| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ppan at hushmail.com (ppan@...hmail.com) Subject: ALERT ALERT plaintext passwords in linux ALERT ALERT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 lol!? the trick is that it is the trick but your trick isnt it, emmmmmmkayy? >This is extremely old. There was an exploit for Linux and Solar >is that >used this back in 1995 (or earlier). In that case the idea was >to get a >local user shell, then start looking at kcore. Then try to logi >n as root >and grep for the crypted passwd, then feed that string to Jack- >the-Ripper. > >That was when the permissions on kcore were changed so that you > cant see >all of kcore. > >There was even a trojaned copy of Slackware floating about that > emailed >via an anonymiser the root passwd every time passwd was run by >root that >used this. > >JPF > > >ppan@...hmail.com wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >> >>Problem: Linux stores your passwords in plaintext >> See proof of concept exploit below >> >>Fix: rm -rf /dev/kmem >> >> >>Demonstration: >> >>- ---flic--- >>bash$ ./passcheck.sh secret >>checkpass v1.5 >>Proves that kmem leakes your passwords >>Needs to be run as root >>By etah^etihw aka peter-pan >> >>Checking for password 'secret' >>Binary file /proc/kcore matches >>- -flac- >> >>OMG!!!! it matches!!! >>Please don't tell anyone my root password because >>I cant change it because i deleted the passwd program >>because i thougt that it is vulnerable but I >>think it was not vulnerable but i cant get it because >>I have to port undel.exe to lunix first. >> >>Here is the 0-DAY exploit! >>Please do not abuse!!! >> >>- ---click--- >>#!/bin/bash >> >># POC exploit >># shows kmem is a fscking leaker! >> >>echo "checkpass v1.5"; >>echo "proves that kmem leakes your passwords"; >>echo "needs to be run as root"; >>echo "by etah^etihw"; >>echo " "; >> >>echo "checking for password '$1'"; >>grep $1 /proc/kcore >>- ---clack--- >> >>(do not forget to make 'chmod +x passcheck.sh'!!) >> >> >>Greets: >>zisss (you are the man bro!!) >>drater (mad resopectz to yu0!!) >>verb (wuz up? your a.t. owns me ass!!) >>jchrist (your dad > *) >> >>regards >>Peter Pan >>-----BEGIN PGP SIGNATURE----- >>Version: Hush 2.1 >>Note: This signature can be verified at https://www.hushtools. >com >> >>wlkEARECABkFAj2EsMoSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7iPa >IAn2pT >>NuLBzLYbzXbT/Ked+GXgzcS/AKC2Q4jNv/wsI8bIjJq1yr/luPasGQ== >>=93nH >>-----END PGP SIGNATURE----- >> >> >> >> >>Get your free encrypted email at https://www.hushmail.com >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.netsys.com/full-disclosure-charter.html >> >> >> > > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlkEARECABkFAj2HEG4SHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7i26QAnij3 uL4jAFZB1OIvFkL0aPs2n8djAJ4um8kvvoWIBCtfhGdR0TKhmH3deQ== =DwJL -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists