Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <stdlib.h>
- #include <unistd.h>
- #include <sys/types.h>
- #include <string.h>
- #include <crypt.h>
- /**
- * Illustrative and probably very buggy example of what su essentially does
- *
- * To compile run: gcc switcharoo.c -o switcharoo -l crypt
- * Set permissions: sudo chown root:root switcharoo
- * Set suid bit: sudo chmod 4755 switcharoo
- */
- int main(int argc, char** argv) {
- char *password = getpass("Password:");
- FILE *fh = fopen("/etc/shadow", "r");
- char line[200];
- fgets(line, 200, fh); // read first line, usually corresponds to root user
- char *username = strtok(line, ":"); // extract first column
- char *hash = strtok(NULL, ":"); // extract second column
- printf("Hash from /etc/shadow is: %s\n", hash);
- char *result = crypt(password, hash); // calculate hash with salt from /etc/shadow
- printf("User supplied password results in hash: %s\n", result);
- int ok = strcmp (result, hash) == 0; // compare hashes
- puts(ok ? "Access granted." : "Access denied.");
- if (ok) {
- printf("UID before setuid: %d\n", getuid());
- printf("Effective UID before setuid: %d\n", geteuid());
- setuid(0); // set actual UID to 0
- printf("UID after setuid: %d\n", getuid());
- printf("Effective after setuid: %d\n", geteuid());
- system("bash"); // execute new shell with root permissions
- return 0;
- } else {
- return 255;
- }
- }
Add Comment
Please, Sign In to add comment