Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: screen 4.0.3 local Authentication Bypass - Working on multiple systems
From: Nico Golde <fd () ngolde de>
Date: Wed, 6 Jun 2007 19:11:26 +0200

Hi,
* Sûnnet Beskerming <info () beskerming com> [2007-06-06 15:19]:
[...] 
~user(screen) $ echo Once the process is killed, I should not reappear.
Once the process is killed, I should not reappear.
~user(screen) $ ^a+x
Key: [1234]
Again: [1234]
Screen used by User <user>.
Password:

At this stage we now need to kill the right process.  On OS X, screen  
ignores the SIGINT sent by ^c, so we need to send it a SIGKILL.   
Using your favourite process killer, kill the outer screen pid  
(5171).  If you vary the process, such as:
[...]
What is the point of locking screen with a password if you 
have an open shell on the host??? In this case you can just 
close the window an reattach the screen session.
Kind regards
Nico
-- 
Nico Golde - JAB: nion () jabber ccc de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault