[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200209151622.g8FGMFJ42956@mailserver2.hushmail.com>
From: ppan at hushmail.com (ppan@...hmail.com)
Subject: ALERT ALERT plaintext passwords in linux ALERT ALERT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
oops, someone edited my mail
.-( <-- oneeyed pirate
the fix is of course: rm -rf /proc/kcore
>
>Problem: Linux stores your passwords in plaintext
> See proof of concept exploit below
>
>Fix: rm -rf /dev/kmem
>
>
>Demonstration:
>
>---flic---
>bash$ ./passcheck.sh secret
>checkpass v1.5
>Proves that kmem leakes your passwords
>Needs to be run as root
>By etah^etihw aka peter-pan
>
>Checking for password 'secret'
>Binary file /proc/kcore matches
>-flac-
>
>OMG!!!! it matches!!!
>Please don't tell anyone my root password because
>I cant change it because i deleted the passwd program
>because i thougt that it is vulnerable but I
>think it was not vulnerable but i cant get it because
>I have to port undel.exe to lunix first.
>
>Here is the 0-DAY exploit!
>Please do not abuse!!!
>
>---click---
>#!/bin/bash
>
># POC exploit
># shows kmem is a fscking leaker!
>
>echo "checkpass v1.5";
>echo "proves that kmem leakes your passwords";
>echo "needs to be run as root";
>echo "by etah^etihw";
>echo " ";
>
>echo "checking for password '$1'";
>grep $1 /proc/kcore
>---clack---
>
>(do not forget to make 'chmod +x passcheck.sh'!!)
>
>
>Greets:
>zisss (you are the man bro!!)
>drater (mad resopectz to yu0!!)
>verb (wuz up? your a.t. owns me ass!!)
>jchrist (your dad > *)
>
>regards
>Peter Pan
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wlkEARECABkFAj2EtAYSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7i+O4AoJ2O
iOC5OdOkZEXlmeEV0V8ho+OsAJ94pIMt/I7+BXirHzlwNpheI6kI7w==
=ZL7v
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists