DavidBuchanan314 · August 18, 2024 03:00 · ThatNerdyPikachu · Mar 17, 2019
diff --git a/root_my_vm.py b/root_my_vm.py
 #!/usr/bin/python3

 import sys
 import os
 import signal


 PATTERN = b"root:x:0:0:root"
 REPLACE = b"root::00:0:root"


 if len(sys.argv) != 2:
 	print("USAGE: python3 {} PID".format(sys.argv[0]))
 	print("(root privs required)")
 	exit()

 pid = int(sys.argv[1])

 os.kill(pid, signal.SIGSTOP)

 mem = open("/proc/{}/mem".format(pid), "wb+")

 for mapping in open("/proc/{}/maps".format(pid)).readlines():
 	if mapping.strip().split()[-1] in ["[vvar]", "[vdso]", "[stack]", "[vsyscall]"]:
 		continue
 	addrs = mapping.split()[0]
 	start, end = [int(x, 16) for x in addrs.split("-")]
 	mem.seek(start)
 	for block in range(start, end, 0x1000):
 		try:
 			buf = mem.read(0x1000)
 			if PATTERN in buf:
 				print(mapping.strip())
 				print("w00t")
 				buf = buf.replace(PATTERN, REPLACE)
 				mem.seek(block)
 				mem.write(buf)
 				print("w00tw00t")
 		except OSError:
 			pass

 os.kill(pid, signal.SIGCONT)
	#!/usr/bin/python3

	import sys
	import os
	import signal


	PATTERN = b"root:x:0:0:root"
	REPLACE = b"root::00:0:root"


	if len(sys.argv) != 2:
	print("USAGE: python3 {} PID".format(sys.argv[0]))
	print("(root privs required)")
	exit()

	pid = int(sys.argv[1])

	os.kill(pid, signal.SIGSTOP)

	mem = open("/proc/{}/mem".format(pid), "wb+")

	for mapping in open("/proc/{}/maps".format(pid)).readlines():
	if mapping.strip().split()[-1] in ["[vvar]", "[vdso]", "[stack]", "[vsyscall]"]:
	continue
	addrs = mapping.split()[0]
	start, end = [int(x, 16) for x in addrs.split("-")]
	mem.seek(start)
	for block in range(start, end, 0x1000):
	try:
	buf = mem.read(0x1000)
	if PATTERN in buf:
	print(mapping.strip())
	print("w00t")
	buf = buf.replace(PATTERN, REPLACE)
	mem.seek(block)
	mem.write(buf)
	print("w00tw00t")
	except OSError:
	pass

	os.kill(pid, signal.SIGCONT)