Linux everest.silverlining.com.np 4.18.0-553.8.1.lve.el8.x86_64 #1 SMP Thu Jul 4 16:24:39 UTC 2024 x86_64
Apache
: 172.16.2.10 | : 216.73.216.224
Cant Read [ /etc/named.conf ]
7.2.34
pioneerwebdev
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
sbin /
[ HOME SHELL ]
Name
Size
Permission
Action
cagefs_enter_site
1.83
KB
-rwxr-xr-x
cagefsctl-user
15.55
KB
-rwxr-xr-x
chroot
41.45
KB
-rwxr-xr-x
cloudlinux-selector
654
B
-rwxr-xr-x
consoletype
11.88
KB
-rwxr-xr-x
cracklib-check
13.05
KB
-rwxr-xr-x
cracklib-format
251
B
-rwxr-xr-x
cracklib-packer
13.05
KB
-rwxr-xr-x
cracklib-unpacker
9.03
KB
-rwxr-xr-x
create-cracklib-dict
990
B
-rwxr-xr-x
ddns-confgen
20.46
KB
-rwxr-xr-x
dnssec-checkds
936
B
-rwxr-xr-x
dnssec-coverage
938
B
-rwxr-xr-x
dnssec-dsfromkey
60.84
KB
-rwxr-xr-x
dnssec-importkey
60.84
KB
-rwxr-xr-x
dnssec-keyfromlabel
64.75
KB
-rwxr-xr-x
dnssec-keygen
72.84
KB
-rwxr-xr-x
dnssec-keymgr
934
B
-rwxr-xr-x
dnssec-revoke
56.74
KB
-rwxr-xr-x
dnssec-settime
60.84
KB
-rwxr-xr-x
dnssec-signzone
117.2
KB
-rwxr-xr-x
dnssec-verify
52.84
KB
-rwxr-xr-x
exim
4.41
KB
-rwxr-xr-x
faillock
20.52
KB
-rwxr-xr-x
genrandom
12.38
KB
-rwxr-xr-x
ip
693.3
KB
-rwxr-xr-x
isc-hmac-fixup
11.85
KB
-rwxr-xr-x
isolatectl
9.06
KB
-rwxr-xr-x
ldconfig
986.13
KB
-rwxr-xr-x
lvdctl
683
B
-rwxr-xr-x
mkhomedir_helper
24.44
KB
-rwxr-xr-x
named-checkzone
36.63
KB
-rwxr-xr-x
named-compilezone
36.63
KB
-rwxr-xr-x
nsec3hash
12.29
KB
-rwxr-xr-x
pam_console_apply
45.2
KB
-rwxr-xr-x
pam_timestamp_check
11.87
KB
-rwxr-xr-x
pluginviewer
20.57
KB
-rwxr-xr-x
proxyexec
21.17
KB
-r-xr-xr-x
pwhistory_helper
20.44
KB
-rwxr-xr-x
saslauthd
94.42
KB
-rwxr-xr-x
sasldblistusers2
20.77
KB
-rwxr-xr-x
saslpasswd2
16.42
KB
-rwxr-xr-x
sendmail
4.41
KB
-rwxr-xr-x
snmpd
32.45
KB
-rwxr-xr-x
snmptrapd
32.6
KB
-rwxr-xr-x
testsaslauthd
16.66
KB
-rwxr-xr-x
tmpwatch
35.47
KB
-rwxr-xr-x
tsig-keygen
20.46
KB
-rwxr-xr-x
unix_chkpwd
36.86
KB
-rwxr-xr-x
unix_update
36.86
KB
-rwx------
Delete
Unzip
Zip
${this.title}
Close
Code Editor : sendmail
#!/bin/bash ##CageFS proxyexec wrapper - ver 18 if [[ $EUID -eq 0 ]]; then echo 'Cannot be run as root' exit 1 fi USR=`/usr/bin/whoami` USER_TOKEN_PATH="/var/.cagefs/.cagefs.token" WEBSITE_ISOLATION_FLAG="/opt/cloudlinux/flags/enabled-flags.d/website-isolation.flag" # Trust boundary for the website-isolation token path: it must point # directly at the regular file that create_website_token_directory() # creates inside its root-owned per-user storage area. That area is # /var/cagefs/<prefix>/<user>/.cagefs/website/... on the host and is # bind-mounted into the cage at /var/.cagefs/website/... — both views # are accepted because libenter.enter_site() picks one or the other # depending on whether it runs inside or outside the cage. The file # itself is never a symlink, so we reject symlinks outright rather # than canonicalizing with realpath. Without this gate the attacker # controls both the env var WEBSITE_TOKEN_PATH and the file contents # at that path; the file contents land in $TOKEN, which is embedded # into the ssh remote command argv below and re-parsed by the remote # shell — so shell metacharacters in the file would execute on the # origin host. (Slite #7 / CLOS-4490) if [[ -f "$WEBSITE_ISOLATION_FLAG" && -n "$WEBSITE_TOKEN_PATH" ]]; then if [[ -L "$WEBSITE_TOKEN_PATH" ]]; then echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' must not be a symlink" >&2 exit 1 fi if [[ ! -f "$WEBSITE_TOKEN_PATH" ]]; then echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' is not an existing regular file" >&2 exit 1 fi # Reject `..` as a path component so the prefix check below cannot # be bypassed via traversal (e.g. /var/cagefs/../etc/passwd matches # the /var/cagefs/* glob but resolves outside the trusted area). case "$WEBSITE_TOKEN_PATH" in */../*|*/..) echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' must not contain '..' path components" >&2 exit 1 ;; esac case "$WEBSITE_TOKEN_PATH" in /var/cagefs/*|/var/.cagefs/*) ;; *) echo "cagefs.proxy: WEBSITE_TOKEN_PATH must be under /var/cagefs/ or /var/.cagefs/ (got '$WEBSITE_TOKEN_PATH')" >&2 exit 1 ;; esac USER_TOKEN_PATH="$WEBSITE_TOKEN_PATH" fi # The -L/-f/prefix gate above is defense-in-depth, TOCTOU is not exploitable because the # forwarded $TOKEN must still equal the legit on-disk bytes that the # origin's cagefs.server reads with open(..., O_NOFOLLOW) from a # uid-derived path (see find_website_by_token() in # proxyexec/cagefs.server.c) — a swapped symlink redirects what we # cat, never what the server reads, so a TOCTOU substitution can only # replace the forwarded bytes with something that fails the server's # constant-time comparison. TOKEN=`/bin/cat ${USER_TOKEN_PATH}` # Tokens are generated as fixed-length alphanumerics by # _generate_password() in py/clcagefslib/webisolation/jail_utils.py and # by the corresponding C helper. Any non-alphanumeric byte means the # token file was tampered with — refuse to forward it into the ssh # remote command, where the remote shell would re-parse metacharacters. # Use POSIX `case` rather than `[[ =~ ]]` because the wrapper is also # invoked through `sh` (e.g. jenkins_tests/rpm_tests/p_cagefs/ # 939-environment_var-check.sh), and dash treats `[[` as a missing # command — the regex form would falsely trip and exit the script. case "$TOKEN" in "" | *[!A-Za-z0-9]*) echo "cagefs.proxy: refusing to forward malformed token from $USER_TOKEN_PATH" >&2 exit 1 ;; esac # It's user's tmp directory and write to it is secure procedure # because this script is running only under usual user PIDFILE="/tmp/.cagefs.proxy.$$" USER_INTERRUPT=13 CWD=`pwd` ctrl_c_handler() { if [[ -f "$PIDFILE" ]]; then pid=`/bin/cat $PIDFILE` /bin/rm -f $PIDFILE > /dev/null 2>&1 /bin/kill -s SIGINT "$pid" > /dev/null 2>&1 fi exit $USER_INTERRUPT } if [[ -e /var/.cagefs/origin ]]; then ORIGIN=`/bin/cat /var/.cagefs/origin` REMOTE="/usr/bin/ssh -F /etc/ssh/cagefs-rexec_config $USR@$ORIGIN" $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" SENDMAIL $$ "$@" RETVAL=$? else trap 'ctrl_c_handler' 2 CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" SENDMAIL $$ "$@" RETVAL=$? /bin/rm -f $PIDFILE > /dev/null 2>&1 fi exit $RETVAL
Close