[unios] Re: Hackers needed

Pieter Dumon Pieter.Dumon@rug.ac.be
Tue, 23 Mar 1999 13:35:04 +0100 (MET)

Previous message: [Fwd: [unios] runtime example I] Forgot to send all :)
Next message: [unios] Re: Hackers needed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]



On Mon, 22 Mar 1999, Pat Wendorf wrote:

> The UniOS server is still beyond my control... in other words, I have
> only user
> level access, without any webspace (essentially it's just a shell server
> right
> now).  The owner of the server is VERY new to linux, and doesn't know
> how to set
> certain things up properly (like web access), and due to his extreme
> schedule, I
Oh , but setting up Apache is really just a little work, and
moreover, Apache is ultra-fast and ultra-configurable.

> *Please note, I am being dead serious:  I was told that if I could HACK
> the
> system to get root access, I would be able to keep it... this is a
> challenge to
> anyone who is up to it.  I have a shell account on the system already
> with user
> level access, and I'll hand it over to anyone who thinks they can do
> it.  The OS
> is an "out of the box", Red Hat 5.2, without any security patches.
> Password
> shadowing has NOT been implemented, and the passwd file is accessible.

Ha ! Should be done in a minute! One search on altavista should get you a
lot of methods. If you have an account, an insite hack is VERY easy.
(eg use a search string "+linux +exploits" ).
You can also use brute force on the passwd file, off course. How the hell
is it possible that shadowing isn't implemented?


Pieter

----------------------------------------
 Pieter.Dumon@rug.ac.be               
 pdumon@vtk2.rug.ac.be
                                     
 http://studwww.rug.ac.be/~pdumon     
 
 ICQ  : 12428974
---------------------------------------

Previous message: [Fwd: [unios] runtime example I] Forgot to send all :)
Next message: [unios] Re: Hackers needed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]