[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2f6cb7b40611022344y6a8cd567w53f04d02f48a0c0d@mail.gmail.com>
Date: Fri, 3 Nov 2006 01:44:53 -0600
From: nocfed <nocfed@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Putty Proxy login/password discolsure....
On 11/2/06, Tonnerre Lombard <tonnerre.lombard@...roup.ch> wrote:
> Salut,
>
> On Thu, 2006-11-02 at 01:15 -0600, nocfed wrote:
> > And if you have physical access then you can simply use a floppy, usb
> > dongle, or any other type of removable media to boot from. Once
> > physical access is obtained then you pretty much have full access,
> > barring full disk encryption. Personally I see linux's password for
> > single user mode to be like a screen door infront of an old door with
> > a combination lock on it. It takes VERY little effort to punch a
> > whole through it, even if you only have 1 minute alone with the
> > server.
>
> If you have physical access, just plug in your iPod with UNIX and enjoy
> full memory access to the host machine...
>
I've always enjoyed the idea of throwing a tiny rogue pxe
server(soekris) under the raised floor in a datacenter, vampire tapped
into the uplink ethernet, and having it set to pxe once into a hacked
up pxelinux that boots the server(s) one time into its own OS,
installs a rootkit, and reboot it again into its own media. Setting
this up may require a bit more time as you would have to remove the
sheath, punch the wires making sure to not cut them, and tap in.
Using a simple environment like busybox you can have this type of
system mount just about any type of filesystem(regardless of OS),
figure out which OS it is and install the appropriate rootkit. This
would require that the servers be set to PXE before their normal boot
media but could cause all sorts of havok. Most DC's will utilize a
PXE environment in order to (re)deploy servers on the fly. I'm sure
you all get the point.
Another idea would be another type of vampire tap/wap combo so you can
have the network as your own little playground. I think that I read
about a tiny one a while back, but did not find it with a simple
search. Maybe someone knows what I am referring to?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists