| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Oct 2006 13:39:05 -0300 From: Juan Pablo Daniel Borgna <jpdborgna@...llcode.com.ar> To: full-disclosure@...ts.grok.org.uk Subject: Re: Putty Proxy login/password discolsure.... El jue, 26-10-2006 a las 12:18 +0200, Robert Jaroszuk escribió: > Raj Mathur wrote: > > On Wednesday 25 October 2006 23:14, cardoso wrote: > > > >> Exactly. A few years ago I used to deal with linux fanboys showing > >> them the cute trick of "linux single" at boot time. After a few > >> hours begging for the admin password, I teached the trick and they > >> usually stopped the brag about how security Linux was. > >> > > > > Can't do that in most modern distributions today -- they're configured > > to ask for root password before they give a single-user shell. > > > > Not that there aren't other ways around that restriction... > > > > Ever heard about "init=/bin/sh" ? > It doesn't ask for password and it gives a root shell. > If you don't have password set in lilo.conf, box is 0wned. You could use the 'restrict' option, it dosnt ask for a password unless you modify this arguments. (if you press enter u boot, if you add init=* it asks for a passwd). Saludos, Juan Pablo. > -- Juan Pablo Daniel Borgna <jpdborgna@...llcode.com.ar> Development Manager SHELLCODE, IT Solutions & Security Research. Paraná 264, Piso 4to, Of.46 - C1017AAF Ciudad Autónoma de Buenos Aires - Argentina Phone: +54 (011) 57.11.52.63 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists