|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Giorgos Keramidas (keramida
ceid.upatras.gr)Date: Wed Feb 06 2002 - 13:53:08 CST
On 2002-02-06 14:05, Artem 'Zazoobr' Ignatjev wrote:
> > From owner-freebsd-securityFreeBSD.ORG Tue Feb 5 22:59:39 2002
> > Date: Tue, 05 Feb 2002 12:54:41 -0700
> > To: Victor Grey <victorcustomdynamic.net>, <freebsd-securityFreeBSD.ORG>
> > From: Brett Glass <brettlariat.org>
> > Subject: Re: Is this evidence of a break-in attempt?
> >
> > In a word, yes. Looks like they went to the box with a
> > keyboard and a mouse, rebooted, and tried to log in.
> > Clearly, they were so clueless that they did not know
> > about single-user mode.
> >
> Well, if console is marked as `insecure' (which is MY default policy)
> single mode couldn't help them too much.
> But there is a way to get contents of any file in root filesystem from
> loader(8), so they could get root hash.
You're assuming the attacker (yes, it was a naive attack of some form)
knows a lot of stuff. He didn't know about single-user mode[1]. He didn't
have enough clue to come with fixit and just power-cycle the box. Is that
the person you're expecting to have the knowledge it takes to use loader
for password stealing+cracking? :P
"loader? What do you mean? What the heck is that? I just plugged
in my brand new PS/2 mouse, and a keyboard and rebooted. The
fscking thing didn't even get to the point where Windows displays
'Press CTRL+ALT+DEL to log in.' so I pressed CTRL+ALT+DEL a few
times. Can you guess? Yes, this FreeBSD thing is so obviously
retarted it does NOTHING when you press CTRL+ALT+DEL! I had to
power-cycle it again to remove my keyboard and mouse!"
-- Giorgos Keramidas . . . . . . . . . keramidaTo Unsubscribe: send mail to majordomo
To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]