Date: Fri, 28 May 1999 21:57:36 +1000 (EST) From: Nicholas Brawn <ncb@zip.com.au> To: Dima <dima@nic.mmc.net.ge> Cc: security@FreeBSD.ORG Subject: Re: System beeing cracked! Message-ID: <Pine.LNX.4.05.9905282154440.32747-100000@zipper.zip.com.au> In-Reply-To: <199905280927.OAA08009@nic.mmc.net.ge>
next in thread | previous in thread | raw e-mail | index | archive | help
The first thing I recommend you do is identify all setuid and setgid files on the system: # find / -perm -4000 > /tmp/suid.log # find / -perm -2000 > /tmp/sgid.log After doing that review them for any odd files. I'm guessing he exploited a priviledged program. Alternatively, review what services are running, and check you're running the latest versions of all of them. Nick On Fri, 28 May 1999, Dima wrote: > Hello, > I have 3.1 installed and friend of mine made a bet that he can hack into my system. He has ordinary account opened. So, he win! And i'am wondering if there are any security holes in 3.1? He login as himself via telnet, then he made him root (but he was not in wheel group and ofcourse did not know root password) and what is more interesting he cracked several password. He made all this in 2 houres, and password was minimal 10 symbols lenght, containg different case and digits. I am using MD5 codding, and as I knew it is impossible. Has someone any idea how it was done? Please, answer me, as my friend do not tell me anything about this as he feel like guru-hacker. > Thank you. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9905282154440.32747-100000>