Bugtraq mailing list archives
Re: brute force
From: simes () tcp co uk (simes () tcp co uk)
Date: Tue, 4 Jun 1996 23:12:27 +0100
Ze'ev Maor said
Consider the following... Almost 99% of ftpd's installed around the net enable anonymous logins to d/l the /etc/passwd file. Just get the file
This only works if the target site is stupid enough to have the real /etc/passwd file in the anonymous FTP area. Don't forget that any decent ftpd will put anonymous logins into a chroot()ed area[1]. This means that you don't actually need much of a password file. It is generally only used to map UIDs to usernames by things like ls. Not only that, but such an ftpd will also log the fact that you've downloaded the password file. We see 3 or 4 people a week download /etc/passwd from our ftp server. This doesn't really worry us as its a bogus password file with just enough entries to make the output of dir sensible. Even though we have Solaris 2.x (ie shadowed passwords) we do have passwords in the file; its just that they happen to give a message to the wannbe-cracker when crack is run :) [1]: We've altered our ftpd so that users in certain groups are also put into chroot()ed areas of our choice. -- Simon Burr | SysAdmin and Programmer, TCP Ltd simes () tcp net uk/simes () bofh org uk | http://www.tcp.co.uk/staff/simes/ I *don't* speak for my company, my boss does that cd /pub/lunch || dd if=/dev/zero of=/dev/mem
Current thread:
- Re: Linux rlogin hole with libc 5.x, (continued)
- Re: Linux rlogin hole with libc 5.x Pablo Idiaquez (Jun 06)
- help TaeJin Hong (Jun 07)
- HP-UX B.10.01 vulnerability Aleph One (Jun 07)
- Strange changes - any ideas? Fred Cohen (Jun 08)
- Re: Strange changes - any ideas? dsiebert () icaen uiowa edu (Jun 09)
- Re: Strange changes - any ideas? Andrew V. Kovalev (Jun 09)
- Digital Unix, daemons and the SIA authentication library. Paul C Leyland (Jun 10)
- Re: Strange changes - any ideas? Darren Reed (Jun 10)
- Vulnerability Database Christopher Klaus (Jun 10)
- Re: brute force Ze'ev Maor (Jun 04)
- Re: brute force simes () tcp co uk (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Bill Broadley (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Brian Tao (Jun 08)
- Re: Not so much a bug as a warning of new brute force attack Paul D. Robertson (Jun 09)