| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2006 12:18:35 +0200 From: Robert Jaroszuk <zim@...pl> To: raju@...ux-delhi.org Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Putty Proxy login/password discolsure.... Raj Mathur wrote: > On Wednesday 25 October 2006 23:14, cardoso wrote: > >> Exactly. A few years ago I used to deal with linux fanboys showing >> them the cute trick of "linux single" at boot time. After a few >> hours begging for the admin password, I teached the trick and they >> usually stopped the brag about how security Linux was. >> > > Can't do that in most modern distributions today -- they're configured > to ask for root password before they give a single-user shell. > > Not that there aren't other ways around that restriction... > Ever heard about "init=/bin/sh" ? It doesn't ask for password and it gives a root shell. If you don't have password set in lilo.conf, box is 0wned. -- ... Robert Jaroszuk ... GCS/IT/O d? s: a-- C++ ULB++++$ P+ L++++$ E--- W- K- N+ DI+ V- w M- PS+ PE Y(+) PGP-(+++) t-- 5? X- R tv-- b++>++++ D- y+ G++ .. http://zim.iq.pl/ . RJ735-RIPE . http://zim.iq.pl/photo/ .. ... The superior warrior wins without fighting -- Sun Tzu. ... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists