Need local root exploit

AnonGen · 07-19-2013, 04:47 PM

Hey guys,

Been a long time I've post something. So here I am again asking you guys for a favor.

I need a local root exploit for: Linux 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64

I've googled around but couldn't find a good one. Can anyone help me out here?
Thanks in advance!

Charon · 07-19-2013, 05:06 PM

Hey, that kernel seems pretty up-to-date so I think there aren't any public local root for that kernel. You could try escalating privileges with cron jobs or suid bins(I don't know how to it with suid bins.)

Good luck Smile

Dismas · 07-19-2013, 09:21 PM

Pretty sure that kernel is safe from the current exploits.

w00t · 07-19-2013, 11:07 PM

https://raw.github.com/realtalk/cve-2013...r/semtex.c

Charon · 07-19-2013, 11:17 PM

(07-19-2013, 11:07 PM)w00t Wrote: https://raw.github.com/realtalk/cve-2013...r/semtex.c

Wasn't that fixed on 05/14/2013?

CVE 2013-2094

AnonGen · 07-21-2013, 10:33 AM

Thanks for the replies, I'll try out the exploit that w00t mentioned tomorrow. I do agree that it's a pretty up-to-date kernel.

w00t · 07-21-2013, 05:30 PM

3.2.xx < 3.8.10( the first kernel with the update built-in ).

There are patches to be had to resolve that exploit, but servers aren't notorious for updating regularly.

yokai_old · 07-22-2013, 01:27 AM

(07-21-2013, 05:30 PM)w00t Wrote: 3.2.xx < 3.8.10( the first kernel with the update built-in ).

There are patches to be had to resolve that exploit, but servers aren't notorious for updating regularly.

You a high nigga, that colonel is June 2013, aka immune; if he got lucky and that date is just from the build (doubt it), semtex won't pop it; you can try sorbo's exploit or brad's (grab the symbols and either hardcode them into the exploits or w/e - it's easy but good luck lmao). @OP, "I do agree that it's a pretty up-to-date kernel" - please don't talk when you have no idea what you're saying.

Go read up on format string exploitation, and unfuck the death-star.c exploit (assuming the output of sudo -V is 1.8.3 or lower?). Also check if pkexec version = under 102 or not. You can also try to fuck with mtab if fusermount is set uid. I'm going to say your best bet is to check for vuln crons and or grep for credentials that may have been reused.

w00t · 07-22-2013, 01:59 AM

(07-22-2013, 01:27 AM)yokai Wrote: You a high nigga, that colonel is June 2013, aka immune;

No, I'm just apparently too lazy/stupid to read the entire kernel version.

There is a high probability he tried to google over 90% of the terms used in your actually helpful answer( my bad ).

"what is cron how to grep"

yokai_old · 07-22-2013, 02:00 AM

(07-22-2013, 01:59 AM)w00t Wrote: No, I'm just apparently too lazy/stupid to read the entire kernel version.

There is a high probability he tried to google over 90% of the terms used in your actually helpful answer( my bad ).

"what is cron how to grep"

lolololololol; I forgot my xmpp; add me on ac1db1tch3z@exploit.im nigga

Need local root exploit
Author Message