- 001
- 002
- 003
- 004
- 005
- 006
- 007
- 008
- 009
- 010
- 011
- 012
- 013
- 014
- 015
- 016
- 017
- 018
- 019
- 020
- 021
- 022
- 023
- 024
- 025
- 026
- 027
- 028
- 029
- 030
- 031
- 032
- 033
- 034
- 035
- 036
- 037
- 038
- 039
- 040
- 041
- 042
- 043
- 044
- 045
- 046
- 047
- 048
- 049
- 050
- 051
- 052
- 053
- 054
- 055
- 056
- 057
- 058
- 059
- 060
- 061
- 062
- 063
- 064
- 065
- 066
- 067
- 068
- 069
- 070
- 071
- 072
- 073
- 074
- 075
- 076
- 077
- 078
- 079
- 080
- 081
- 082
- 083
- 084
- 085
- 086
- 087
- 088
- 089
- 090
- 091
- 092
- 093
- 094
- 095
- 096
- 097
- 098
- 099
- 100
gid_t sgid=0;
cpd=getpwuid(ut);
if(argc<1){
fprintf(stderr,"%s: uid not specified:%s\n",argv[0]);
exit(EXIT_FAILURE);
}
suid= atolevl(argv[1]);
printf("uid %d\n",suid);
if(cpd==NULL){
fprintf(stderr,"%s: cant get current user:%s\n",argv[0]);
exit(-1);
}
printf("%s: %s\n",cpd->pw_name,cpd->pw_passwd);
strcpy(user_name,cpd->pw_name);
fp=fopen(fpass,"r");
if(fp==NULL){
fprintf(stderr,"can't open file %s:%s",fpass,argv[0]);
}
cpd = fgetpwent(fp);
if(cpd==NULL){
fprintf(stderr,"no find user",fpass,argv[0]);
}
while((cpd=fgetpwent(fp))!=NULL){
if(strcmp(cpd->pw_name,user_name)==0){
if(strmycpy(salt,cpd->pw_passwd,3,19)==NULL){
fprintf(stderr,"can't choose salt:%s\n",argv[0]);
exit(-1);
};
strcpy(pass,cpd->pw_passwd);
if(strmycpy(mt,cpd->pw_passwd,0,2)==NULL){
fprintf(stderr,"can't choose salt:%s\n",argv[0]);
exit(-1);
};
printf("%s: %s: salt: %s\n",\
cpd->pw_name,cpd->pw_passwd,salt);
sz=strlen(cpd->pw_passwd);
printf("sz: %d\n",sz);
}
}
fclose(fp);
int fl=0;
size_t i=0;
for(i=0;i<=10 && fl<2;i++){
if(pass[i]=='$'){fl++;printf("fl %d\n",fl);}
}
static char mtt[5];
if(fl==2){
strmycpy(mtt,pass,1,i-1);
}
printf("%s\n ",mtt);
write(1,"Scheme: ",8);
if(strcmp(mtt,"")==0)write(1,"des_crypt\n",10);
if(strcmp(mtt,"1")==0)write(1,"md5_crypt\n",10);
if(strcmp(mtt,"2")==0 || strcmp(mt,"2a")==0 || strcmp(mt,"2x")==0 || strcmp(mt,"2y")==0)write(1,"bcrypt\n",7);
if(strcmp(mtt,"6")==0)write(1,"sha512_crypt\n",13);
if(strcmp(mtt,"3")==0)write(1,"bsd_nhash\n",10);
if(strcmp(mtt,"5")==0)write(1,"sha256_crypt\n",13);
if(strcmp(mtt,"md5")==0 )write(1,"sun_md5_crypt\n",14);
if(strcmp(mtt,"sha1")==0 )write(1,"sha1_crypt\n",11);
char *prompt="Please enter your password: ";
char *mpass=getpass(prompt);
char *mypass=crypt(mpass,pass);
if(strcmp(mypass,pass)==0){
printf("Password is ok\n");
if(seteuid(0)==-1 || setuid(0)==-1){
fprintf(stderr, "%s: can't change euid to %d: %s\n", argv[0],suid,
strerror(errno));
exit(EXIT_FAILURE);
}
if(setuid(suid)==-1){
fprintf(stderr, "%s: can't change uid to %d: %s\n", argv[0],suid,
strerror(errno));
exit(EXIT_FAILURE);
}
if(seteuid(suid)==-1){
fprintf(stderr, "%s: can't change euid to %d: %s\n", argv[0],suid,
strerror(errno));
exit(EXIT_FAILURE);
}
if(suid==0){
if(setresuid(eut,suid,eut)==-1){
fprintf(stderr, "%s: can't change euid to %d: %s\n", argv[0],suid,
strerror(errno));
exit(EXIT_FAILURE);
};
}
pid_t pt=fork();
if(pt>0){
execv(shell,NULL);
abort();
} else if(pt==0){
waitpid(pt,&status,WEXITED);
abort();
}
} else printf("The password isn't OK\n");
abort();
return 0;
};
Тупая программа стаем рутом sudo chown root:root sume && sudo chmod u+s sume
myaut 23.09.2012 20:39 # +4
bormand 23.09.2012 21:08 # 0
absolut 24.09.2012 05:46 # 0
Fai 24.09.2012 05:55 # +2
bormand 24.09.2012 09:43 # 0
zim 24.09.2012 14:52 # +4
Fai 24.09.2012 19:37 # 0
Steve_Brown 01.10.2012 11:36 # +1