[rescue] SGI Irix / Indy question

Brooke Gravitt brooke at gravitt.org
Sat Dec 20 18:08:09 CST 2003

> Did the telnetd exploit fail?  It's valid for IRIX 6.2 up to 6.5.9 and
> SGI only supplied patches for 6.5.x.
> /KRM

Looks like I may have a crack. I compiled and ran the exploit code from

and got :

copyright LAST STAGE OF DELIRIUM jul 2000 poland  //lsd-pl.net/
telnetd for irix 6.2 6.3 6.4 6.5 6.5.8 IP:all
IRIX 6.2  libc.so.1: no patches      telnetd: no patches

Looks like telnetd isn't patched. I should be able to cause a buffer
overflow and get a shell...

Now maybe i don't have to open the box after all. would have been easier
had it been the way I got into my long lost Indigo2: all the normal
passwordless accounts were open, and the root password turned out to be
"password". Ha!

More information about the rescue mailing list