[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [[cobalt-users] Server Hacked?]

Subject: Re: [[cobalt-users] Server Hacked?]
From: "CobaltList" <CobaltList@xxxxxxxxxxx>
Date: Mon Feb 14 22:17:03 2000

Liz,

One way to hack a server is to find some service which has a "hole" in it.
This hole would then allow the hacker to execute code of their own design,
perhaps copying the passwd file to a location where he could get it, like to
a web server, renaming it to passwd.txt. He could then run any number of
crack programs against the password file looking for weak passwords. Once he
found one he would have a little more access to the system. Now he might
have the ability to upload scripts, which give him more access. Of course
the trick is to get the root or admin password. Once he has that he ftps
over his own programs to replace those you have to cover his tracks. Log
files might be deleted, or truncated.... and so on. It's like having an
invisible fox living in the hen house.

Roger



----- Original Message -----
From: Liz <daldog@xxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, February 14, 2000 9:19 PM
Subject: Re: [[cobalt-users] Server Hacked?]


> While speaking in general terms here...if no one has shell
> access except the admin (and/or root) how can one hack a
> system if they can't telnet into it, or access it through
> the shell being only the admin & root are the only ones
> having shell access?
>
> I sorta understand that a system can get hacked with FTP
> access, but what I don't understand is...all sys files
> typically have root ownership so how can someone's cgi
> script do nasty stuff to, or read, root owned files??
> Anytime I tired to read a root owned file while logged in
> neither admin or root (using a User login with shell access)
> I got permission denied.
>
> Yep, I definately need a better book on network security and
> am taking lots of notes on all that have been suggested thus
> far!
>
> Liz
>
>
> ------Original Message------
> From: Kris Dahl <kris@xxxxxxxxxxxxx>
> To: cobalt-users@xxxxxxxxxxxxxxx
> Sent: February 14, 2000 10:05:07 PM GMT
> Subject: Re: [[cobalt-users] Server Hacked?]
>
> <snip>
>
> If that machine is on the Internet--it can be cracked.
> Regardless of
> weather it has telnet access or not.  But by limiting the
> telnet access you
> certainly plug a lot of wholes.  Its the nature of the
> beast--Linux has
> excellent remote control abilities--but that also means it
> can be remote
> controlled for harm as well as good.
>
> -k
>
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com?sr=mc.mk.mcm.tag001
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- Re: [[cobalt-users] Server Hacked?]
  - From: Liz

Prev by Date: RE: [cobalt-users] Suspicious Files
Next by Date: Re: [cobalt-users] Best way to forward domain?
Previous by thread: Re: [[cobalt-users] Server Hacked?]
Next by thread: Re: [[cobalt-users] Server Hacked?]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index