Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Putty Proxy login/password discolsure....

From: Juan Pablo Daniel Borgna <jpdborgna () shellcode com ar>
Date: Sun, 29 Oct 2006 13:39:05 -0300
El jue, 26-10-2006 a las 12:18 +0200, Robert Jaroszuk escribió:

Raj Mathur wrote:

On Wednesday 25 October 2006 23:14, cardoso wrote:
  

Exactly. A few years ago I used to deal with linux fanboys showing
them the cute trick of "linux single" at boot time. After a few
hours begging for the admin password, I teached the trick and they
usually stopped the brag about how security Linux was.
    


Can't do that in most modern distributions today -- they're configured 
to ask for root password before they give a single-user shell.

Not that there aren't other ways around that restriction...
  


Ever heard about "init=/bin/sh" ?
It doesn't ask for password and it gives a root shell.
If you don't have password set in lilo.conf, box is 0wned.

You could use the 'restrict' option, it dosnt ask for a password unless
you modify this arguments. (if you press enter u boot, if you add init=*
it asks for a passwd).

Saludos, Juan Pablo.



-- 
Juan Pablo Daniel Borgna <jpdborgna () shellcode com ar>
Development Manager
SHELLCODE, IT Solutions & Security Research.
Paraná 264, Piso 4to, Of.46 - C1017AAF
Ciudad Autónoma de Buenos Aires - Argentina
Phone: +54 (011) 57.11.52.63

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: