Cal Leeming [Simplicity Media Ltd] wrote:
> Actually Ryan, I'll think you'll find a lot of people just wanted to
> contribute towards testing, as most authors will appreciate the masses
> testing on as many systems as possible.
>
> It's not a case of anyone "showing off", it's simply that a lot o
;>> this particular exploit won't work.
>>>>>
>>>>> If your distro doesn't export the relevant symbols (Debian), ditto
>>>>> above.
>>>>>
>>>>> If your distro has patched the Econet vulnerabilities I used t
"leandro lista" , fireb...@backtrack.com.br,
bugt...@securityfocus.com, full-disclosure@lists.grok.org.uk
Sent: Monday, December 13, 2010 4:08:05 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Please don't inundate me with e-mail because none of you bothered to
e thing 5 times.
>>
>>
>>
>> Ryan Sears
>>
>> - Original Message -
>> From: "dan j rosenberg"
>> To: "Cal Leeming [Simplicity Media Ltd]" <
>> cal.leem...@simplicitymedialtd.co.uk>,
>> full-disclosure-boun...@lists.
s
>
> - Original Message -
> From: "dan j rosenberg"
> To: "Cal Leeming [Simplicity Media Ltd]" <
> cal.leem...@simplicitymedialtd.co.uk>,
> full-disclosure-boun...@lists.grok.org.uk, "Ariel Biener" <
> ar...@post.tau.ac.il>
> Cc: &
Admitting you will not feed the trolls show that you have fed the trolls
at some point in time and have fell for a troll.
There is no way to properly "damage control" this statement.
YHBT YHL HAND
On 12/13/2010 04:19 PM, Cal Leeming [Simplicity Media Ltd] wrote:
>
> No more troll feed for you!
; who shouldn't have one.
>>
>> -Dan
>>
>>
>> Sent from my Verizon Wireless BlackBerry
>>
>> -Original Message-
>> From: "Cal Leeming [Simplicity Media Ltd]"
>>
>> Sender: full-disclosure-boun...@list
ols (Debian), ditto
>>>> above.
>>>>
>>>> If your distro has patched the Econet vulnerabilities I used to trigger
>>>> this (Ubuntu), ditto above.
>>>>
>>>> This was done on purpose, to avoid giving a weaponized exploit to people
&
as done on purpose, to avoid giving a weaponized exploit to people
>>> who shouldn't have one.
>>>
>>> -Dan
>>>
>>>
>>> Sent from my Verizon Wireless BlackBerry
>>>
>>> -Original Message-
>>> From: &quo
Cal Leeming [Simplicity Media Ltd]"
>
> Sender: full-disclosure-boun...@lists.grok.org.uk
> Date: Mon, 13 Dec 2010 20:40:45
> To: Ariel Biener
> Cc: ; ; <
> bugt...@securityfocus.com>;
> Subject: Re: [Full-disclosure] Linux kernel exploit
>
> __
sage-
From: "Cal Leeming [Simplicity Media Ltd]"
Sender: full-disclosure-boun...@lists.grok.org.uk
Date: Mon, 13 Dec 2010 20:40:45
To: Ariel Biener
Cc: ; ;
;
Subject: Re: [Full-disclosure] Linux kernel exploit
___
On Mon, Dec 13, 2010 at 12:40 PM, Cal Leeming [Simplicity Media Ltd]
wrote:
> I've seen far too many people just sending back "Failed to open file
> descriptors" without giving any indication as to what could have happened.
> ...
> Anyways, the code failed on our sandbox.. see below:
> ...
> socke
I've seen far too many people just sending back "Failed to open file
descriptors" without giving any indication as to what could have happened.
:| Can people *please* remember to send the author as much debug as possible
(at the very least, an strace), so they can at least see what's going on.
Can
But he said that RedHat (and thus CentOS) doesn't have Econet enabled by
default.
--Ariel
fireb...@backtrack.com.br wrote:
> I tested it on a VM with CentOS 5.5 i386 updated and did not work.
>
> Last login: Tue Dec 13 12:48:54 2010
> [r...@localhost~]#nano full-nelson.c
> [r...@localhost~]#gcc-o
On 13/12/2010 12:05 PM, highteck wrote:
> Posted by Benji on Dec 13
>
> I heard rumors it's backdoored and sends your /etc/passwd and uname to
> Dan
> Rosenberg.
>
> Just sayin'
>
>
> ^^^
>
> 1. wheres the shell code to hide such a process?
> 2. do you see /etc/passwd any ware in there?
> 3. dan r
On 13/12/2010 12:03 PM, highteck wrote:
> r...@bt:~# su test
> sh-3.2$ cd /tmp
> sh-3.2$ id;uname -a
> uid=1000(test) gid=1000(test) groups=1000(test)
> Linux bt 2.6.34 #1 SMP Wed Jul 21 09:51:09 EDT 2010 i686 GNU/Linux
> sh-3.2$ ls
> full-nelson.c
> sh-3.2$ gcc full-nelson.c -o full-nelson
> sh-3.
I tested it on a VM with CentOS 5.5 i386 updated and did not work.
Last login: Tue Dec 13 12:48:54 2010
[r...@localhost~]#nano full-nelson.c
[r...@localhost~]#gcc-o full-nelson.c full-nelson
[r...@localhost~]#./full-nelson
[*] Failed to open file descriptors.
[r...@localhost~]# uname-a
Linux local
I heard rumors it's backdoored and sends your /etc/passwd and uname to Dan
Rosenberg.
Just sayin'
On Mon, Dec 13, 2010 at 3:27 PM, wrote:
> I tested it on a VM with CentOS 5.5 i386 updated and did not work.
>
> Last login: Tue Dec 13 12:48:54 2010
> [r...@localhost~]#nano full-nelson.c
> [r...@
sp...@alucard ~ $ uname -a
Linux alucard 2.6.35-zen2-knight #1 ZEN SMP PREEMPT Wed Dec 1 12:34:54 BRST
2010 x86_64 Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz GenuineIntel
GNU/Linux
sp...@alucard ~ $ gcc -o nerso full-nelson.c
sp...@alucard ~ $ ./nerso
[*] Failed to open file descriptors.
2010/12/
h...@darkstar:~$ cat /etc/slackware-version
Slackware 13.1.0
h...@darkstar:~$ uname -a
Linux darkstar 2.6.33.4-smp #2 SMP Wed May 12 22:47:36 CDT 2010 i686
Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz GenuineIntel GNU/Linux
h...@darkstar:~$ cc full-nelson.c -o full-nelson
h...@darkstar:~$ ./ful
More one test:
t...@test:~/Downloads$ ./testing
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa0026610
[+] Resolved econet_ops to 0xa0026720
[+] Resolved commit_creds to 0x810863c0
[+] Resolved prepare_kernel_cred to 0x81086890
[*] Calculating
a few test
[...@yangtao ~]$ ./extest
./extest: error while loading shared libraries: requires glibc 2.5 or
later dynamic linker
[...@yangtao ~]$ uname -r
2.6.9-89.0.25.ELsmp
[...@yangtao ~]$ cat /etc/redhat-release
CentOS release 4.8 (Final)
==
[...@kernel ~]$ ./extest
[*] Faile
Hi Dan,
Tested on:
kernel 2.6.32 (Ubuntu 10.04) >> worked.
kernel 2.6.28 >> didn’t work. (Failed to open file descriptors)
Nice work, Dan.
Regards,
Sherif
On Tue, Dec 7, 2010 at 10:25 PM, Dan Rosenberg wrote:
> Hi all,
>
> I've included here a proof-of-concept local privilege escalation exp
$ ./nelson
[*] Failed to open file descriptors.
$ uname -r
2.6.35.6-48.fc14.x86_64
$ cat /etc/redhat-release
Fedora release 14 (Laughlin)
But I updated a couple of days ago.
--
Best regards,
Vadim
___
Full-Disclosure - We believe in it.
Charter: http:
Worked on Ubuntu 10.10 .. awesome work :)
On Thu, Dec 9, 2010 at 11:15 AM, Ed Carp wrote:
> On Tue, Dec 7, 2010 at 1:21 PM, Ryan Sears wrote:
>
> > Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
> 2.6.35-22-generic). Works as expected.
> >
> > Great job Dan. You're full
On Tue, Dec 7, 2010 at 1:21 PM, Ryan Sears wrote:
> Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
> 2.6.35-22-generic). Works as expected.
>
> Great job Dan. You're full of win!
Except that he needs to clean up his code - no one uses go to anymore.
_
t;> [*] Got root!
>>> # id
>>> uid=0(root) gid=0(root)
>>> #
>>>
>>>
>>> :)
>>>
>>>
>>>
>>>
>>> -Original Message-
>>> *From*: Cal Leeming [Simplicity Media Ltd] <
>&
-
>> *From*: Cal Leeming [Simplicity Media Ltd] <
>> cal.leem...@simplicitymedialtd.co.uk<%22cal%20leeming%20%5bsimplicity%20media%20ltd%5d%22%20%3ccal.leem...@simplicitymedialtd.co.uk%3e>
>> >
>> *Reply-to*: cal.leem...@simplicitymedialtd.co.uk
>> *To*:
l.leem...@simplicitymedialtd.co.uk%3e>
> >
> *Reply-to*: cal.leem...@simplicitymedialtd.co.uk
> *To*: Dan Rosenberg
>
> >
> *Cc*: full-disclosure@lists.grok.org.uk, bugt...@securityfocus.com
> *Subject*: Re: [Full-disclosure] Linux kernel exploit
> *Date*: Tue, 07 D
Media Ltd]
Reply-to: cal.leem...@simplicitymedialtd.co.uk
To: Dan Rosenberg
Cc: full-disclosure@lists.grok.org.uk, bugt...@securityfocus.com
Subject: Re: [Full-disclosure] Linux kernel exploit
Date: Tue, 07 Dec 2010 21:06:44 +
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan
Debian lenny:
nik...@sandbox:~$ uname -a
Linux sandbox 2.6.26-2-amd64 #1 SMP Thu Sep 16 15:56:38 UTC 2010
x86_64 GNU/Linux
nik...@sandbox:~$ make full-nelson
cc full-nelson.c -o full-nelson
nik...@sandbox:~$ ./full-nelson
[*] Resolving kernel addresses...
[+] Resolved econet_i
> I've included here a proof-of-concept local privilege escalation exploit
> for Linux. Please read the header for an explanation of what's going
> on. Without further ado, I present full-nelson.c:
Hello Dan, is this exploitation not mitigated by best practice
defense-in-depth strategies such
I ran it and my computer turned into a mudkip. I took a picture which
I have uploaded at [0]
I didn't read the instructions was I supposed to?
[0] -
http://www.aspectofthehare.net/wp-content/uploads/2009/07/MudkipComputerGame.png
___
Full-Disclosure -
-disclosure-boun...@lists.grok.org.uk
Date: Wed, 08 Dec 2010 09:12:36
To:
Subject: Re: [Full-disclosure] Linux kernel exploit
Doesnt work here on Ubuntu 10.10 (VirtualBox) clean install (but with
all updates) with only an “apt-get install build-essential”
k...@kuri-virtualbox:~$ cat /etc/lsb-release
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
>
> > Anyone tested this in sandbox yet?
>
> 00:37 linups:../expl/kernel > cat /etc/*release*
> openSUSE 11.3 (i586)
> VERSION = 11.3
> 00:37 linups:../expl/kernel > uname -r
> 2.6.34.4-0.1-desktop
> 00:37 linups:../expl/kernel > gcc _2.6.37.l
> Failed on Ubuntu 10.10 (2.6.35-23-generic)
>
> t...@bifrost:/tmp$ uname -a
> Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
> 2010 x86_64 GNU/Linux
>
> t...@bifrost:/tmp$ ./a.out
> [*] Resolving kernel addresses...
> [+] Resolved econet_ioctl to 0xa03d9610
> [+]
If you've applied all your Ubuntu updates, the exploit is not going to
work. I decided to take a more responsible approach to exploit
publishing with this release. Rather than publish a fully weaponized
exploit that could be used by script kiddies everywhere to compromise
innocent users' machines
Failed on Ubuntu 10.10 (2.6.35-23-generic)
t...@bifrost:/tmp$ uname -a
Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
2010 x86_64 GNU/Linux
t...@bifrost:/tmp$ ./a.out
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa03d9610
[+] Resolved econet_op
> Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel > cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel > uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel > gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel > ./test
[*] Failed to open
focus.com
Sent: Tuesday, December 7, 2010 4:06:44 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
f
it's worked on 2.6.35.7, nice exploit
On Wed, Dec 8, 2010 at 6:09 AM, Rem7ter wrote:
> Why gcc exp.c -o exp alert "Error: too many Argument"? I test it in Linux
> 2.6.X.
>
> 2010/12/7 coderman
>
> On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
>> wrote:
>> > ... I've included here a proof-of-
Why gcc exp.c -o exp alert "Error: too many Argument"? I test it in Linux
2.6.X.
2010/12/7 coderman
> On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
> wrote:
> > ... I've included here a proof-of-concept local privilege escalation
> exploit...
> > * This exploit leverages three vulnerabilitie
On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
wrote:
> ... I've included here a proof-of-concept local privilege escalation
> exploit...
> * This exploit leverages three vulnerabilities to get root, all of which were
> * discovered by Nelson Elhage:
>...
> * However, the important issue, CVE-
uot;
Cc: full-disclosure@lists.grok.org.uk, bugt...@securityfocus.com
Sent: Tuesday, December 7, 2010 4:06:44 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
> Hi all,
>
> I've included
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
> Hi all,
>
> I've included here a proof-of-concept local privilege escalation exploit
> for Linux. Please read the header for an explanation of what's going
> on. Without further ado, I present full-nelson.c:
>
> Happy
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Dan
--snip--
/*
* Linux Kernel <= 2.6.37 local privilege escalation
* by Da
46 matches
Mail list logo