ShellBanner
IP Address: 80.252.133.24:443 You: 216.73.216.193
System:Linux MiraNet 3.0.0-14-generic-pae #23-Ubuntu SMP Mon Nov 21 22:07:10 UTC 2011 i686
Software:Apache. PHP/5.3.6-13ubuntu3.10
ID:uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
Safe Mode:OFF
Open_Basedir:OFF
Freespace:24.46 GB of 70.42 GB (34.74%)
MySQL: ON MSSQL: OFF Oracle: OFF PostgreSQL: OFF Curl: OFF Sockets: ON Fetch: OFF Wget: ON Perl: ON
Disabled Functions: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,

/ usr/ src/ courier-0.66.1/ courier/ - drwxrwxrwx

Directory:
Viewing file:     sendmail-esmtpd-wrapper.c (2.25 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
/*
** Copyright 1998 - 2006 Double Precision, Inc.
** See COPYING for distribution information.
*/

#include    "courier.h"
#include    "bindir.h"
#include    "sbindir.h"
#include    "maxlongsize.h"
#include    "numlib/numlib.h"
#include    <sys/types.h>
#include    <pwd.h>
#if    HAVE_UNISTD_H
#include    <unistd.h>
#endif
#include    <stdlib.h>
#if    HAVE_FCNTL_H
#include    <fcntl.h>
#endif
#if     HAVE_SYSEXITS_H
#include        <sysexits.h>
#else
#define EX_NOUSER       67
#define EX_TEMPFAIL     75
#define EX_NOPERM       77
#endif


/*
    -bs flag to sendmail should invoke courieresmtpd, however courieresmtpd
    does not have world execute permissions (for a good reason).

    Therefore, we install sendmail-esmtpd-wrapper as a setuid root
    program.  sendmail-esmtpd-wrapper makes a note of who's running
    it, then sets its uid and gid to courier, then execs bin/courieresmtpd
    with a fresh environment.

    The fresh environment will have fake TCPREMOTEHOST and TCPREMOTEIP.
    Furthermore, TCPREMOTEINFO will be set to the identity of the
    invoking user.  This way, we can read the sender's identity in the
    headers.

    Also RELAYCLIENT is set, so we can relay :-)

    Additional, we run addcr to automatically add the CRs before the NLs,
    which courieresmtpd expects (!).
*/

void    esmtpd()
{
uid_t orig_uid=getuid();
char    ubuf[NUMBUFSIZE];
char    remoteinfobuf[NUMBUFSIZE+30];
char    *environ[6];
char    *argv[2];
int    pipefd[2];
pid_t    pid;

    sprintf(remoteinfobuf, "TCPREMOTEINFO=uid %s",
        libmail_str_uid_t(orig_uid, ubuf));

    if (pipe(pipefd) < 0)
    {
        perror("pipe");
        exit(EX_TEMPFAIL);
    }

    if (chdir(courierdir()) < 0)
    {
        perror("chdir");
        exit(EX_TEMPFAIL);
    }

    pid=fork();
    if (pid < 0)
    {
        perror("fork");
        exit(EX_TEMPFAIL);
    }
    if (pid == 0)
    {
        dup2(pipefd[1], 1);
        close(pipefd[0]);
        close(pipefd[1]);
        execl(BINDIR "/addcr", "addcr", (char *)0);
        perror("exec");
        exit(EX_TEMPFAIL);
    }
    dup2(pipefd[0], 0);
    close(pipefd[0]);
    close(pipefd[1]);
    close(2); open("/dev/null", O_WRONLY); /* Pine temper tantrum */

    environ[0]="TCPREMOTEIP=127.0.0.1";
    environ[1]="TCPREMOTEHOST=localhost";
    environ[2]=remoteinfobuf;
    environ[3]="RELAYCLIENT=";
    environ[4]="FAXRELAYCLIENT=";
    environ[5]=0;
    argv[0]="sendmail";
    argv[1]=0;
    execve(SBINDIR "/courieresmtpd", argv, environ);
    perror("exec");
    exit(EX_TEMPFAIL);
}
Command:
Quick Commands:
Upload:
[OK] Max size: 100MB
PHP Filesystem: <@ Ú
Search File:
regexp
Create File:
Overwrite [OK]
View File:
Mass Defacement:
[+] Main Directory: [+] Defacement Url:
LmfaoX Shell - Private Build [BETA] - v0.1 -; Generated: 0.2832 seconds