mirror of
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn.git
synced 2026-05-16 12:17:44 +00:00
ssh-keysign-pwn
This commit is contained in:
0xdeadbeefnetwork
commit
565548753b
9 changed files with 337 additions and 0 deletions
22
vuln_target.c
Normal file
22
vuln_target.c
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
/* Setuid target that opens /etc/shadow before dropping. Install as
|
||||
* setuid root; exploit with exploit_vuln_target.c. */
|
||||
#define _GNU_SOURCE
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int fd = open("/etc/shadow", O_RDONLY);
|
||||
if (fd < 0) { perror("open"); return 1; }
|
||||
|
||||
if (setuid(getuid()) < 0) { perror("setuid"); return 1; }
|
||||
|
||||
if (argc > 1 && !strcmp(argv[1], "exit-now"))
|
||||
return 0;
|
||||
pause();
|
||||
return 0;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue