Lan Barnes wrote: > > > > That shellcode then fires off whatever the atacker wants. Oftimes an > > identd that will spawn telnetd or something of the like. The attacker > > can then log in whenever he wants, as root. > > > > ???? A script belonging to apache (at best) fires off inetd? I would be > quite surprised.
Why not? Write your own inetd.conf, but allocate no ports < 1024. Run your own telnetd on an oddball port. I tend to like 3030 :) You are thinking apache exploits. I am thinking exploits in general. Okay, let's say we have a vunerable service that allows remote user to run arbitray commands (shellcode). We have a *local* service, maybe sendmail, that has a root escalation. You use that remote command execution to run the shellcode tht triggers the root escalation. Younow have remote root. > > Darn. If it were not rhetorical, I'd answer that MySQL is an inexpensive > > and capable relational database that a lot of people are familar with. > > Perfect candidate for those too cheap to pay for SQL Server. > > > > They're motivated by being cheap? They buy windoze? They're cheap _and_ > illogical! When you buy a new computer, you get windows for free. That is pretty cheap. If you buy your own, you can snarf a new copy of windows from your buddy easily enough. Still rather cheap. It is a bit more difficult to snarf a copy of SQL Server. If your site is connected to the net, running an illegal copy of SQL server might be more risky than running an illegal copy of windows. Everyone has windows, so another windows system is not unusual. SQL Server is not quite as common. However, you and I both know there is a better way! -john (SLB) -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
