Bugtraq mailing list archives
Re: brute force
From: gmaor () techunix technion ac il (Ze'ev Maor)
Date: Tue, 4 Jun 1996 23:21:55 +0300
Consider the following... Almost 99% of ftpd's installed around the net enable anonymous logins to d/l the /etc/passwd file. Just get the file and re-code the login source (VERY simple) to try all combinations on the root password from the file you just d/l on YOUR OWN MACHINE - result: A. MUCH MUCH faster then doing it on the actual target machine. B. Completely safe - everything is done on your machine - I.E. no logging is done anywhere!!!! -------------------------------------------------------------------------- - | | - Ze'ev Maor | "We all have a little Daemon inside... | - gmaor () tx technion ac il | ...Waiting to come out and become a kernel"| - | | -------------------------------------------------------------------------- On Tue, 4 Jun 1996, *Hobbit* wrote:
Pop3 isn't the only thing with that problem. Stock rexec, for example, never logs anything and is another good way to hammer on password guesses from the outside. [See "rservice.c" to make this easier...] Several other daemons, particularly the vendor-supplied variety, are similarly lame. That's what tcp wrappers and logdaemon are for.. _H*
Current thread:
- Re: Linux rlogin hole with libc 5.x, (continued)
- Re: Linux rlogin hole with libc 5.x Alan Brown (Jun 06)
- Re: Linux rlogin hole with libc 5.x Pablo Idiaquez (Jun 06)
- help TaeJin Hong (Jun 07)
- HP-UX B.10.01 vulnerability Aleph One (Jun 07)
- Strange changes - any ideas? Fred Cohen (Jun 08)
- Re: Strange changes - any ideas? dsiebert () icaen uiowa edu (Jun 09)
- Re: Strange changes - any ideas? Andrew V. Kovalev (Jun 09)
- Digital Unix, daemons and the SIA authentication library. Paul C Leyland (Jun 10)
- Re: Strange changes - any ideas? Darren Reed (Jun 10)
- Vulnerability Database Christopher Klaus (Jun 10)
- Re: brute force Ze'ev Maor (Jun 04)
- Re: brute force simes () tcp co uk (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Paul D. Robertson (Jun 09)