Full Disclosure mailing list archives
Re: Automated ssh scanning
From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 26 Aug 2004 09:08:15 -0500 (CDT)
the real thing this user most likely suffered from was the weak account passwd double, guest:guest. Now, if the admin and other account were setup with strong passwd's and this account was either setup with a strong passwd or not setup at all might be a better test of the stability of ssh and the debain setup in question. Thanks, Ron DuFresne On Thu, 26 Aug 2004, Tig wrote:
On Wed, 25 Aug 2004 19:43:47 -0400 Gerry Eisenhaur <GEisenhaur () Cisco com> wrote:I am confused, you said you knew about some SSH scanning going on, then set up those accounts on a box. Now you are curious way that box got rooted? Maybe I am missing something, but it seems you already have a pretty good assumption of why it got rooted. The software, as you seem to know, is a few exploits, a backdoor and some IRC stuff(bot and proxy). /gerryI think you did miss the point (which was a very good one). Basically, once you have unprivileged access to a currently patched Woody box, you can quickly gain root access. I would love to see this tested against other version of Linux and *BSD with default (and updated) installations. Anyone have a spare box and a few hours? -Tig _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Automated ssh scanning Richard Verwayen (Aug 25)
- Re: Automated ssh scanning Gerry Eisenhaur (Aug 25)
- Re: Automated ssh scanning Tig (Aug 26)
- Re: Automated ssh scanning Ron DuFresne (Aug 26)
- Re: Automated ssh scanning Tig (Aug 26)
- Re: Automated ssh scanning Tremaine (Aug 26)
- Re: Automated ssh scanning Gerry Eisenhaur (Aug 26)
- Re: Automated ssh scanning Tig (Aug 26)
- Re: Automated ssh scanning Gerry Eisenhaur (Aug 25)
- Re: Automated ssh scanning VeNoMouS (Aug 25)
- Re: Automated ssh scanning VeNoMouS (Aug 25)
- Re: Automated ssh scanning Henrik Persson (Aug 25)
- Re: Automated ssh scanning Richard Verwayen (Aug 26)
- Re: Automated ssh scanning Henrik Persson (Aug 26)
- Re: Automated ssh scanning Richard Verwayen (Aug 26)
- Re: Automated ssh scanning VeNoMouS (Aug 25)
- Re: Automated ssh scanning David Vincent (Aug 25)