Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Fw: Re: Kill the DOG and win 100 000 DM

From: Guilherme Mesquita <guy () linuxbr com br>
Date: Mon, 6 Nov 2000 20:18:20 -0200
I'm just forwarding because I didnt use Reply-to-all, forgive me ;), read
what's quoted.

On Mon, 06 Nov 2000, Guilherme Mesquita wrote:

Reply-To: guy () linuxbr com br
Subject: Re: Kill the DOG and win 100 000 DM

I tryied in the day when they released the IP. The box was firelled by a
router or something like that. It just duped the packet to other router
like they do when they want to take off the traceroute... Well... I think
the admins from pitbull might be some kid of "I AM THE SUPER-ROOT,
UNBEATEBLE WITH MY SUPER-PIX-FIREWALL!@#". All the contests I heard about
installed and let a PLAIN BOX WITH SOME LITTLE PATCHES *ALL OPEN*, NO
FIREWALL. If you're a good sysadmin or you wanna sell a product that
REALLY
WORKS AND ITS REALLY SAFE, why would you install a firewall? Are you
afraid
from something? Yeah I bet you are.

Like microsoft always have been ;)

Regards.



--- ends here. ---


On Mon, 6 Nov 2000, Lincoln Yeoh wrote:

Date: Mon, 6 Nov 2000 14:38:13 +0800
To: VULN-DEV () SECURITYFOCUS COM
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Reply-To: Lincoln Yeoh <lyeoh () POP JARING MY>
Sender: VULN-DEV List <VULN-DEV () SECURITYFOCUS COM>
Subject: Re: Kill the DOG and win 100 000 DM

Hmm. The IP is released but I can't reach the webserver - following
doesn't
work:
http://193.102.208.43/

Maybe the site is already experiencing DOS attacks.

At 09:50 PM 05-11-2000 -0500, //Stany wrote:

On Mon, 6 Nov 2000, Jay Tribick wrote:

root doesn't actually have any privileges on a Pitbull system.. he's
just a normal user (out of the box..)


Actually that's not strictly true either - root user has enough
priviledges to allow the system to boot on power on (not the OBP

security

levels, but the  PB authentication to let system finish booting up),

but

that's about it, yes.


How is remote administration performed? The documentation available
online
says that there is a tool for remote admin, but doesn't go into the
details. I think it's ssh.

Is it possible to telnet in, su to root, then run some program to

upgrade

your authority? Or telnet in, change your level/authority, then su to
root?

For example for Cyberguard on Unixware, you run /sbin/tfadmin newlvl
sys_private. And in theory you're not supposed to be able to do it when
you
telnet in from a device at NETWORK level. You can't do that anymore.

But

point is often reality refuses to follow theory ;).

For Pitbull systems, what does
/tbin/setsecconfig -D0
do?

From:
https://www.argus-systems.com/support/knowledge_base/trouble.shtml#18

I tried to check their online manual, but the manpage doesn't seem to

be

there, even though that command is mentioned in the other manpages
dealing
with privileges and related commands.


..if anyone would like Jeff Thompsons talk from Defcon 7 on "Hacking

B1

Trusted Operating Systems", send me an email and I'll put it up

somewhere.


Sure, please.   Knowledge is power, and all that...


It's actually on one of the sites mentioned in the post:

http://www.argusrevolution.com/downloads/DefCon.ppt
From: http://www.argusrevolution.com/pitbullsupport.html

Do you know where I can find the release notes for Pitbull? e.g. what
bugs
they fixed in each release? This would be more interesting - you find

out

what the developers are having trouble with.

Anyway, I may just poke around when they release root - too lazy to get

a

special Solaris 7 and a copy of Pitbull. That is if I can telnet in

with

all the DOS attacks going on ;).

Cheerio,
Link.

--
.--------------------.
| Guilherme Mesquita |
| guy () linuxbr com br |
| UIN # 5864338      |
`--------------------'

.

.


--
.--------------------.
| Guilherme Mesquita |
| guy () linuxbr com br |
| UIN # 5864338      |
`--------------------'
Previous By Date Next
Previous By Thread Next

Current thread: