Date: Thu, 02 Aug 2001 23:24:18 +0900 From: Sys Admin <admin@cb21.co.jp> To: kris@obsecurity.org Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ssh to a compromised (probably) box Message-ID: <20010802232418U.admin@cb21.co.jp> In-Reply-To: <20010731020208.A18704@xor.obsecurity.org> References: <Pine.BSF.4.33.0107311708530.37842-100000@ns1.cb21.co.jp> <20010731020208.A18704@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Kris and parv. Bit frighening! Time to reinstall :( (sorry for the delayed response) Tad. > On Tue, Jul 31, 2001 at 05:17:16PM +0900, Sys Admin wrote: > > > > Hello, > > > > Just being curious. > > > > Considering the following scenario > > > > Box A (local) ----------------------> Box B (remote) > > > > Assume that box B has been compromised (root powers) > > > > If I ssh into box B from A, su to root and start investigating the > > damage done, will the hacker be able to sniff the root password ? (during > > su to root) > > > > [ Given that critical binaries (sshd, su ..) remained unchanged ] > > Yes. They can do anything on that box now. > > Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010802232418U.admin>