[Arm-netbook] root hacked - exploit
Alejandro Mery
amery at geeks.cl
Fri Feb 19 12:19:30 GMT 2010
On 19/02/10 10:07, Oliver Kiddle wrote:
> I had it add an additional line to /etc/passwd for a new user
> that wasn't called root but had a uid/gid of zero.
Hi,
in this line I wrote an script to make it simpler for the rest of
the people. It's attached.
The script creates a superuser named "toor" without password. Using
ssh you run it with `/bin/sh exploit-midfun-0.sh`. Without ssh,
download it to "MyDocuments", open the file manager there and change
the properties of the file to executable, then double click it.
reboot.. and welcome 'toor'.
btw, my `john -incremental:All -format:DES` is still running.
...
1:19:34:23 - Switching to length 7
1:19:34:23 - Expanding tables for length 7 to character count 35
1:19:34:23 - Trying length 7, fixed @1, character count 35
Alejandro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exploit-midfun-0.sh
Type: application/x-sh
Size: 215 bytes
Desc: not available
Url : http://lists.phcomp.co.uk/pipermail/arm-netbook/attachments/20100219/ef6eb35e/attachment.sh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5215 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.phcomp.co.uk/pipermail/arm-netbook/attachments/20100219/ef6eb35e/attachment.bin
More information about the Arm-netbook
mailing list