Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: !SPAM! [Full-Disclosure] Automated ssh scanning

from [Tremaine] Network Security [Permanent Link]
Subject: Re: !SPAM! [Full-Disclosure] Automated ssh scanning
Date: Thu, 26 Aug 2004 13:01:45 -0600 
On Thu, 26 Aug 2004 12:26:04 -0500 (CDT), Ron DuFresne
<dufresne@winternet.com> wrote:

On Thu, 26 Aug 2004, Stephen Agar wrote:


I think many of you are missing the point. Yes the guest/guest account is
weak, but this kernel is (according to debian) patched..therefore free from
local exploits that can be used to gain superuser access. I mean if this
were the case, then any box that ran this version of debian to do something
like "web hosting" that gave users shell access, may as well give them all
full sudo. Because you people are assuming that if someone can gain access
to the box, secured or not, they can gain root..i disagree.



The issue here is why does debain include such a weak account,m thaqt has
not been tamed via a very restricted chroot env!?


That's not the issue though.  As someone who has installed and
maintained debian systems over a period of years, I can assure you
that debian does not include a guest account (or any account) with a
weak password or shell.

There aren't any shell accounts other than root on a debian install
until added by the administrator.

The weak account in question here was created by the original poster
with the intent of catching one of these apparently automated ssh
attacks.
 

As Barry pointed to directly, it all depends upon what you make available
to your clients once in a shell.  It;s very likely your server would be as
exploitable as most 'default' installs with the kitchen sink dropped in.
Perhaps not, but likely, depending upon what you 'installed and allow
clients access to'.

Thanks,

Ron DuFresne



As for the defaults on the original posters install... that would of
course depend entirely on what install method he chose.  Like many
current distros (Mandrake, Redhat etc) Debian offers a packaged
install of a couple varieties (desktop, server, workstation etc) for
an admin to pick from, or they can choose to run dselect (package
management interface) and choose by hand what they do and do not want.

This of course again comes back to not knowing what the initial poster
did with the system beyond running dselect -> update -> install  which
would have autohandled updates and dependency resolution for installed
packages.

-- 
Tremaine
IT Security Consultant

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Automated ssh scanning, KF_lists
Next by Date:  Re: !SPAM! [Full-Disclosure] Automated ssh scanning, Ron DuFresne
Previous by Thread:  RE: !SPAM! [Full-Disclosure] Automated ssh scanning, Ron DuFresne
Next by Thread:  Re: !SPAM! [Full-Disclosure] Automated ssh scanning, Ron DuFresne
Indexes:  [Date] [Thread] [Top] [All Lists]