Analysis of files in locale.tgz

locale.tgz is a collection of local privilege escalation tools. It untars to give the following:

sploitz is a directory and it contains the following: 

We notice that there are identical files with the same filename 

A md5sum check confirms that both sxp binaries are the same. Both copies of sxp.c are the same except for differences in the comment at line 32 column 38. This is best shown with a diff -a sxp.c spliotz/spx.c.

Comments in sxp.c clearly shows that its an exploit that give the user root account when run on system with sendmail version 8.11.6 and below.

epcs2.c is a ptrace race condition exploit that gives root privilege on kernel 2.2.18 and below. epc is the binary complied from epcs2.c is a RedHat 7.0 modutils exploit.

ptrace24.c is a execve/ptrace race condition exploit for Linux Kernel up to 2.4.9. ptr is the binary complied from ptrace24.c is an exploit for suidperl mail shell escape vulnerability. The SUID version of perl sends email in response to a race condition in file system and the sendmail program allows embedded commands in emails. More can be found at

su.c is a format string exploit that gives the user root privileges.

md5sum hashes of su.c and epcs2.c are the same as those downloaded from the Internet, i.e..