Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: brute force

From: simes () tcp co uk (simes () tcp co uk)
Date: Tue, 4 Jun 1996 23:12:27 +0100

Ze'ev Maor said

Consider the following...
       Almost 99% of ftpd's installed around the net enable anonymous
logins to d/l the /etc/passwd file. Just get the file


This only works if the target site is stupid enough to have the real
/etc/passwd file in the anonymous FTP area. Don't forget that any decent
ftpd will put anonymous logins into a chroot()ed area[1]. This means that
you don't actually need much of a password file. It is generally only used
to map UIDs to usernames by things like ls.

Not only that, but such an ftpd will also log the fact that you've
downloaded the password file. We see 3 or 4 people a week download
/etc/passwd from our ftp server. This doesn't really worry us as its a
bogus password file with just enough entries to make the output of dir
sensible. Even though we have Solaris 2.x (ie shadowed passwords) we do
have passwords in the file; its just that they happen to give a message
to the wannbe-cracker when crack is run :)

[1]: We've altered our ftpd so that users in certain groups are also put
     into chroot()ed areas of our choice.

--
Simon Burr                         | SysAdmin and Programmer, TCP Ltd
simes () tcp net uk/simes () bofh org uk | http://www.tcp.co.uk/staff/simes/
          I *don't* speak for my company, my boss does that
             cd /pub/lunch || dd if=/dev/zero of=/dev/mem
Previous By Date Next
Previous By Thread Next

Current thread: