|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Putty Proxy login/password discolsure....
Valdis.Kletnieks
vt.edu
Date: Thu Nov 02 2006 - 09:49:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 02 Nov 2006 06:47:02 PST, Brian Dessent said:
> 8. Using rootkit installed in 6, get privilege and manipulate log files,
> utmp, kernel state, et al. to cover any traces of a shutdown.
"Funny.. when I left for lunch I was logged in and a screensaver running..."
It's really hard to put the state back exactly the way it was - currently
running processes are particularly obnoxious. At best, you can make it
not-too-obtrusive. Of course, with *most* users, stealth isn't required,
as they'll just assume the frikking thing crashed and rebooted again.
It's also loads of fun if the box in question is a server that's being
monitored by Big Brother or similar. Kinda hard to erase the 'red' marker
on the big screen in the NOC. Similar comments apply to machines that
report to a central syslog server...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFFShOVcC3lWbTT17ARAowsAJ9FIrWUWjNSFRUwqIKsCy7g9AdN5wCfR47v
CNsQmFNuYsmG/GFOAdqjzMg=
=aB27
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]