!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/share/doc/selinux-policy-2.4.6/html/   drwxr-xr-x
Free 50.93 GB of 127.8 GB (39.85%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     kernel_selinux.html (15.07 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
Security Enhanced Linux Reference Policy

Layer: kernel

Module: selinux

Description:

Policy for kernel security interface, in particular, selinuxfs.

This module is required to be included in all policies.

Interfaces:

selinux_compute_access_vector( domain )
Summary

Allows caller to compute an access vector.

Parameters
Parameter:Description:Optional:
domain

The process type allowed to compute an access vector.

No
selinux_compute_create_context( domain )
Summary

Calculate the default type for object creation.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
selinux_compute_member( domain )
Summary

Allows caller to compute polyinstatntiated directory members.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
selinux_compute_relabel_context( domain )
Summary

Calculate the context for relabeling objects.

Description

Calculate the context for relabeling objects. This is determined by using the type_change rules in the policy, and is generally used for determining the context for relabeling a terminal when a user logs in.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
selinux_compute_user_contexts( domain )
Summary

Allows caller to compute possible contexts for a user.

Parameters
Parameter:Description:Optional:
domain

The process type allowed to compute user contexts.

No
selinux_dontaudit_getattr_dir( domain )
Summary

Do not audit attempts to get the attributes of the selinuxfs directory.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
selinux_dontaudit_getattr_fs( domain )
Summary

Do not audit attempts to get the attributes of the selinuxfs filesystem

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
selinux_dontaudit_read_fs( domain )
Summary

Do not audit attempts to read generic selinuxfs entries

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
selinux_dontaudit_search_fs( domain )
Summary

Do not audit attempts to search selinuxfs.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
selinux_dontaudit_validate_context( domain )
Summary

dontaudit caller to validate security contexts.

Parameters
Parameter:Description:Optional:
domain

The process type permitted to validate contexts.

No
selinux_genbool( domain )
Summary

Generate a file context for a boolean type

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
selinux_get_boolean( domain )
Summary

Allow caller to read the state of Booleans

Description

Allow caller read the state of Booleans

Parameters
Parameter:Description:Optional:
domain

The process type allowed to set the Boolean.

No
selinux_get_enforce_mode( domain )
Summary

Allows the caller to get the mode of policy enforcement (enforcing or permissive mode).

Parameters
Parameter:Description:Optional:
domain

The process type to allow to get the enforcing mode.

No
selinux_get_fs_mount( domain )
Summary

Gets the caller the mountpoint of the selinuxfs filesystem.

Parameters
Parameter:Description:Optional:
domain

The process type requesting the selinuxfs mountpoint.

No
selinux_getattr_fs( domain )
Summary

Get the attributes of the selinuxfs filesystem

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
selinux_load_policy( domain )
Summary

Allow caller to load the policy into the kernel.

Parameters
Parameter:Description:Optional:
domain

The process type that will load the policy.

No
selinux_search_fs( domain )
Summary

Search selinuxfs.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
selinux_set_boolean( domain )
Summary

Allow caller to set the state of Booleans to enable or disable conditional portions of the policy.

Description

Allow caller to set the state of Booleans to enable or disable conditional portions of the policy.

Since this is a security event, this action is always audited.

Parameters
Parameter:Description:Optional:
domain

The process type allowed to set the Boolean.

No
selinux_set_enforce_mode( domain )
Summary

Allow caller to set the mode of policy enforcement (enforcing or permissive mode).

Description

Allow caller to set the mode of policy enforcement (enforcing or permissive mode).

Since this is a security event, this action is always audited.

Parameters
Parameter:Description:Optional:
domain

The process type to allow to set the enforcement mode.

No
selinux_set_parameters( domain )
Summary

Allow caller to set SELinux access vector cache parameters.

Description

Allow caller to set SELinux access vector cache parameters. The allows the domain to set performance related parameters of the AVC, such as cache threshold.

Since this is a security event, this action is always audited.

Parameters
Parameter:Description:Optional:
domain

The process type to allow to set security parameters.

No
selinux_unconfined( domain )
Summary

Unconfined access to the SELinux kernel security server.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
selinux_validate_context( domain )
Summary

Allows caller to validate security contexts.

Parameters
Parameter:Description:Optional:
domain

The process type permitted to validate contexts.

No
Return

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0149 ]--