Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: help: I need to crack my box
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Tue, 22 Jul 2008 09:09:55 -0500

--On Tuesday, July 22, 2008 09:35:03 +0200 Lucio Crusca <lucio () sulweb org> 

Alex Howells wrote:

Probably not and I can't think anyone hiding a 0-day is going to
release it for this. Sorry.
No 0-day needed here, Lenny does not have security updates, so all I need is
some PoC code already released in the last few months...

Paul Schmehl wrote:
Ask the hosting company
It's a firewalled LAN machine that had the VNC port open for a while, but
it's not hosted by a provider, my customer has it under its desk (yes, ok,
it's not really mine, but my customer doesn't even know what a computer
is). I can access it now with ssh through a tunnel, that's all I have.

So call your customer up and walk him through rebooting, going into single user 
mode and changing the password.

Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]