Date: Fri, 28 May 1999 20:12:53 -0500 (CDT) From: John Preisler <john@vapornet.net> To: Michael Richards <026809r@dragon.acadiau.ca> Cc: Dima <dima@nic.mmc.net.ge>, security@FreeBSD.ORG Subject: Re: System beeing cracked! Message-ID: <14159.15859.140011.281075@habanero.chili-pepper.net> In-Reply-To: <Pine.GSO.4.05.9905282044021.14284-100000@dragon> References: <199905280927.OAA08009@nic.mmc.net.ge> <Pine.GSO.4.05.9905282044021.14284-100000@dragon>
next in thread | previous in thread | raw e-mail | index | archive | help
You never mentioned which 3rd party applications [ports,packages, et cetera] you installed on this machine. its quite possible one of those were compromised [see also qpopper, imapd, and wu-ftpd] $0.02 worth. -j Michael Richards writes: > On Fri, 28 May 1999, Dima wrote: > > > can hack into my system. He has ordinary account opened. So, he win! And > > i'am wondering if there are any security holes in 3.1? He login as > > himself via telnet, then he made him root (but he was not in wheel group > > and ofcourse did not know root password) and what is more interesting he > Finding an exploitable suid program would allow this to happen. > > > cracked several password. He made all this in 2 houres, and password was > > minimal 10 symbols lenght, containg different case and digits. I am > > using MD5 codding, and as I knew it is impossible. Has someone any idea > I would do 2 things: > a) take your master.passwd file and run crack on it yourself and see if it > finds the passwords itself. I played with crack once a long time ago and > based on what you've said about the cracked password, I belive it is more > likely that he > a) broke root > b) sniffed the passwords > > or maybe he shoulder surfed the passwords... I don't believe that md5 can > be cracked that quickly. I guess it depends on the randomness of the > password. "thisissEcur3" might take a week, but crack will still get it. > I think one of the first rules is to replace [il]=1 e=3 s=5 a=4 and all > the other commonly substituted letters. > > -Michael > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14159.15859.140011.281075>