/lock
    drwxrwx--- 2 smmsp smmsp 512 Apr 3 2006 /var/spool/clientmqueue
    drwx-wx--- 2 postfix maildrop 512 May 24 21:06 /var/spool/postfix/maildrop
    drwxrwxr-x 2 root games 512 Mar 31 2006 /var/games


    find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \;
    drwxrwxr-x 2 root operator 512 Apr 20 2006 /.snap
    drwxrwxr-x 2 root operator 512 Feb 14 21:21 /logs/.snap
    drwxrwxr-x 2 root operator 512 Apr 20 2006 /usr/.snap
    drwxrwx--- 2 root mail 512 May 25 00:15 /usr/local/etc/postfix/db
    drwxrwx--x 10 mass w3mass 1024 May 28 2007 /usr/local/mass.rbc.ru.bak
    drwxrwxr-x 2 root operator 512 Apr 20 2006 /var/.snap
    drwx-wx-wx 2 root wheel 11264 May 15 16:24 /var/log/sudosh
    drwxrwxr-x 2 root mail 23552 May 23 14:49 /var/mail
    drwxrwx--- 2 root network 512 May 8 2005 /var/run/ppp
    drwxrwxr-x 2 root daemon 512 May 8 2005 /var/rwho
    drwxrwxr-x 2 uucp dialer 512 Feb 14 21:18 /var/spool/lock
    drwxrwx--- 2 smmsp smmsp 512 Apr 3 2006 /var/spool/clientmqueue
    drwx-wx--- 2 postfix maildrop 512 May 25 18:41 /var/spool/postfix/maildrop
    drwxrwxr-x 2 root games 512 Mar 31 2006 /var/games
     
    #4 Ershik, 25 May 2008
  5. procedure

    procedure Elder - Старейшина

    Joined:
    22 Dec 2007
    Messages:
    527
    Likes Received:
    257
    Reputations:
    46
    почитай эту тему, думаю найдешь ответ
    /thread33224.html
     
    #5 procedure, 25 May 2008
(You must log in or sign up to post here.)