Bugtraq mailing list archives

Re: rdist

From: rafi () tavor openu ac il (Rafi Sadowsky)
Date: Wed, 16 Mar 1994 15:15:40 +0200 (IST)


*Hobbit* wrote:


Funny, I just pulled virtually the same script out of a packet dump
last last week and was going to send it in.  In this case they called it
"rd.s" and most of the comments were gone except for one at the top
claiming it had been written by "Yo Man!" ... 

The gracious providers of this script, once having used it, were apprehended
in the process of scanning several places with "rpcinfo" looking for X.25
links [or whatever the x25.inr RPC service is].

_H*

"historical" note 

this script was used to break in to an Ultrix machine here in aug 92
the guy opened an account for himself with a username of "yo"
so he probably was genius who originated it ....
(yo is short for yonatan - which is the hebrew version Jonathan -his nam )
at the time he was a student at Ben-Gurion Uni (bgu.ac.il in Beer-Sheva, Israel)
and part of a (then) quite active cracking group there 


he went up for a disciplinary hearing at BGU and got of quite lightly
(the police said there wasn't enough evidence to prosecute ...)


        Rafi

P.S. I still have a .tar.Z file of his dir with cracking tools
there was the rdist script  + crack-4.1 + the
usual assormtment of utmp/wtmp editing tools +
a c prog for capturing passwds with following comment in the header
-
/* when run from a shell-escape in /bin/mail, this program is able to 
   read any password given to su, telnet, rsh by any user.  

   Works on Ultrix 4.0-4.2 with no mods
*/
-
the whole bundle was sent off to CERT of course...
I didn't notice any announcments about a fix for this one -
although it didn't seem to work trivialy under Ultrix 4.2A(rev 47) 
and I don't have too much time too play with it ( it reads /dev/{k,}mem )


-- 
+-------------------------------+---------------------------------------+
| Rafi Sadowsky                 | rafi () tavor openu ac il                |
| Comp.Sci. dept                |-[also postmaster () openu ac il]---------+
| Open University of Israel     | Voice: +972-3-6460592                 |
| Tel-Aviv, Israel              | Fax:   +972-3-6460483                 |
+-------------------------------+---------------------------------------+

Current thread:

rdist *Hobbit* (Mar 15)
- Re: rdist Rafi Sadowsky (Mar 16)