[2674] in bugtraq
Re: brute force
daemon@ATHENA.MIT.EDU (Ze'ev Maor)
Tue Jun 4 18:41:14 1996
Date: Tue, 4 Jun 1996 23:21:55 +0300
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Ze'ev Maor" <gmaor@techunix.technion.ac.il>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606041235.IAA07465@narq.avian.org>
Consider the following...
Almost 99% of ftpd's installed around the net enable anonymous
logins to d/l the /etc/passwd file. Just get the file and re-code the
login source (VERY simple) to try all combinations on the root password
from the file you just d/l on YOUR OWN MACHINE - result:
A. MUCH MUCH faster then doing it on the actual target machine.
B. Completely safe - everything is done on your machine - I.E. no
logging is done anywhere!!!!
--------------------------------------------------------------------------
- | |
- Ze'ev Maor | "We all have a little Daemon inside... |
- gmaor@tx.technion.ac.il | ...Waiting to come out and become a kernel"|
- | |
--------------------------------------------------------------------------
On Tue, 4 Jun 1996, *Hobbit* wrote:
> Pop3 isn't the only thing with that problem. Stock rexec, for example, never
> logs anything and is another good way to hammer on password guesses from the
> outside. [See "rservice.c" to make this easier...] Several other daemons,
> particularly the vendor-supplied variety, are similarly lame. That's what tcp
> wrappers and logdaemon are for..
>
> _H*
>
