Bugtraq mailing list archives
Re: Sol2.x Mouse EXPLOIT info - CORRECTION
From: neil () legless demon co uk (Neil Woods)
Date: Tue, 17 Jan 1995 00:39:01 +0100 (GMT)
OK, Exploit details: 1) place pointer exactly in centre of screen 2) start to spiral out ANTICLOCKWISE - this movement must be smooth and finish in the top left corner 3) as soon as you reach the top left corner, unplug the mouse within 4 seconds. 4) You should then be at the # prompt. Have Fun.
This will NOT work on Solaris 2.X boxes. The spiraling out should in fact be CLOCKWISE. An anticlockwise movement will give a shell running as user nobody, rather than as uid 0! Top left is however important, so that we have 0,0 stored in cred->uid and cred->gid. Due to the nature of the mouse driver, an anticlockwise movement would spiral the uid/gid pair to the largest uid available on the system, which under normal conditions would be user nobody. Cheers, Neil -- Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way, M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl. ...like a badger with an afro throwing sparklers at the Pope...
Current thread:
- Re: Solaris 2.4 bugs... der Mouse (Jan 13)
- Re: Solaris 2.4 bugs... Casper Dik (Jan 14)
- Sol2.x Mouse EXPLOIT info (wsa Re: Solaris 2.4 bugs..) Karl Strickland (Jan 14)
- Sol2.x Mouse EXPLOIT info (wsa Re: Solaris 2.4 bugs..) Scott D. Yelich (Jan 14)
- Re: Sol2.x Mouse EXPLOIT info (wsa Re: Solaris 2.4 bugs..) Dave Williss (Jan 16)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Neil Woods (Jan 16)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Farrell McKay (Jan 16)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Christopher Klaus (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION jsz (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION jsz (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Leo Bicknell (Jan 17)
- (Fwd) WWW Servers on SOLARIS Bandwidth flood on Internet Darren Reed (Jan 17)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Christopher Klaus (Jan 17)
- Sol2.x Mouse EXPLOIT info (wsa Re: Solaris 2.4 bugs..) Karl Strickland (Jan 14)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION G.J.W. Hagenaars (Jan 17)
- Re: Solaris 2.4 bugs... Casper Dik (Jan 14)
- CRACK for PCs? Robert Moskowitz (Jan 17)
- Re: CRACK for PCs? Perry E. Metzger (Jan 17)