Full Disclosure mailing list archives
Re: Putty Proxy login/password discolsure....
From: Valdis.Kletnieks () vt edu
Date: Thu, 02 Nov 2006 10:49:41 -0500
On Thu, 02 Nov 2006 06:47:02 PST, Brian Dessent said:
8. Using rootkit installed in 6, get privilege and manipulate log files, utmp, kernel state, et al. to cover any traces of a shutdown.
"Funny.. when I left for lunch I was logged in and a screensaver running..." It's really hard to put the state back exactly the way it was - currently running processes are particularly obnoxious. At best, you can make it not-too-obtrusive. Of course, with *most* users, stealth isn't required, as they'll just assume the frikking thing crashed and rebooted again. It's also loads of fun if the box in question is a server that's being monitored by Big Brother or similar. Kinda hard to erase the 'red' marker on the big screen in the NOC. Similar comments apply to machines that report to a central syslog server...
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Putty Proxy login/password discolsure.... nocfed (Nov 01)
- Re: Putty Proxy login/password discolsure.... Tonnerre Lombard (Nov 02)
- Re: Putty Proxy login/password discolsure.... nocfed (Nov 03)
- Re: Putty Proxy login/password discolsure.... Valdis . Kletnieks (Nov 02)
- Re: Putty Proxy login/password discolsure.... Brian Dessent (Nov 02)
- Re: Putty Proxy login/password discolsure.... Valdis . Kletnieks (Nov 02)
- Re: Putty Proxy login/password discolsure.... Michael Holstein (Nov 02)
- Re: Putty Proxy login/password discolsure.... Brian Dessent (Nov 02)
- Re: Putty Proxy login/password discolsure.... Dude VanWinkle (Nov 02)
- Re: Putty Proxy login/password discolsure.... stany (Nov 03)
- Re: Putty Proxy login/password discolsure.... Tonnerre Lombard (Nov 02)