lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <32fd0edffce0f3c0a95354f5082768c9@phocean.net> Date: Thu, 06 Jan 2011 14:20:18 +0100 From: news@...cean.net To: <full-disclosure@...ts.grok.org.uk> Subject: Re: Getting root, the hard way I know a similar exploit, though it is not yet so stable : Windows. The guys took so much fun hacking that they even included some card game in it. On Thu, 6 Jan 2011 13:37:02 +0100, andrew wiggin wrote: > you should try with this one instead, it is more stable: > > /* > * Linux Kernel SUID_PERM to root exploit > * > * Usage: > * gcc -w suid-to-root.c -o suid-to-root > * sudo chown root.root suid-to-root > * sudo chmod +s suid-to-root > * ./suid-to-root > * > * This exploit is NOT stable: > * It does not work when you don't have sudo for example > * But you can easily port it with "su -c" !!! > * > */ > #include <stdlib.h> > const char* args[] = {"/bin/sh", "-i", NULL}; > int main() { setuid(0); execve("/bin/sh", args, NULL); } > > On 1/5/11, Григорий Братислава <musntlive@...il.com> wrote: >>> * Usage: >>> * gcc -w caps-to-root.c -o caps-to-root >>> * sudo setcap cap_sys_admin+ep caps-to-root >>> * ./caps-to-root >> >> >> Is further you fail because why see above: >> >>> * sudo setcap cap_sys_admin+ep caps-to-root >> >> Is I had sudo for why I has to run this code when I can sudo su. Is >> you must change advisory to "это пиздец!! Lame Race Condition for >> You >> Is Already Has Root" >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists