Vulnerability Development mailing list archives
Re: Kill the DOG and win 100 000 DM
From: Jay Tribick <jay.tribick () CARRIER1 NET>
Date: Fri, 10 Nov 2000 19:31:45 +0000
Jay Tribick let me know that you guys were having a discussion of the PitBull hacking contest going on right now on this list so I thought I would join and offer myself for questions and whatnot. To introduceOK, just curious about a few things: Wasn't the root password supposed to be published?
The root password wouldn't do you much good.. the isso password on the other hand would, and I've had a box cracking that shadow file since it came out. No joy yet :/
What would happen if someone telneted in from localhost and tried to login as isso -e "TS ALL", and used the correct password?
Good question.. although they could have made it so that console access is a prerequisite for logging into the isso account. One thing I haven't tried (and therefore don't know if it works or not) is opening the /dev/console device.. if it was possible to open that (bypassing the lock that ttymon will hold on it) then you may be able to login to the box as if you were on the console. Anyone know if this would work? There's other issues to deal with.. but it'd be a good first step to compromising the box.. and would also mean, once we have the isso password, that we could kick the box into maintennance mode and start circumventing the security from there.
Does ps show all processes or only certain processes are seen when logged in as beaner?
It will only show the processes within your SL range, seeing as we don't have any access to /tbin we're limited in the scope of our attack.. we can't even see what the SL range for the user is at present :( . o ( I wonder if it's possible to upload /tbin/setsl from an already running pitbull system.. after all it's only a few system calls and I assume this user has GETSL authorisation ) Just a thought. -- Regards, Jay Tribick Senior Systems Engineer Carrier1 Voice: +44 207 531 3874 Mobile: +44 7801 526 638
Current thread:
- Re: Kill the DOG and win 100 000 DM, (continued)
- Re: Kill the DOG and win 100 000 DM Ghory, Zeshan A (Nov 09)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 10)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Mark (Nov 12)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 15)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 15)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)