Full Disclosure mailing list archives

Re: Putty Proxy login/password discolsure....

From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 2 Nov 2006 16:00:55 -0500

On 11/2/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:

On Thu, 02 Nov 2006 01:15:19 CST, nocfed said:

And if you have physical access then you can simply use a floppy, usb
dongle, or any other type of removable media to boot from.  Once
physical access is obtained then you pretty much have full access,
barring full disk encryption.


For bonus points, figure out how to reboot the machine without being
detected.  For starters, there's that pesky 'uptime' ;)



Back up the settings and configuration of the Operating System and
monitored applications.Then clone the GUID/SID/etc of the machine to
the Attackers laptop and do a restore of the backed up data also to
the attackers laptop, which had the necessary OS put on it in
preparation for the attack.

Pull the data cable out of the server and put it in the laptop. You
are now free to install your rootkit, reboot the server and then cover
your tracks.

Replace cable in server and vamoose

-JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Putty Proxy login/password discolsure.... nocfed (Nov 01)
- Re: Putty Proxy login/password discolsure.... Tonnerre Lombard (Nov 02)
  - Re: Putty Proxy login/password discolsure.... nocfed (Nov 03)
- Re: Putty Proxy login/password discolsure.... Valdis . Kletnieks (Nov 02)
  - Re: Putty Proxy login/password discolsure.... Brian Dessent (Nov 02)
    - Re: Putty Proxy login/password discolsure.... Valdis . Kletnieks (Nov 02)
    - Re: Putty Proxy login/password discolsure.... Michael Holstein (Nov 02)
  - Re: Putty Proxy login/password discolsure.... Dude VanWinkle (Nov 02)
  - Re: Putty Proxy login/password discolsure.... stany (Nov 03)