Full Disclosure mailing list archives
ALERT ALERT plaintext passwords in linux ALERT ALERT
From: ppan () hushmail com (ppan () hushmail com)
Date: Sun, 15 Sep 2002 09:08:22 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Problem: Linux stores your passwords in plaintext See proof of concept exploit below Fix: rm -rf /dev/kmem Demonstration: - ---flic--- bash$ ./passcheck.sh secret checkpass v1.5 Proves that kmem leakes your passwords Needs to be run as root By etah^etihw aka peter-pan Checking for password 'secret' Binary file /proc/kcore matches - -flac- OMG!!!! it matches!!! Please don't tell anyone my root password because I cant change it because i deleted the passwd program because i thougt that it is vulnerable but I think it was not vulnerable but i cant get it because I have to port undel.exe to lunix first. Here is the 0-DAY exploit! Please do not abuse!!! - ---click--- #!/bin/bash # POC exploit # shows kmem is a fscking leaker! echo "checkpass v1.5"; echo "proves that kmem leakes your passwords"; echo "needs to be run as root"; echo "by etah^etihw"; echo " "; echo "checking for password '$1'"; grep $1 /proc/kcore - ---clack--- (do not forget to make 'chmod +x passcheck.sh'!!) Greets: zisss (you are the man bro!!) drater (mad resopectz to yu0!!) verb (wuz up? your a.t. owns me ass!!) jchrist (your dad > *) regards Peter Pan -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlkEARECABkFAj2EsMoSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7iPaIAn2pT NuLBzLYbzXbT/Ked+GXgzcS/AKC2Q4jNv/wsI8bIjJq1yr/luPasGQ== =93nH -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com
Current thread:
- ALERT ALERT plaintext passwords in linux ALERT ALERT ppan () hushmail com (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Ka (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT John (Sep 16)
- <Possible follow-ups>
- ALERT ALERT plaintext passwords in linux ALERT ALERT ppan () hushmail com (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT Mikhail Iakovlev (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT martin f krafft (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT silvio () big net au (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Michal Zalewski (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT silvio () big net au (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT Mikhail Iakovlev (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Guy Cohen (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT White Vampire (Sep 15)