On Thu, 2004-08-26 at 01:04, Stephen Jimson wrote: > >A few weeks ago there was a discussion about > >automated ssh scanning with user/password > >combinations like guest/guest or admin/admin. > >I set up a debian woody fully patched with both > >accounts activated, and got rooted some days later... > > look if your user/password are not listed in this page > : SSH Remote Root password Brute Force Cracker Utility > > http://www.k-otik.com/exploits/08202004.brutessh2.c.p > hp > > cheers Hello Stephen!
Good hint, but my root password isn*t listed there (you may consider it to be save!), but there were two known unprivileged user/password-combinations on this box. As far as I could investigate, the attacker used a guest account to get shell access, and then used a local exploit. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
