[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200209171120.g8HBKxv97964@mailserver2.hushmail.com>
From: ppan at hushmail.com (ppan@...hmail.com)
Subject: ALERT ALERT plaintext passwords in linux ALERT ALERT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
lol!?
the trick is that it is the trick but your trick isnt it, emmmmmmkayy?
>This is extremely old. There was an exploit for Linux and Solar
>is that
>used this back in 1995 (or earlier). In that case the idea was
>to get a
>local user shell, then start looking at kcore. Then try to logi
>n as root
>and grep for the crypted passwd, then feed that string to Jack-
>the-Ripper.
>
>That was when the permissions on kcore were changed so that you
> cant see
>all of kcore.
>
>There was even a trojaned copy of Slackware floating about that
> emailed
>via an anonymiser the root passwd every time passwd was run by
>root that
>used this.
>
>JPF
>
>
>ppan@...hmail.com wrote:
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>
>>Problem: Linux stores your passwords in plaintext
>> See proof of concept exploit below
>>
>>Fix: rm -rf /dev/kmem
>>
>>
>>Demonstration:
>>
>>- ---flic---
>>bash$ ./passcheck.sh secret
>>checkpass v1.5
>>Proves that kmem leakes your passwords
>>Needs to be run as root
>>By etah^etihw aka peter-pan
>>
>>Checking for password 'secret'
>>Binary file /proc/kcore matches
>>- -flac-
>>
>>OMG!!!! it matches!!!
>>Please don't tell anyone my root password because
>>I cant change it because i deleted the passwd program
>>because i thougt that it is vulnerable but I
>>think it was not vulnerable but i cant get it because
>>I have to port undel.exe to lunix first.
>>
>>Here is the 0-DAY exploit!
>>Please do not abuse!!!
>>
>>- ---click---
>>#!/bin/bash
>>
>># POC exploit
>># shows kmem is a fscking leaker!
>>
>>echo "checkpass v1.5";
>>echo "proves that kmem leakes your passwords";
>>echo "needs to be run as root";
>>echo "by etah^etihw";
>>echo " ";
>>
>>echo "checking for password '$1'";
>>grep $1 /proc/kcore
>>- ---clack---
>>
>>(do not forget to make 'chmod +x passcheck.sh'!!)
>>
>>
>>Greets:
>>zisss (you are the man bro!!)
>>drater (mad resopectz to yu0!!)
>>verb (wuz up? your a.t. owns me ass!!)
>>jchrist (your dad > *)
>>
>>regards
>>Peter Pan
>>-----BEGIN PGP SIGNATURE-----
>>Version: Hush 2.1
>>Note: This signature can be verified at https://www.hushtools.
>com
>>
>>wlkEARECABkFAj2EsMoSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7iPa
>IAn2pT
>>NuLBzLYbzXbT/Ked+GXgzcS/AKC2Q4jNv/wsI8bIjJq1yr/luPasGQ==
>>=93nH
>>-----END PGP SIGNATURE-----
>>
>>
>>
>>
>>Get your free encrypted email at https://www.hushmail.com
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>
>>
>
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wlkEARECABkFAj2HEG4SHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7i26QAnij3
uL4jAFZB1OIvFkL0aPs2n8djAJ4um8kvvoWIBCtfhGdR0TKhmH3deQ==
=DwJL
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists