My friend's hosting server got rooted and we have traced some of attacker's commands.. We've found some exploits under /tmp/.idc directory.. We've disconnected the server and are now testing some local kernel exploits that the attacker tried on our server.
Here is our kernel version:
2.4.21-4.ELsmp #1 SMP
We think that he got root access by the modified uselib() local root exploit but the exploit doesn't work!
loki@danaria {/tmp}# ./mail -l ./lib
[+] SLAB cleanup
child 1 VMAs 32768
The exploit hangs like this.. I've waited over 5 minutes but nothing has happened. I've also tried other exploits but they didn't work.. Any ideas? or experimentations with this exploit? Because we need to find the issue and patch our kernel but we can't understand how he used this exploit to get root...
Thanks
No comments:
Post a Comment