Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Putty Proxy login/password discolsure....
From: Juan Pablo Daniel Borgna <jpdborgna () shellcode com ar>
Date: Sun, 29 Oct 2006 13:39:05 -0300

El jue, 26-10-2006 a las 12:18 +0200, Robert Jaroszuk escribió:
Raj Mathur wrote:
On Wednesday 25 October 2006 23:14, cardoso wrote:
Exactly. A few years ago I used to deal with linux fanboys showing
them the cute trick of "linux single" at boot time. After a few
hours begging for the admin password, I teached the trick and they
usually stopped the brag about how security Linux was.

Can't do that in most modern distributions today -- they're configured 
to ask for root password before they give a single-user shell.

Not that there aren't other ways around that restriction...

Ever heard about "init=/bin/sh" ?
It doesn't ask for password and it gives a root shell.
If you don't have password set in lilo.conf, box is 0wned.
You could use the 'restrict' option, it dosnt ask for a password unless
you modify this arguments. (if you press enter u boot, if you add init=*
it asks for a passwd).

Saludos, Juan Pablo.

Juan Pablo Daniel Borgna <jpdborgna () shellcode com ar>
Development Manager
SHELLCODE, IT Solutions & Security Research.
Paraná 264, Piso 4to, Of.46 - C1017AAF
Ciudad Autónoma de Buenos Aires - Argentina
Phone: +54 (011)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]