| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Apr 2012 10:32:56 +0100 From: James Condron <james@...o-internet.org.uk> To: Disposable <disposable_94z9Q@...dohacerlo.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Vulnerability in Backtrack I like it; its kinda like the old one about anonymous hacking FTP servers and the only way to tell is whether or not you have a user 'anonymous' On Tue, Apr 24, 2012 at 7:10 PM, Disposable <disposable_94z9Q@...dohacerlo.com> wrote: > Crazy! it works in pretty much every linux by default. > > This guy knows stuff. We all got to enroll on that "High School of Security" > he is talking about!!! > > > On Tue, Apr 24, 2012 at 4:51 PM, David3 Gonnella <netevil@...kers.it> wrote: >> >> it makes me scary! There is also on my distro! DOH! ;P >> >> >> On 04/24/12 16:41, Urlan wrote: >> > It makes me laugh! hahahaha >> > >> > 2012/4/24 Gage Bystrom <themadichib0d@...il.com> >> > >> >> *sigh* vulnerability reports like this make me sad. >> >> On Apr 24, 2012 5:50 AM, "Григорий Братислава" <musntlive@...il.com> >> >> wrote: >> >> >> >>> Is good evening. I is would like to warn you about is vulnerability in >> >>> Backtrack is all version. >> >>> >> >>> Backtrack Linux is penetration tester is system. Is come complete with >> >>> tool for to make hacking for penetration tester. >> >>> >> >>> In is booting Backtrack, vulnerability exist in booting for when start >> >>> if attacker is edit grub, attacker can bypass restricted user and is >> >>> boot into admin account. E.g.: >> >>> >> >>> grub edit > kernel /boom/vmlinuz-2.3.11.7 root=/dev/sda1 ro Single >> >>> [ENTER] >> >>> grub edit > b >> >>> # mount -t proc proc /proc >> >>> # mount -o remount,rw / >> >>> # passwd >> >>> [ENTER IS ANYTHING YOU WANT] >> >>> # sync >> >>> # reboot >> >>> >> >>> I is will make this into video for bypassing security in Backtrack for >> >>> to post on InfoSecInstitute >> >>> >> >>> -- >> >>> >> >>> `Wherever I is go - there am I routed` >> >>> >> >> >> > >> > >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists