IRIX MIPS processor shellcode. Tested on R12000 process with system IRIX64 6.5.26m.
a44477ca1f8cd02261ab5c90a11b65a2d02cc650a4771be9db30638bfc80f798
SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.
6f90ee10780f9ce1e84434cd416d1bb52ce40db82cd9f3b32770f230eec3040c
SGI IRIX 6.5 local root exploit that makes use of /usr/sysadm/bin/lezririx.
9e782c3248720f5c96b198b4d71e6be19f6122f33549f5c9a73407a910e5dbf2
Old irix sendmail hole.
1a171ff8efeeb5a569dcc986d1638bfeda943a5eec65da53e4193eedb599c7bc
364 byte MIPS/Irix PIC port binding shellcode (source included)
c46107fcb5c7497a3d6dd32bc368da7cc825324bae592dbed4b55090d2e2f813
68 byte MIPS/Irix PIC execve shellcode (source included)
6d61eb0821d6cdc026bbc6ae30e9581bf9cef4c2446a60a4aa61309df60b9559
A serious vulnerability has been found in IRIX telnetd which can give remote root access to any IRIX 6.2-6.5.8[m,f] system. The vulnerability occurrs when one of the environment variables contains a format string which is passed on to the syslog() function. Proof of concept exploit included (updated version - compiler and little endian fixes). Fix available here.
f3757ed7c83366e37236fcd1468ac10d93f1b85113d1d44c9616dc8a918135d9
libc.so NLSPATH local exploit for Irix 6.2.
e85e8187d098ebd688d3477b8b4f2a5c06fecf078ca93a00d0e4689f460e9a32
Irix 6.3/6.2 /usr/bin/X11/xlock local buffer overflow exploit.
b8d9843b397b57fccaa793ccf840cd9d1975e50c5e927c8e182b01e64aeea9fa
rpc.ttdbserverd remote root exploit for irix 5.2 5.3 6.2 6.3 6.4 6.5 6.5.2.
013680ab2f18fda2da0613e985b4d69e5e887fe8bfcdd023cd1e22f04cb5343e
IRIX Login Security - In this paper you will learn a bit about logins, and the seriousness of what could happen if you don't take certain precautions. You will have found out some options you can take with your logins, certain restrictions, and a lot more.
35daa4e31eadc2e9835852cb680f16c18c3d63d83c32a3c93afa078dcdfd4718
SGI IRIX objectserver remote exploit - Remotely adds account to the IRIX system. Patched February, 1998. Tested on IRIX 5.2, 5.3, 6.0.1, 6.1 and even 6.2.
50cc9680c224be9e0219d599f01be7fd1deae2ff3856942ef92ade8bb1049054
Irix 6.5 InfoSearch is a web-based interface to books, manpages, and relnotes, distributed by SGI. infosrch.cgi can execute commands remotely.
eba4d77a802d260631abb020810e7f15fba73aa9ed4f550a8086a00d34d95608
This program checks many IRIX security holes automatically. If you are admin, can check easily the security vulnerabilities of each IRIX. Don't use for the auto attack. This scanner contains the ttdbserver attack, this function is based on the script which is developped by the rootshell. thanks.
fdb645ddef470ad46457b433af158fdcca322e238d6798e1a9c1d9a0dfd44190
Scans for the default logins on IRIX boxes. Courtesy of Mixter
24bb4b2576c66fa3a627292e52438a6d2321f903c3b4f9c6b6d8b7f9aeebb68e
IRIX's (versions 6.4, 6.5 and 6.5.2) fcagent daemon is vulnerable to a Denial of Service attack, which involves sending a specific RPC packet to the fcagent daemon.
4b7cd0ae9439fbb26e8e8cd428eecf4bb11b41bcf64331d0d8dc7533366cd1ef
Three buffer overflow exploits to get root on Irix.
6f46de5c128d3fb8874a4c23a09714ace1800238d667d5a9665984f04846eb31
IRIX 6.2 'at' allows you to send yourself files owned by root via e-mail.
b457a616615cc3321399981969ba0786268b4aae4bce8e6b62ae9fd5ff63e0dc
IRIX midikeys setuid permissions allow local root compromise. Exploit description and vendor recommended temporary solution included.
29ae2ff4845e65a827c57fd2c78ac6cac0a775cd014310a4523f453aa54f9db3
IRIX versions of wu-ftpd are also vulnerable to buffer overflows, resulting in potential root compromise.
5e7b2edecefa87ba2138c3cf75d596c6b6552aea446f9096c6d1172323e31fe4
IRIX v5.3 - v6.5 X server font path buffer overflow vulnerability can lead to remote root compromise. Vendor patch information included.
85cfa5a85bdc6f12264cccc1756577a17b835c0db9ca363f7c2bf576b29881b2