We've had a lot of script kiddies running an exploit against our campus, that checks for accounts that are passwordless by default in IRIX 6.2 - like 4Dgifts, EZsetup, and so on. I've seen indications this isn't limited to our campus... This script has been generating hoardes of syslog entries like: Sep 27 12:43:19 foo.bar login[16310]: failed: ?@warble.frob as 4Dgifts Amusingly, our suns, decs and linux machines run a fake tcpmux, so we have lots of somewhat clueless kiddies checking for this vulnerability on machines of the wrong OS :). Anyway, can anyone make this exploit available, so I don't need to reinvent the wheel in order to check for this myself? It'd probably be easy in python, but it'd be nice to have "the real thing", the script the kiddies are using themselves. I checked rootshell.com, queried for sgi and 4Dgifts, but nothing relevant popped up. I know, if I "were a white hat" I could check /etc/passwd (or /etc/shadow) myself. It's complicated. And I am a white hat. Besides, the list is full disclosure.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:01 PDT