| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Nov 2006 16:00:55 -0500 From: "Dude VanWinkle" <dudevanwinkle@...il.com> To: "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Putty Proxy login/password discolsure.... On 11/2/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote: > On Thu, 02 Nov 2006 01:15:19 CST, nocfed said: > > > And if you have physical access then you can simply use a floppy, usb > > dongle, or any other type of removable media to boot from. Once > > physical access is obtained then you pretty much have full access, > > barring full disk encryption. > > For bonus points, figure out how to reboot the machine without being > detected. For starters, there's that pesky 'uptime' ;) Back up the settings and configuration of the Operating System and monitored applications.Then clone the GUID/SID/etc of the machine to the Attackers laptop and do a restore of the backed up data also to the attackers laptop, which had the necessary OS put on it in preparation for the attack. Pull the data cable out of the server and put it in the laptop. You are now free to install your rootkit, reboot the server and then cover your tracks. Replace cable in server and vamoose -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists