From:http://hi.baidu.com/ymhacker/blog/item/fce947e997c50034b90e2dad.html
flashfxp提权
重点将对方的.dat文件全部弄下来。。。然后揽权
具体是这三个文件
quick.dat
Sites.dat
Stats.dat
然后就是快速连接,,接着用passlook来查看对方的密码。。
阅读全文
阅读全文
注:内容比较全,也用到了那个知名的bc.pl文件
#Trace: Linux 提权教程。
参考视频:
[1]http://rapidshare.com/files/109733291/Linux_Rooting.rar.html
[2]http://files.ge/file/401011/vidzeo-tar-gz.html
Today, I have decided to put up a tutorial for both newbies and pwners! and just reference for all of us. This is a dream of every h4k3r, to get free root access. if you haven’t got one, then try harder, because you are not a h4ck3r then.
阅读全文
From: http://seclists.org/fulldisclosure/2009/Nov/371
** FreeBSD local r00t 0day
Discovered & Exploited by Nikolaos Rangos also known as Kingcope.
Nov 2009 “BiG TiME”
“Go fetch your FreeBSD r00tkitz” // http://www.youtube.com/watch?v=dDnhthI27Fg
There is an unbelievable simple local r00t bug in recent FreeBSD versions.
I audited FreeBSD for local r00t bugs a long time *sigh*. Now it pays out.
The bug resides in the Run-Time Link-Editor (rtld). 阅读全文
Normally rtld does not allow dangerous environment variables like LD_PRELOAD
to be set when executing setugid binaries like “ping” or “su”.
With a rather simple technique rtld can be tricked into
accepting LD variables even on setugid binaries.
See the attached exploit for details.
From:订阅我的博客
