Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README.md Update README.md Jan 25, 2017
screen2root.png Add files via upload Jan 25, 2017
screenroot.sh Create screenroot.sh Jan 25, 2017

README.md

screen2root

TL;DR

On systems where screen is version 4.5.0 (Screen version 4.05.00 (GNU) 10-Dec-16), and setuid root, you can use it to create arbritary files with root permissions containing arbritary content.

This PoC creates an /etc/ld.so.preload file pointing to a library that creates a setuid root shell and then calls screen again to trigger it.

TL;DR you get root.

Original bug report is here

Screenshot

[lol]

Reproducing:

Install this version of screen.

Howto:

wget https://ftp.gnu.org/gnu/screen/screen-4.5.0.tar.gz
tar -xf screen-4.5.0.tar.gz
cd screen-4.5.0
./configure
make
sudo make install

Now you have an exploitable version.

Notes

According to this poster on reddit you can even use this on boxes with grsec with trivial modifications. I have yet to experiment with evading Samhain, but I suspect it is not going to be hard.