HP/UX sam_exec user vulnerability
Description: In a particularly dumb move, HP/UX's remote administration program, SAM, adds a user 'sam_exec' with UID 0 and a standard password.
Author: bogus technician (firstname.lastname@example.org) (apparently it is SOD again) was the first to find the 10.x password.
Compromise: root (local)
Vulnerable Systems: HP/UX 9.x,10.x where SAM has been used
Notes: See the SOD HP Bug of the Week page
You login and press control-C for a shell. Sometimes you have to mess
with TERM to get it to allow you in.
Password for 9.x: Yosemite
Password for 10.x: x7vpa5jh
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: [
Sec Tools |
Mailing Lists |
Site News |
Advertising ] Privacy