lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <17b0fcab0704300920r4a747642i161f64c64471256b@mail.gmail.com>
Date: Mon, 30 Apr 2007 17:20:38 +0100
From: "Jamie Riden" <jamie.riden@...il.com>
To: "crazy_king@...7.org" <crazy_king@...7.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability

On 30 Apr 2007 11:10:51 -0000, crazy_king@...7.org <crazy_king@...7.org> wrote:
> By Cr@...King
>
> crazy_king@...7.org
>
> Biyosecurity.Net & Expw0rm.Com
>
> Thanks : Liz0 & DarkXBoyZ & Eno7 & ApAci & Uyuss & Crackers_Child & Th3_43k1R & Xoron & Ajannn
>
> Portal : GHH

Hi there,

GHH is a honeypot, not a portal, and it is meant to expose this
information. The file passwd.txt is actually a PHP script which
generates a random password.
http://ghh.sourceforge.net/introduction.php describes briefly how GHH works.

cheers,
 Jamie
-- 
Jamie Riden, CISSP / jamesr@...ope.com / jamie@...eynet.org.uk
UK Honeynet Project: http://www.ukhoneynet.org/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ