Bugtraq mailing list archives
IRIX 6.2 passwordless accounts exploit?
From: strombrg () NIS ACS UCI EDU (Dan Stromberg)
Date: Mon, 28 Sep 1998 15:31:28 -0700
We've had a lot of script kiddies running an exploit against our campus, that checks for accounts that are passwordless by default in IRIX 6.2 - like 4Dgifts, EZsetup, and so on. I've seen indications this isn't limited to our campus... This script has been generating hoardes of syslog entries like: Sep 27 12:43:19 foo.bar login[16310]: failed: ?@warble.frob as 4Dgifts Amusingly, our suns, decs and linux machines run a fake tcpmux, so we have lots of somewhat clueless kiddies checking for this vulnerability on machines of the wrong OS :). Anyway, can anyone make this exploit available, so I don't need to reinvent the wheel in order to check for this myself? It'd probably be easy in python, but it'd be nice to have "the real thing", the script the kiddies are using themselves. I checked rootshell.com, queried for sgi and 4Dgifts, but nothing relevant popped up. I know, if I "were a white hat" I could check /etc/passwd (or /etc/shadow) myself. It's complicated. And I am a white hat. Besides, the list is full disclosure.
Current thread:
- Re: 1+2=3, +++ATH0=Old school DoS, (continued)
- Re: 1+2=3, +++ATH0=Old school DoS Ross Wheeler (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS *unknown* (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Jason (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Tudor Bosman (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Daniel Hauck (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS Pete Gonzalez (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS John M. Flinchbaugh (Sep 28)
- SHADOW group research indicates distributed probes and attacks Patrick Oonk (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Adrian Gonzalez (Sep 28)
- Modem ATH0 thread route () RESENTMENT INFONEXUS COM (Sep 28)
- IRIX 6.2 passwordless accounts exploit? Dan Stromberg (Sep 28)
- Re: IRIX 6.2 passwordless accounts exploit? D.A. Harris (Sep 28)
- Re: IRIX 6.2 passwordless accounts exploit? Eugene Bradley (Sep 28)
- Re: Solaris non-root login (was: IRIX 6.2 pass...) Richard Yates SPG (Sep 29)
- mountd- more info (sorry) John Caldwell (Sep 28)
- Bay Accelar 1000 series Steven Hearon (Sep 28)
- Re: mountd- more info (sorry) RHS Linux User (Sep 29)
- rpc.mountd vulnerabilities tiago (Sep 29)
- Re: rpc.mountd vulnerabilities morex .- (Sep 29)
- Snork exploit route () RESENTMENT INFONEXUS COM (Sep 29)
- Re: rpc.mountd vulnerabilities Alan Brown (Sep 29)
- Re: 1+2=3, +++ATH0=Old school DoS John M. Flinchbaugh (Sep 28)