Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

ALERT ALERT plaintext passwords in linux ALERT ALERT

From: ppan () hushmail com (ppan () hushmail com)
Date: Sun, 15 Sep 2002 09:22:15 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

oops, someone edited my mail
.-(     <-- oneeyed pirate
the fix is of course: rm -rf /proc/kcore





Problem:  Linux stores your passwords in plaintext
         See proof of concept exploit below

Fix:      rm -rf /dev/kmem


Demonstration:

---flic---
bash$ ./passcheck.sh secret
checkpass v1.5
Proves that kmem leakes your passwords
Needs to be run as root
By etah^etihw aka peter-pan

Checking for password 'secret'
Binary file /proc/kcore matches
-flac-

OMG!!!! it matches!!!
Please don't tell anyone my root password because
I cant change it because i deleted the passwd program
because i thougt that it is vulnerable but I
think it was not vulnerable but i cant get it because
I have to port undel.exe to lunix first.

Here is the 0-DAY exploit!
Please do not abuse!!!

---click---
#!/bin/bash

# POC exploit
# shows kmem is a fscking leaker!

echo "checkpass v1.5";
echo "proves that kmem leakes your passwords";
echo "needs to be run as root";
echo "by etah^etihw";
echo "             ";

echo "checking for password '$1'";
grep $1 /proc/kcore
---clack---

(do not forget to make 'chmod +x passcheck.sh'!!)


Greets:
zisss (you are the man bro!!)
drater (mad resopectz to yu0!!)
verb (wuz up? your a.t. owns me ass!!)
jchrist (your dad > *)

regards
Peter Pan

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlkEARECABkFAj2EtAYSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7i+O4AoJ2O
iOC5OdOkZEXlmeEV0V8ho+OsAJ94pIMt/I7+BXirHzlwNpheI6kI7w==
=ZL7v
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com
Previous By Date Next
Previous By Thread Next

Current thread: