About this list Date view Thread view Subject view Author view Attachment view

From: Nuno Silva (nuno.silva_at_vgertech.com)
Date: Mon 24 Mar 2003 - 20:00:29 GMT


Hi!

exploits, in nowadays, are very sophisticated software, you must read
the help:

./km3 -h

Btw, the exploit successfully got root in your box! (It spawned /bin/id)

Regards,
Nuno Silva

Christoph Kuhles wrote:
> Hi,
>
> Monday, March 24, 2003, 6:21:23 PM, you wrote:
>
> LMS> I should have given the url to a working exploit on my original post.
> LMS> So, here it is:
> LMS> http://august.v-lo.krakow.pl/~anszom/km3.c
>
> Hm, I don't seem able to exploit my own machines -
>
> [ck_at_adjana ck]$ uname -a
> Linux adjana.aquatix.de 2.4.19-aqx #4 Wed Jan 8 00:59:02 CET 2003 i686 i686 i386 GNU/Linux
> [ck_at_adjana ck]$ ./km3
> Linux kmod + ptrace local root exploit by <anszom_at_v-lo.krakow.pl>
>
> => Simple mode, executing /usr/bin/id > /dev/tty
> sizeof(shellcode)=95
> => Child process started.+ 11120
> - 11120 ok!
> uid=0(root) gid=0(root) groups=100(users)
> [ck_at_adjana ck]$ whoami
> ck
>
> /usr/bin/passwd is setuid root, the box runs 2.4.19 with ctx-15, ricmp
> and patch-int from kerneli.org, /proc/sys/kernel/modprobe is set to
> /sbin/modprobe. I really wonder why my machine is not vulnerable as I
> didn't apply any patches for that. Also module support is enabled in
> the running kernel.
>
> Does anyone have details what might have actually 'patched' my system
> here? I'm kinda worried if there's any other exploit that might work
> on my box, so I'd appreciate any advice.
>
> Thanks,
>
> Chris
>
>


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 24 Mar 2003 - 20:23:21 GMT by hypermail 2.1.3