RE: hpux warez

From: Stefaan A Eeckels (Stefaan.Eeckelsat_private)
Date: Tue Sep 04 2001 - 08:25:21 PDT

Next message: Kriston Rehberg: "Re: AOLserver 3.0 vulnerability"

Previous message: s96192at_private: "[ Hackerslab bug_paper ] Informix-SQL application vulnerability"
In reply to: auto300526at_private: "hpux warez"
Next in thread: Juan Vera: "Re: hpux warez"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03-Sep-2001 auto300526at_private wrote:
>  
>  fully disclose this.


> I will leave you with this HPUX 11 local root exploit code. /usr/sbin/sw* 
> are all setuid root by default and all contain buffer overflows. I didn't 
> bother notifying HP about this at all. I just don't give a fuck. 

I would if it worked. It doesn't.

$ ./swexploit
...lots of gunk...
,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~,€~
,€~,€~,€~,€~,€~,€~,€~,€~,€[" was found to be greater than 1024 bytes in length.  This
         program ERROR:   Command line parsing failed. 
$ uname -a
HP-UX happy B.11.00 A 9000/780 2016244097 two-user license
$ 

Stefaan
-- 
Please visit our Webster http://xxxxxxxx.xxxx.xxx, write or e-mail to X&x
promptly,if you are interested.And X&x shall be pleased to render you any
further services.                                      -- Spam from China

Next message: Kriston Rehberg: "Re: AOLserver 3.0 vulnerability"
Previous message: s96192at_private: "[ Hackerslab bug_paper ] Informix-SQL application vulnerability"
In reply to: auto300526at_private: "hpux warez"
Next in thread: Juan Vera: "Re: hpux warez"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 10:03:14 PDT