[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] New Exploit?

Subject: RE: [cobalt-users] New Exploit?
From: "Chris Demain" <cdemain@xxxxxxxxxxx>
Date: Tue Dec 11 11:30:15 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

[outstanding exploit information snipped]

> user / password (md5) / password (clear)
>
> trk2 / SDaVtiyNMzUYs / fucked
> brmbrm / SD5FxnRnzpCs
>

This is not to pick a nit, but because it may be significant.
All MD5 passwords begin with the string: $1$
(ex. $1$lcL2mrpB$wjCsu6I.NJU9olJx8EGqp1 -- yes, an actual (hashed) password)
What you have is standard UNIX crypt(3).
What's significant about that is that they both have the same salt (SD)
possibly either indicating a problem with you (or Cobalt's) passwd, or
suggesting that the password was manually entered into /etc/passwd and/or
/etc/shadow using vipw or similar.
My RaQs are XTRs, so I don't have information on what format your machine
uses.

HTH
Chris

References:
- Re: [cobalt-users] New Exploit?
  - From: Oliver Schlag

Prev by Date: RE: [cobalt-users] PWS-gen.Hooker Trojan
Next by Date: [cobalt-users] RAQ 4
Previous by thread: Re: [cobalt-users] New Exploit?
Next by thread: RE: [cobalt-users] New Exploit?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index