|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Kill the DOG and win 100 000 DM
From: Lincoln Yeoh (lyeoh
POP.JARING.MY)Date: Mon Nov 06 2000 - 00:38:13 CST
- Next message: Simon Tamás: "Re: Apache ap_getpass vulnerability"
- Previous message: mahdi samadi: "what you know about igmp attack?"
- Next in thread: Sven van 't Veer: "Re: Kill the DOG and win 100 000 DM"
- Next in thread: Ken Pfeil: "Re: Kill the DOG and win 100 000 DM"
- Maybe reply: Lincoln Yeoh: "Re: Kill the DOG and win 100 000 DM"
- Reply: Sven van 't Veer: "Re: Kill the DOG and win 100 000 DM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hmm. The IP is released but I can't reach the webserver - following doesn't
work:
http://193.102.208.43/
Maybe the site is already experiencing DOS attacks.
At 09:50 PM 05-11-2000 -0500, //Stany wrote:
>On Mon, 6 Nov 2000, Jay Tribick wrote:
>> root doesn't actually have any privileges on a Pitbull system.. he's
>> just a normal user (out of the box..)
>
>Actually that's not strictly true either - root user has enough
>priviledges to allow the system to boot on power on (not the OBP security
>levels, but the PB authentication to let system finish booting up), but
>that's about it, yes.
How is remote administration performed? The documentation available online
says that there is a tool for remote admin, but doesn't go into the
details. I think it's ssh.
Is it possible to telnet in, su to root, then run some program to upgrade
your authority? Or telnet in, change your level/authority, then su to root?
For example for Cyberguard on Unixware, you run /sbin/tfadmin newlvl
sys_private. And in theory you're not supposed to be able to do it when you
telnet in from a device at NETWORK level. You can't do that anymore. But
point is often reality refuses to follow theory ;).
For Pitbull systems, what does
/tbin/setsecconfig -D0
do?
From: https://www.argus-systems.com/support/knowledge_base/trouble.shtml#18
I tried to check their online manual, but the manpage doesn't seem to be
there, even though that command is mentioned in the other manpages dealing
with privileges and related commands.
>> ..if anyone would like Jeff Thompsons talk from Defcon 7 on "Hacking B1
>> Trusted Operating Systems", send me an email and I'll put it up somewhere.
>
>Sure, please. Knowledge is power, and all that...
It's actually on one of the sites mentioned in the post:
http://www.argusrevolution.com/downloads/DefCon.ppt
From: http://www.argusrevolution.com/pitbullsupport.html
Do you know where I can find the release notes for Pitbull? e.g. what bugs
they fixed in each release? This would be more interesting - you find out
what the developers are having trouble with.
Anyway, I may just poke around when they release root - too lazy to get a
special Solaris 7 and a copy of Pitbull. That is if I can telnet in with
all the DOS attacks going on ;).
Cheerio,
Link.
- Next message: Simon Tamás: "Re: Apache ap_getpass vulnerability"
- Previous message: mahdi samadi: "what you know about igmp attack?"
- Next in thread: Sven van 't Veer: "Re: Kill the DOG and win 100 000 DM"
- Next in thread: Ken Pfeil: "Re: Kill the DOG and win 100 000 DM"
- Maybe reply: Lincoln Yeoh: "Re: Kill the DOG and win 100 000 DM"
- Reply: Sven van 't Veer: "Re: Kill the DOG and win 100 000 DM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]