Re: unautherized access to unix systems?
From: Frodo Morris (graham.lee@wadham.oxford.ac.uk)
Date: 01/17/03
- Next message: Bill Unruh: "Re: unautherized access to unix systems?"
- Previous message: Shaolin Tiger: "Re: unautherized access to unix systems?"
- In reply to: Lord Slobber: "unautherized access to unix systems?"
- Next in thread: Bill Unruh: "Re: unautherized access to unix systems?"
- Reply: Bill Unruh: "Re: unautherized access to unix systems?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Frodo Morris <graham.lee@wadham.oxford.ac.uk> Date: Fri, 17 Jan 2003 01:00:34 +0000
Lord Slobber wrote:
> Say, that a hacker has picked a unix system as a target. Now he wants
> to get inside the system so what will he do?
> he'll usually try and get a user account. The hacker will probably try
> to get the password file so he can crack the passwords. But what if
> the /etc/passwd is shadowed? how can he get an account then?
> I would like to have a discussion about the ways a hacker can enter a
> unix system.
> Here are some of my ideas:
> the phf technique(mostly never works) mostly the passwd file is
> shadowed.
> If it's a shell account provider buy a user account or get a guest
> account.
> thanks.
Install xine and wait for GOBBLES to do his work for him :-)
Interestingly, if /etc/shadow is only readable by root; who does
/bin/login run as? I guess it's either got to be root or nobody; does
it run as root but then use _POSIX_SAVED_IDS so that it can run
unprivileged when it's accepting input? Surely if login ran as root and
you managed to trip login over....
-- FM
- Next message: Bill Unruh: "Re: unautherized access to unix systems?"
- Previous message: Shaolin Tiger: "Re: unautherized access to unix systems?"
- In reply to: Lord Slobber: "unautherized access to unix systems?"
- Next in thread: Bill Unruh: "Re: unautherized access to unix systems?"
- Reply: Bill Unruh: "Re: unautherized access to unix systems?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
