Date: Tue, 31 Jul 2001 02:02:08 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Sys Admin <admin@cb21.co.jp> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ssh to a compromised (probably) box Message-ID: <20010731020208.A18704@xor.obsecurity.org> In-Reply-To: <Pine.BSF.4.33.0107311708530.37842-100000@ns1.cb21.co.jp>; from admin@cb21.co.jp on Tue, Jul 31, 2001 at 05:17:16PM %2B0900 References: <Pine.BSF.4.33.0107311708530.37842-100000@ns1.cb21.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
--4Ckj6UjgE2iN1+kY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 31, 2001 at 05:17:16PM +0900, Sys Admin wrote: >=20 > Hello, >=20 > Just being curious. >=20 > Considering the following scenario >=20 > Box A (local) ----------------------> Box B (remote) >=20 > Assume that box B has been compromised (root powers) >=20 > If I ssh into box B from A, su to root and start investigating the > damage done, will the hacker be able to sniff the root password ? (during > su to root) >=20 > [ Given that critical binaries (sshd, su ..) remained unchanged ] Yes. They can do anything on that box now. Kris --4Ckj6UjgE2iN1+kY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7ZnQPWry0BWjoQKURAoNaAKC3TEhV4B4PFlSc/L1txCHYlO7AlgCgtomh pO+Lw9AnKt82Iplkk5PKT88= =ih0N -----END PGP SIGNATURE----- --4Ckj6UjgE2iN1+kY-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010731020208.A18704>