Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Putty Proxy login/password discolsure....
From: Robert Jaroszuk <zim () iq pl>
Date: Thu, 26 Oct 2006 12:18:35 +0200

Raj Mathur wrote:
On Wednesday 25 October 2006 23:14, cardoso wrote:
Exactly. A few years ago I used to deal with linux fanboys showing
them the cute trick of "linux single" at boot time. After a few
hours begging for the admin password, I teached the trick and they
usually stopped the brag about how security Linux was.

Can't do that in most modern distributions today -- they're configured 
to ask for root password before they give a single-user shell.

Not that there aren't other ways around that restriction...

Ever heard about "init=/bin/sh" ?
It doesn't ask for password and it gives a root shell.
If you don't have password set in lilo.conf, box is 0wned.

... Robert Jaroszuk ...
GCS/IT/O d? s: a-- C++ ULB++++$ P+ L++++$ E--- W- K- N+ DI+ V-
w M- PS+ PE Y(+) PGP-(+++) t-- 5? X- R tv-- b++>++++ D- y+ G++
.. http://zim.iq.pl/ . RJ735-RIPE . http://zim.iq.pl/photo/ ..
... The superior warrior wins without fighting -- Sun Tzu. ...

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]