Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: BoS: tee see shell problems
From: travis () EvTech com (Travis Hassloch x231)
Date: Mon, 16 Sep 1996 14:29:53 -0500

In message <Pine.LNX.3.94.960913223432.23513A-100000 () primeline net> you write:

I just tested a variation of this exploit with bash 1.14.6(1)
running on Linux 2.0.13.  By using my variation I managed to become root.


Funny, I couldn't get it to work on Solaris:

bash$ bash -version
GNU bash, version 1.14.5(1)
bash$ ls -la
total 12
drwx------  2 travis         60 Sep 16 14:20 .
drwxrwxrwx  5 root          949 Sep 16 14:20 ..
-rwx------  1 travis         61 Sep 16 14:23 .WaReZ
bash$ cat .WaReZ
echo Im a lamer, lookatmee whohoo
touch /tmp/bar
echo u loze
bash$ pwd
/tmp/`source .WaReZ'
bash$ cd ..
bash$ cd *W*
bash$ ls -la /tmp/bar
/tmp/bar not found
bash$ pwd
/tmp/`source .WaReZ'

# to prove that it really works:
bash$ source .WaReZ
Im a lamer, lookatmee whohoo
u loze

Am I missing something here?
I also tried simpler names like /tmp/`echo hi` - again, didn't work.

  By Date           By Thread  

Current thread:
  • Re: BoS: tee see shell problems Travis Hassloch x231 (Sep 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]