Bugtraq mailing list archives
Re: Breaking in from the monitor at the console
From: george () siltrain demon co uk (George Hodson)
Date: Tue, 31 May 94 07:58:57 BST
AS you say, this really works, does anyone have the figures for Solaris 2.3? Presumably its just the offset into the cred structure that will be different? Seeya George PS watch out using "#eeprom secure=full", if you loose the password you can have a lot of fun trying to recover! (you need a password to even boot!) Mind you Sun will happily supply you with a new mother board (who carries NVRAM's?).
Reply-To: an100188 () anon penet fi Date: Fri, 27 May 1994 15:34:36 UTC Subject: Breaking in from the monitor at the console Sender: bugtraq-owner () crimelab com Breaking into a machine, typically a workstation, by using the monitor at the console to poke values into memory has always been possible. I didn't realize how simple and unobtrusive it was before I saw this script. This one is for Suns, but the principle applies to any machine with a console monitor. On Sun4s there is some sort of "secure mode" that I presume lets you disable the monitor. It is possible to change the L1-A sequence to another pair of keys, but if you own /dev/console you can change it back. This obscurity may or may not be useful. This particular attack needs a way to run the script on the machine, typically in a shell. I presume there are other spots where you could tickle a machine that don't even require that. Physically secure consoles prevent this attack. Sigh.
Current thread:
- Breaking in from the monitor at the console an100188 () anon penet fi (May 27)
- <Possible follow-ups>
- Re: Breaking in from the monitor at the console an100188 () anon penet fi (May 28)
- Re: Breaking in from the monitor at the console Bonfield James (May 31)
- More PROM password problems Bonfield James (May 31)
- Re: Breaking in from the monitor at the console George Hodson (May 30)
- Re: Breaking in from the monitor at the console John C. Orthoefer (May 31)
- Re: Breaking in from the monitor at the console Matthew Jude Brown (May 31)
- Re: Breaking in from the monitor at the console Bruce Barnett (May 31)
- Re: Breaking in from the monitor at the console Casper Dik (May 31)
- Re: Re: Breaking in from the monitor at the console Pete Hartman (May 31)