On Mon, 03 Jun 2002 11:24:09 -0400 David Relson <[EMAIL PROTECTED]> wrote:
> At 11:00 AM 6/3/02, praedor wrote: > > >Well? Pray-tell, how does one go about appending a new user to > >Passwd with UID 0? Altering Passwd should itself require root > >priviledges - I cannot even get in to single user mode to do damage > >without my root passwd. I haven't had to do it for a long time, but > >I believe this is also true when booting up with a CD and doing > >"rescue". > > Correct about UID 0... > > The rescue CD I use gives me root privileges. It wouldn't be useful > without them. At the very least I need to mount partitions so I can > rescue my system. mount requires root privileges. > > >Nonetheless, I would love to know how one could do as you describe. > >Fill us in please. > > I, too, am curious. It's actually a root kit a friend of mine "lent" me. He wrote it originally for 386BSD because when they were "testing" it they kept screwing up the login etc. and needed a way to get into the boxes. Since the box had a user accessable compiler I just compiled it, then ran ./login it said "what do you want" I typed root it sayed "go away" and gave me root. I then created user root2 with UID 0 (by the way bastille used to be able to create a second "root" for you.) and was able to use it to login as root. 4 hours later we had all the data off of the box. (passwd and shadow had gotten really fuzzed up, over time, how I don't know but it was.) that needed to be off ie new backup, and we commenced building a new box to replace this one. As for how to get root on a box. Reboot, then at the lilo prompt type linux(or a kernel name) -s ... most don't password protect this one. So it drops right to root, in single user mode. As for not needing a patch but rather a plan. I'm talking about things like, how do you get a username and password for a box. Call someone and ask (that's how Minik did it.) or turn over their keyboard... and read all the sticky notes. Cause once they are on the box in any form .... the box is vulnerable. E-mail is also a great source of usernames. Just use thier e-mail addy + a dictionary attack (start with cursewords and human names) ..... you've got it. The problem with viruses I still contend, and may be wrong. Is that the vulnerablity is because we can only protect from a frontal attack. This is the plan we need, how to protect from an internal attack. How to make people use real passwords. (But ^rt(K21J is too hard to type... can't I just use my dogs name?) and for me... stop giving the "black hats" the tools they need already on my box. James > > David > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
