Bugtraq mailing list archives

Re: login -h

From: alx () black BGU AC IL (Alexander Haiut)
Date: Thu, 8 Dec 1994 12:25:47 +0200 (GMT+0200)


On Wed, 7 Dec 1994, Bonfield James wrote:

...
Remember the "rlogin -l -froot" type bugs some time ago? At the time I
mentioned that "-l -hhostname" could also be used to spoof hostnames in the
wtmp files. This is still true. The reason I haven't posted again about this
earlier is that we've been having a couple problems ourselves. Using the tcp
wrapper helps things, but it's only just been installed (despite the fact that
I've requested it numerous times).

A typical spoof would be:

rlogin targethost -l -htargethost

Then type in the user and password. It'll then appear to last, who and
probably finger, on targethost that the user has logged in from that system,
not from remotely.
...


        okay, 4.1.3_u1 works correct (read: "safe" ;-) in this case,
        but if talking about spoofing, why not to use the simple
        trick with C-shell: rsh hostname /bin/csh -bif

        it logs you in without tty, but also without any entries in
        [wu]tmp files..

                that's all..    --alex.

---

  Alexander L. Haiut                    
  Ben-Gurion University of the Negev,
  Beer-Sheva, Israel
 ________________________________________
  e-mail : alx () cs bgu ac il
  voice  : +972-7-461658

Current thread:

login -h Bonfield James (Dec 07)
- Re: login -h Alexander Haiut (Dec 08)
- <Possible follow-ups>
- Re: login -h Pete Hartman (Dec 07)
  - Re: login -h Casper Dik (Dec 07)
- Re: login -h Ed Arnold (Dec 07)
  - Re: login -h Bogdan Pelc (Dec 08)
    - Re: login -h Adam Shostack (Dec 08)
- Re: login -h Michael Bresnahan (Dec 07)
  - Re: login -h Robert M. Haas (Dec 08)
- Re: login -h H Morrow Long (Dec 08)
- Re: login -h der Mouse (Dec 08)