Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <unistd.h>
- #include <grp.h>
- #include <sys/types.h>
- #include <stdio.h>
- #include <stdlib.h>
- int main(int argc, char** argv) {
- uid_t olduid;
- gid_t target, *list;
- struct group* grent;
- int i, index = -1;
- if(argc != 2) {
- printf("Usage: %s <group to remove>\n", argv[0]);
- printf("Must be SUID. Launches shell.\n");
- return 1;
- }
- olduid = getuid();
- if(setuid(0) == -1) {
- perror("setuid(0)");
- return 1;
- }
- int groups = getgroups(0, NULL);
- list = malloc(sizeof(gid_t) * groups);
- if(getgroups(groups, list) == -1) {
- perror("getgroups");
- return 1;
- }
- while(grent = getgrent()) {
- if(!strcmp(grent->gr_name, argv[1])) {
- target = grent->gr_gid;
- break;
- }
- }
- endgrent();
- if(grent == NULL) {
- fprintf(stderr, "group not found\n");
- return 1;
- }
- for(i = 0; i < groups; i++) {
- if(target == list[i]) {
- index = i;
- break;
- }
- }
- if(index == -1) {
- fprintf(stderr, "gid not found\n");
- return 1;
- }
- for(i = index + 1; i < groups; i++)
- list[i - 1] = list[i];
- if(setgroups(groups - 1, list) == -1) {
- perror("setgroups");
- return 1;
- }
- if(setuid(olduid) == -1) {
- perror("setuid(old)");
- return 1;
- }
- execl("/bin/sh", "/bin/sh", NULL);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement