HP/UX sam_exec user vulnerability

Summary
Description:In a particularly dumb move, HP/UX's remote administration program, SAM, adds a user 'sam_exec' with UID 0 and a standard password.
Author:bogus technician (bogus@command.com.inter.net) (apparently it is SOD again) was the first to find the 10.x password.
Compromise: root (local)
Vulnerable Systems:HP/UX 9.x,10.x where SAM has been used
Date:1996
Notes:See the SOD HP Bug of the Week page
Details

Exploit:

You login and press control-C for a shell.  Sometimes you have to mess 
with TERM to get it to allow you in.

Password for 9.x: Yosemite
Password for 10.x: x7vpa5jh


More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault