Re: [Full-disclosure] Putty Proxy login/password discolsure....



El jue, 26-10-2006 a las 12:18 +0200, Robert Jaroszuk escribió:
Raj Mathur wrote:
On Wednesday 25 October 2006 23:14, cardoso wrote:

Exactly. A few years ago I used to deal with linux fanboys showing
them the cute trick of "linux single" at boot time. After a few
hours begging for the admin password, I teached the trick and they
usually stopped the brag about how security Linux was.


Can't do that in most modern distributions today -- they're configured
to ask for root password before they give a single-user shell.

Not that there aren't other ways around that restriction...


Ever heard about "init=/bin/sh" ?
It doesn't ask for password and it gives a root shell.
If you don't have password set in lilo.conf, box is 0wned.
You could use the 'restrict' option, it dosnt ask for a password unless
you modify this arguments. (if you press enter u boot, if you add init=*
it asks for a passwd).

Saludos, Juan Pablo.

--
Juan Pablo Daniel Borgna <jpdborgna@xxxxxxxxxxxxxxxx>
Development Manager
SHELLCODE, IT Solutions & Security Research.
Paraná 264, Piso 4to, Of.46 - C1017AAF
Ciudad Autónoma de Buenos Aires - Argentina
Phone: +54 (011) 57.11.52.63

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages