[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1162139946.3508.5.camel@notegiba>
Date: Sun, 29 Oct 2006 13:39:05 -0300
From: Juan Pablo Daniel Borgna <jpdborgna@...llcode.com.ar>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Putty Proxy login/password discolsure....
El jue, 26-10-2006 a las 12:18 +0200, Robert Jaroszuk escribió:
> Raj Mathur wrote:
> > On Wednesday 25 October 2006 23:14, cardoso wrote:
> >
> >> Exactly. A few years ago I used to deal with linux fanboys showing
> >> them the cute trick of "linux single" at boot time. After a few
> >> hours begging for the admin password, I teached the trick and they
> >> usually stopped the brag about how security Linux was.
> >>
> >
> > Can't do that in most modern distributions today -- they're configured
> > to ask for root password before they give a single-user shell.
> >
> > Not that there aren't other ways around that restriction...
> >
>
> Ever heard about "init=/bin/sh" ?
> It doesn't ask for password and it gives a root shell.
> If you don't have password set in lilo.conf, box is 0wned.
You could use the 'restrict' option, it dosnt ask for a password unless
you modify this arguments. (if you press enter u boot, if you add init=*
it asks for a passwd).
Saludos, Juan Pablo.
>
--
Juan Pablo Daniel Borgna <jpdborgna@...llcode.com.ar>
Development Manager
SHELLCODE, IT Solutions & Security Research.
Paraná 264, Piso 4to, Of.46 - C1017AAF
Ciudad Autónoma de Buenos Aires - Argentina
Phone: +54 (011) 57.11.52.63
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists