Bugtraq mailing list archives
Breaking in from the monitor at the console
From: an100188 () anon penet fi (an100188 () anon penet fi)
Date: Fri, 27 May 1994 15:34:36 UTC
Breaking into a machine, typically a workstation, by using the monitor at the console to poke values into memory has always been possible. I didn't realize how simple and unobtrusive it was before I saw this script. This one is for Suns, but the principle applies to any machine with a console monitor. On Sun4s there is some sort of "secure mode" that I presume lets you disable the monitor. It is possible to change the L1-A sequence to another pair of keys, but if you own /dev/console you can change it back. This obscurity may or may not be useful. This particular attack needs a way to run the script on the machine, typically in a shell. I presume there are other spots where you could tickle a machine that don't even require that. Physically secure consoles prevent this attack. Sigh.
Current thread:
- Breaking in from the monitor at the console an100188 () anon penet fi (May 27)
- <Possible follow-ups>
- Re: Breaking in from the monitor at the console an100188 () anon penet fi (May 28)
- Re: Breaking in from the monitor at the console Bonfield James (May 31)
- More PROM password problems Bonfield James (May 31)
- Re: Breaking in from the monitor at the console George Hodson (May 30)
- Re: Breaking in from the monitor at the console John C. Orthoefer (May 31)
- Re: Breaking in from the monitor at the console Matthew Jude Brown (May 31)
- Re: Breaking in from the monitor at the console Bruce Barnett (May 31)
- Re: Breaking in from the monitor at the console Casper Dik (May 31)
- Re: Re: Breaking in from the monitor at the console Pete Hartman (May 31)