Consider the following...
Almost 99% of ftpd's installed around the net enable anonymous
logins to d/l the /etc/passwd file. Just get the file and re-code the
login source (VERY simple) to try all combinations on the root password
from the file you just d/l on YOUR OWN MACHINE - result:
A. MUCH MUCH faster then doing it on the actual target machine.
B. Completely safe - everything is done on your machine - I.E. no
logging is done anywhere!!!!
--------------------------------------------------------------------------
- | |
- Ze'ev Maor | "We all have a little Daemon inside... |
- gmaor_at_tx.technion.ac.il | ...Waiting to come out and become a kernel"|
- | |
--------------------------------------------------------------------------
On Tue, 4 Jun 1996, *Hobbit* wrote:
> Pop3 isn't the only thing with that problem. Stock rexec, for example, never
> logs anything and is another good way to hammer on password guesses from the
> outside. [See "rservice.c" to make this easier...] Several other daemons,
> particularly the vendor-supplied variety, are similarly lame. That's what tcp
> wrappers and logdaemon are for..
>
> _H*
>
Received on Jun 04 1996
Intro
