home *** CD-ROM | disk | FTP | other *** search
/ Power Hacker 2003 / Power_Hacker_2003.iso / E-zine / Magazines / crh / solaris-toolkit / soltool / scanner.55 < prev    next >
Encoding:
Text File  |  2002-05-27  |  4.9 KB  |  138 lines
  1. function scanner {
  2. echo " oOo Scanning for all known exploitable programs now, Please be patient..."
  3.  
  4. if [ -s /tmp/report ]; then
  5.         cp /tmp/report /tmp/report.old
  6.         echo " oOo Moving old report file to /tmp/report.old"
  7. else
  8.         echo " oOo Preparing report file at /tmp/report"
  9. fi
  10.  
  11. if [ -s /tmp/suidprogs ]; then
  12.         rm /tmp/suidprogs
  13.         echo " oOo Deleting old log files..."
  14. else
  15.         echo " oOo No old log files detected..."
  16. fi
  17.  
  18. echo " "
  19. echo "  The CodeZero Solaris Security Tool Version 0.55 Report :" > /tmp/report
  20. echo "  ========================================================" >> /tmp/report
  21. echo " " >> /tmp/report
  22.  
  23. if [ -s /bin/passwd ]; then
  24. echo " oOo /bin/passwd exists, checking for vunerabilities..."
  25.         if test -u /bin/passwd
  26.         then
  27.                 echo " oOo /bin/passwd is suid and seems exploitable."
  28.                 echo "  oOo The scanner found /bin/passwd could be exploitable." >> /tmp/report
  29.                 echo "/bin/passwd" > /tmp/suidprogs
  30.         else
  31.                 echo " oOo /bin/passwd is not exploitable."
  32.         fi
  33. else
  34.         echo " oOo /bin/passwd doesn't exist!"
  35. fi
  36.  
  37. if [ -s /bin/eject ]; then
  38. echo " oOo /bin/eject exists, checking for vunerabilities..."
  39.         if test -u /bin/eject
  40.         then
  41.                 echo " oOo /bin/eject is suid and seems exploitable."
  42.                 echo "  oOo The scanner found /bin/eject could be exploitable." >> /tmp/report
  43.                 echo "/bin/eject" >> /tmp/suidprogs
  44.         else
  45.                 echo " oOo /bin/eject is not exploitable."
  46.         fi
  47. else
  48.         echo " oOo /bin/eject doesn't exist!"
  49. fi
  50.  
  51.  
  52. if [ -s /bin/fdformat ]; then
  53. echo " oOo /bin/fdformat exists, checking for vunerabilities..."
  54.         if test -u /bin/fdformat
  55.         then
  56.                 echo " oOo /bin/fdformat is suid and seems exploitable."
  57.                 echo "  oOo The scanner found /bin/fdformat could be exploitable." >> /tmp/report
  58.                 echo "/bin/fdformat" >> /tmp/suidprogs
  59.         else
  60.                 echo " oOo /bin/fdformat is not exploitable."
  61.         fi
  62. else
  63.         echo " oOo /bin/fdformat doesn't exist!"
  64. fi
  65.  
  66. if [ -s /usr/sbin/ffbconfig ]; then
  67. echo " oOo /usr/sbin/ffbconfig exists, checking for vunerabilities..."
  68.         if test -u /usr/sbin/ffbdonfig
  69.         then
  70.                 echo " oOo /usr/sbin/ffbconfig is suid and seems exploitable."
  71.                 echo "  oOo The scanner found /usr/sbin/ffbconfig could be exploitable." >> /tmp/report
  72.                 echo "/usr/sbin/ffbconfig" >> /tmp/suidprogs
  73.         else
  74.                 echo " oOo /usr/sbin/ffbconfig is not exploitable."
  75.         fi
  76. else
  77.         echo " oOo /usr/sbin/ffbconfig doesn't exist!"
  78. fi
  79.  
  80. if [ -s /usr/bin/rlogin ]; then
  81. echo " oOo /usr/bin/rlogin exists, checking for vunerabilities..."
  82.         if test -u /usr/bin/rlogin
  83.         then
  84.                 echo " oOo /usr/bin/rlogin is suid and seems exploitable."
  85.                 echo "  oOo The scanner found /usr/bin/rlogin could be exploitable." >> /tmp/report
  86.                 echo "/usr/bin/rlogin" >> /tmp/suidprogs
  87.         else
  88.                 echo " oOo /usr/bin/rlogin is not exploitable."
  89.         fi
  90. else
  91.         echo " oOo /usr/bin/rlogin doesn't exist!"
  92. fi
  93.  
  94. if [ -s /usr/dt/bin/sdtcm_convert ]; then
  95. echo " oOo /usr/dt/bin/sdtcm_convert exists, checking for vunerabilities..."
  96.         if test -u /usr/dt/bin/sdtcm_convert
  97.         then
  98.                 echo " oOo /usr/dt/bin/sdtcm_convert is suid and seems exploitable."
  99.                 echo "  oOo The scanner found /usr/dt/bin/sdtcm_convert could be exploitable." >> /tmp/report
  100.                 echo "/usr/dt/bin/sdtcm_convert" >> /tmp/suidprogs
  101.         else
  102.                 echo " oOo /usr/dt/bin/sdtcm_convert is not exploitable."
  103.         fi
  104. else
  105.         echo " oOo /usr/dt/bin/sdtcm_convert doesn't exist!"
  106. fi
  107.  
  108. if [ -s /usr/X11/bin/xlock ]; then
  109. echo " oOo /usr/X11/bin/xlock exists, checking for vunerabilities..."
  110.         if test -u /usr/X11/bin/xlock
  111.         then
  112.                 echo " oOo /usr/X11/bin/xlock is suid and seems exploitable."
  113.                 echo "  oOo The scanner found /usr/X11/bin/xlock could be exploitable." >> /tmp/report
  114.                 echo "/usr/X11/bin/xlock" >> /tmp/suidprogs
  115.         else
  116.                 echo " oOo /usr/X11/bin/xlock is not exploitable."
  117.         fi
  118. else
  119.         echo " oOo /usr/X11/bin/xlock doesn't exist!"
  120. fi
  121.  
  122. if [ -s /usr/vmsys/bin/chkperm ]; then
  123.         echo " oOo The chkperm program exists, the chkperm technique should work..."
  124.         echo "  oOo The scanner found /usr/vmsys/bin/chkperm could be exploitable." >> /tmp/report
  125.         echo "/usr/vmsys/bin/chkperm" >> /tmp/suidprogs
  126. else
  127.         echo " oOo /usr/vmsys/bin/chkperm doesn't exist!"
  128. fi
  129.  
  130. echo " "
  131. echo " " >> /tmp/report
  132. echo "  End of report, this scanner was scripted by so1o@insecurity.org" >> /tmp/report
  133. echo " "
  134. echo " oOo The scan is now complete, a report has been written to /tmp/report  oOo"
  135. echo " "
  136. exit 0
  137. }
  138.