Underc0de

Foros Generales => Dudas y pedidos generales => Mensaje iniciado por: elmate19 en Junio 12, 2015, 12:51:29 PM

Título: Es posible escalar privilegios con esto ?
Publicado por: elmate19 en Junio 12, 2015, 12:51:29 PM
Mi usurario es lenspaca

Search the output below for the word 'WARNING'.  If you don't see it then
WARNING: /home/mozk/.my.cnf is in the home directory of mozk. The group root can read /home/mozk/.my.cnf
WARNING: /sbin/mount.nfs is SUID root. /sbin/mount.nfs contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /usr/local/apache.backup/bin/suexec is SUID root. /usr/local/apache.backup/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/cgi-bin
WARNING: /usr/local/apache.backup/bin/suexec is SUID root. /usr/local/apache.backup/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/cgi-bin
WARNING: /usr/local/apache.backup/bin/suexec is SUID root. /usr/local/apache.backup/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup/bin/suexec is SUID root. /usr/local/apache.backup/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache/bin/suexec is SUID root. /usr/local/apache/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/cgi-bin
WARNING: /usr/local/apache/bin/suexec is SUID root. /usr/local/apache/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/cgi-bin
WARNING: /usr/local/apache/bin/suexec is SUID root. /usr/local/apache/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache/bin/suexec is SUID root. /usr/local/apache/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20140619.1403215789/bin/suexec is SUID root. /usr/local/apache.backup_archive/20140619.1403215789/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20140619.1403215789/bin/suexec is SUID root. /usr/local/apache.backup_archive/20140619.1403215789/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20140619.1403215789/bin/suexec is SUID root. /usr/local/apache.backup_archive/20140619.1403215789/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20140619.1403215789/bin/suexec is SUID root. /usr/local/apache.backup_archive/20140619.1403215789/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20121010.1349887071/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121010.1349887071/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20121010.1349887071/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121010.1349887071/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20121010.1349887071/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121010.1349887071/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20121010.1349887071/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121010.1349887071/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20121005.1349458708/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121005.1349458708/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20121005.1349458708/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121005.1349458708/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20121005.1349458708/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121005.1349458708/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20121005.1349458708/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121005.1349458708/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20131006.1381095409/bin/suexec is SUID root. /usr/local/apache.backup_archive/20131006.1381095409/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20131006.1381095409/bin/suexec is SUID root. /usr/local/apache.backup_archive/20131006.1381095409/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20131006.1381095409/bin/suexec is SUID root. /usr/local/apache.backup_archive/20131006.1381095409/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20131006.1381095409/bin/suexec is SUID root. /usr/local/apache.backup_archive/20131006.1381095409/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20121001.1349113146/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121001.1349113146/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20121001.1349113146/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121001.1349113146/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20121001.1349113146/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121001.1349113146/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20121001.1349113146/bin/suexec is SUID root. /usr/local/apache.backup_archive/20121001.1349113146/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20131006.1381076900/bin/suexec is SUID root. /usr/local/apache.backup_archive/20131006.1381076900/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20131006.1381076900/bin/suexec is SUID root. /usr/local/apache.backup_archive/20131006.1381076900/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/
WARNING: /usr/local/apache.backup_archive/20131006.1381076900/bin/suexec is SUID root. /usr/local/apache.backup_archive/20131006.1381076900/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20131006.1381076900/bin/suexec is SUID root. /usr/local/apache.backup_archive/20131006.1381076900/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20141009.1412881428/bin/suexec is SUID root. /usr/local/apache.backup_archive/20141009.1412881428/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/cgi-bin
WARNING: /usr/local/apache.backup_archive/20141009.1412881428/bin/suexec is SUID root. /usr/local/apache.backup_archive/20141009.1412881428/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/cgi-bin
WARNING: /usr/local/apache.backup_archive/20141009.1412881428/bin/suexec is SUID root. /usr/local/apache.backup_archive/20141009.1412881428/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/local/apache.backup_archive/20141009.1412881428/bin/suexec is SUID root. /usr/local/apache.backup_archive/20141009.1412881428/bin/suexec contains the string /usr/local/cpanel/3rdparty/mailman/cgi-bin. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /usr/sbin/exim is SUID root. /usr/sbin/exim contains the string /proc/net/if_inet6. The user lenspaca can write to /proc/net
WARNING: /usr/sbin/exim is SUID root. /usr/sbin/exim contains the string /tmp. The group root can write to /tmp
WARNING: /usr/sbin/exim is SUID root. /usr/sbin/exim contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/exim is SUID root. /usr/sbin/exim contains the string /tmp/clamd. The group root can write to /tmp
WARNING: /usr/sbin/exim is SUID root. /usr/sbin/exim contains the string /tmp/clamd. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/exim is SUID root. /usr/sbin/exim contains the string /var/spool/exim. The user mailnull can write to /var/spool/exim
WARNING: /usr/bin/quota is SUID root. /usr/bin/quota contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /usr/bin/ksu is SUID root. /usr/bin/ksu contains the string /tmp/krb5cc_. The group root can write to /tmp
WARNING: /usr/bin/ksu is SUID root. /usr/bin/ksu contains the string /tmp/krb5cc_. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/crontab is SUID root. /usr/bin/crontab contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/crontab is SUID root. /usr/bin/crontab contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/at is SUID root. /usr/bin/at contains the string /var/spool/at. The user daemon can write to /var/spool/at
WARNING: /usr/bin/at is SUID root. /usr/bin/at contains the string /var/spool/at/12345678901234. The user daemon can write to /var/spool/at
WARNING: /bin/mount is SUID root. /bin/mount contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /bin/umount is SUID root. /bin/umount contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /etc/init.d/abrt-oops is run by root at startup. /etc/init.d/abrt-oops contains the string /var/spool/abrt. The user abrt can write to /var/spool/abrt
WARNING: /etc/init.d/cgred is run by root at startup. /etc/init.d/cgred contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /etc/init.d/cpanel is run by root at startup. /etc/init.d/cpanel contains the string /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl
WARNING: /etc/init.d/cpanel is run by root at startup. /etc/init.d/cpanel contains the string /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl. The user mailman can write to /usr/local/cpanel/3rdparty/mailman/bin
WARNING: /etc/init.d/cpanel is run by root at startup. /etc/init.d/cpanel contains the string /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl. The group mailman can write to /usr/local/cpanel/3rdparty/mailman/bin
WARNING: /etc/init.d/cpanel is run by root at startup. /etc/init.d/cpanel contains the string /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl. The user mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /etc/init.d/cpanel is run by root at startup. /etc/init.d/cpanel contains the string /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl. The group mailman can write to /usr/local/cpanel/3rdparty/mailman
WARNING: /etc/init.d/halt is run by root at startup. /etc/init.d/halt contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /etc/init.d/ip6tables is run by root at startup. /etc/init.d/ip6tables contains the string /proc/net/. The user lenspaca can write to /proc/net/
WARNING: /etc/init.d/ip6tables is run by root at startup. /etc/init.d/ip6tables contains the string /proc/net/. The user lenspaca can write to /proc/net
WARNING: /etc/init.d/iptables is run by root at startup. /etc/init.d/iptables contains the string /proc/net/. The user lenspaca can write to /proc/net/
WARNING: /etc/init.d/iptables is run by root at startup. /etc/init.d/iptables contains the string /proc/net/. The user lenspaca can write to /proc/net
WARNING: /etc/init.d/mysql is run by root at startup. /etc/init.d/mysql contains the string /var/lib/mysql. The user mysql can write to /var/lib/mysql
WARNING: /etc/init.d/named is run by root at startup. /etc/init.d/named contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /etc/init.d/netfs is run by root at startup. /etc/init.d/netfs contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /etc/init.d/network is run by root at startup. /etc/init.d/network contains the string /proc/net/vlan. The user lenspaca can write to /proc/net
WARNING: /etc/init.d/postgresql is run by root at startup. /etc/init.d/postgresql contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self/oom_adj
WARNING: /etc/init.d/postgresql is run by root at startup. /etc/init.d/postgresql contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self
WARNING: /etc/init.d/postgresql is run by root at startup. /etc/init.d/postgresql contains the string /var/lib/pgsql/data. The user postgres can write to /var/lib/pgsql
WARNING: /etc/init.d/sandbox is run by root at startup. /etc/init.d/sandbox contains the string /tmp. The group root can write to /tmp
WARNING: /etc/init.d/sandbox is run by root at startup. /etc/init.d/sandbox contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /etc/init.d/sandbox is run by root at startup. /etc/init.d/sandbox contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /etc/init.d/sandbox is run by root at startup. /etc/init.d/sandbox contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /dev/shm. The group root can write to /dev/shm
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /dev/shm. World write is set for /dev/shm (but sticky bit set)
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /proc/mounts. The user lenspaca can write to /proc/mounts
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /tmp. The group root can write to /tmp
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /tmp/kde-. The group root can write to /tmp
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /tmp/kde-. World write is set for /tmp (but sticky bit set)
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /tmp/scrollkeeper-. The group root can write to /tmp
WARNING: /etc/rc.d/rc.sysinit is run by root at startup. /etc/rc.d/rc.sysinit contains the string /tmp/scrollkeeper-. World write is set for /tmp (but sticky bit set)
WARNING: /sbin/init is currently running as root. /sbin/init contains the string /dev/fd. The user lenspaca can write to /dev/fd
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /proc/net/if_inet6. The user lenspaca can write to /proc/net
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp. The group root can write to /tmp
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp/clamd. The group root can write to /tmp
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp/clamd. World write is set for /tmp (but sticky bit set)
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /dev/fd/. The user lenspaca can write to /dev/fd/
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /dev/fd/. The user lenspaca can write to /dev/fd
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /dev/fd/H. The user lenspaca can write to /dev/fd
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /tmp. The group root can write to /tmp
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /bin/bash is currently running as root. /bin/bash contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/local/cpanel/3rdparty/perl/514/bin/spamd -d --allowed-ips is currently running as root. /usr/local/cpanel/3rdparty/perl/514/bin/spamd contains the string /tmp. The group root can write to /tmp
WARNING: /usr/local/cpanel/3rdparty/perl/514/bin/spamd -d --allowed-ips is currently running as root. /usr/local/cpanel/3rdparty/perl/514/bin/spamd contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/dovecot is currently running as root. /usr/sbin/dovecot contains the string /var/lib/dovecot. The user dovecot can write to /var/lib/dovecot
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /proc/net/if_inet6. The user lenspaca can write to /proc/net
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp. The group root can write to /tmp
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp/clamd. The group root can write to /tmp
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp/clamd. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /proc/net/if_inet6. The user lenspaca can write to /proc/net
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp. The group root can write to /tmp
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp/clamd. The group root can write to /tmp
WARNING: /usr/sbin/exim is currently running as mailnull. /usr/sbin/exim contains the string /tmp/clamd. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as lenspaca. /usr/bin/php contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/php is currently running as lenspaca. /usr/bin/php contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as lenspaca. /usr/bin/php contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /usr/bin/php is currently running as lenspaca. /usr/bin/php contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as lenspaca. /usr/bin/php contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /usr/bin/php is currently running as lenspaca. /usr/bin/php contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /tmp. The group root can write to /tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as sitioemp. /usr/bin/php contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/php is currently running as sitioemp. /usr/bin/php contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as sitioemp. /usr/bin/php contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /usr/bin/php is currently running as sitioemp. /usr/bin/php contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as sitioemp. /usr/bin/php contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /usr/bin/php is currently running as sitioemp. /usr/bin/php contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as turismar. /usr/bin/php contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/php is currently running as turismar. /usr/bin/php contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as turismar. /usr/bin/php contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /usr/bin/php is currently running as turismar. /usr/bin/php contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as turismar. /usr/bin/php contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /usr/bin/php is currently running as turismar. /usr/bin/php contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as amuletto. /usr/bin/php contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/php is currently running as amuletto. /usr/bin/php contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as amuletto. /usr/bin/php contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /usr/bin/php is currently running as amuletto. /usr/bin/php contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as amuletto. /usr/bin/php contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /usr/bin/php is currently running as amuletto. /usr/bin/php contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as intertur. /usr/bin/php contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/php is currently running as intertur. /usr/bin/php contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as intertur. /usr/bin/php contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /usr/bin/php is currently running as intertur. /usr/bin/php contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as intertur. /usr/bin/php contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /usr/bin/php is currently running as intertur. /usr/bin/php contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as oholeguy. /usr/bin/php contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/php is currently running as oholeguy. /usr/bin/php contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as oholeguy. /usr/bin/php contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /usr/bin/php is currently running as oholeguy. /usr/bin/php contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as oholeguy. /usr/bin/php contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /usr/bin/php is currently running as oholeguy. /usr/bin/php contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as prenpar. /usr/bin/php contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/php is currently running as prenpar. /usr/bin/php contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as prenpar. /usr/bin/php contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /usr/bin/php is currently running as prenpar. /usr/bin/php contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as prenpar. /usr/bin/php contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /usr/bin/php is currently running as prenpar. /usr/bin/php contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as factory. /usr/bin/php contains the string /tmp. The group root can write to /tmp
WARNING: /usr/bin/php is currently running as factory. /usr/bin/php contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as factory. /usr/bin/php contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /usr/bin/php is currently running as factory. /usr/bin/php contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /usr/bin/php is currently running as factory. /usr/bin/php contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /usr/bin/php is currently running as factory. /usr/bin/php contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /sbin/udevd is currently running as root. /sbin/udevd contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self/oom_adj
WARNING: /sbin/udevd is currently running as root. /sbin/udevd contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self
WARNING: /sbin/udevd is currently running as root. /sbin/udevd contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self/oom_adj
WARNING: /sbin/udevd is currently running as root. /sbin/udevd contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self
WARNING: /sbin/udevd is currently running as root. /sbin/udevd contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self/oom_adj
WARNING: /sbin/udevd is currently running as root. /sbin/udevd contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /tmp. The group root can write to /tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /tmp. The group root can write to /tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /usr/tmp. The group root can write to /usr/tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /usr/tmp. World write is set for /usr/tmp (but sticky bit set)
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /var/tmp. The group root can write to /var/tmp
WARNING: /bin/bash is currently running as lenspaca. /bin/bash contains the string /var/tmp. World write is set for /var/tmp (but sticky bit set)
WARNING: /usr/sbin/sshd is currently running as root. /usr/sbin/sshd contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self/oom_adj
WARNING: /usr/sbin/sshd is currently running as root. /usr/sbin/sshd contains the string /proc/self/oom_adj. The user lenspaca can write to /proc/self
WARNING: /usr/sbin/sshd is currently running as root. /usr/sbin/sshd contains the string /proc/self/oom_score_adj. The user lenspaca can write to /proc/self/oom_score_adj
WARNING: /usr/sbin/sshd is currently running as root. /usr/sbin/sshd contains the string /proc/self/oom_score_adj. The user lenspaca can write to /proc/self
WARNING: /usr/sbin/sshd is currently running as root. /usr/sbin/sshd contains the string /tmp/ssh-XXXXXXXXXX. The group root can write to /tmp
WARNING: /usr/sbin/sshd is currently running as root. /usr/sbin/sshd contains the string /tmp/ssh-XXXXXXXXXX. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/mysqld is currently running as mysql. /usr/sbin/mysqld contains the string /tmp. The group root can write to /tmp
WARNING: /usr/sbin/mysqld is currently running as mysql. /usr/sbin/mysqld contains the string /tmp. World write is set for /tmp (but sticky bit set)
WARNING: /usr/sbin/atd is currently running as root. /usr/sbin/atd contains the string /var/spool/at. The user daemon can write to /var/spool/at
WARNING: /usr/sbin/atd is currently running as root. /usr/sbin/atd contains the string /var/spool/at/spool. The user daemon can write to /var/spool/at


Es un output de un script unix-privesc-check
Y el sistema tiene un kernel 2.6.32 nunca entendi como ver si sta activo el ASLR y eso
aca dejo la linea completa 2.6.32-358.6.1.el6.cve20132094.x86_64 #1 SMP Tue May 14 15:27:28 CDT 2013 x86_64 x86_64 x86_64 GNU/Linux

Muchas gracias.
Título: Re:Es posible escalar privilegios con esto ?
Publicado por: Gn0m3 en Junio 12, 2015, 01:43:25 PM
Hola Elmate19,
Comentanos un poco mas sobre el output en que escenario,etc, si no das detalles y descripcion poco podremos decir.

A simple vista parece el output de algun script al estilo Tiger o Lynis.

Pero bueno danos mas datos.


Saludos

Gn0m3