Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: !SPAM! [Full-Disclosure] Automated ssh scanning

from [Ron DuFresne] Network Security [Permanent Link]
Subject: Re: !SPAM! [Full-Disclosure] Automated ssh scanning
Date: Thu, 26 Aug 2004 18:43:48 -0500 (CDT) 
On Thu, 26 Aug 2004, Jan Luehr wrote:


Greetings,

Am Donnerstag, 26. August 2004 16:43 schrieb Ron DuFresne:

On Thu, 26 Aug 2004, Richard Verwayen wrote:

On Thu, 2004-08-26 at 15:12, Todd Towles wrote:

 The kernel could be save. But with weak passwords, you are toast. Any
automated tool would test guest/guest.


Hello Todd!

You are right about the passwords, but guest is only a unprivileged
account as you may have on many prodruction machines. But they managed
to become root on this machine due to a kernel(?) exploit!
Should I then consider any woody system to be insecure to let people
work at?


If your uasers are not trustable, then they should not have access to
local systems of yours.  Once a person has a shell, then they are 95% to
root.


So your point is, there a much already known local root exploits on an
standard woody system no one cares about?



I'm quite sure the debian folks as well as the other dist maintainers
would be as interested as the offending package maintainers in finding out
the what, where and how of the compromise, to mitigates its direct threats
in the future.  Will this make a fullblown installed *nix of any real
flavor secure from a similiar comprise hours, day or weeks in the future?
Highly unlikely.

No, my point is that it is much more likely there is a package installed
that was sploited.  If the system was as up to date and fully patched as
claimed, it's likely not a kernel sploit that got them root.

My point is this was a 'local user' compromise.  There are reasons that
many list 75% and more risk is done from the 'inside' then from remote
roots.

Folks do not seem to understand the implications of 'guest' accounts, or
handing out shells to every person they happen to chat with in IRC and
such.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] U.S. National Security Awareness Day (NSAD), Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA
Next by Date:  Re: [Full-Disclosure] Automated ssh scanning, Matt Zimmerman
Previous by Thread:  Re: !SPAM! [Full-Disclosure] Automated ssh scanning, Jan Luehr
Next by Thread:  Re: !SPAM! [Full-Disclosure] Automated ssh scanning, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]