Got a question... Does the portmaster log failed telnet attempts to the
radius files? If it doesn't by default is there some way it could be
coaxed into logging failed attempts? Basically what we want is to log the
failed attempt, the username and ip the attempt came from and to really
give us that warm fuzzy feeling we'd like to log the username and
passwords used.
>From experimentation we could telnet into the box and log in only as root. To
log in as a specific user we had to log in as root and then do an attach
operation and use the portmaster modem to dial out. On a centrix system you
only have to dial 4 or 5 numbers to get the hunt group. So the attempt
never appears on a phone bill.
What I'd like to do is set up a tcp wrapper on the portmaster itself to
allow telnet only from very specific sources. Any ideas on how to do that would
be greatly appreciated.
Here's the assignment I was given:
Hack the system and tell us how you did it to prevent it
How I did it (and it was my own system...honest):
1> Purchase a ppp account with a false name
2> Use a linux box that did the following:
a> generate a list of passwords using perl.
b> Use expect to telnet to the portmaster and try the password
c> Log the successful attempt... took about 3 days
Next: Send a letter to admin and see who responded
a> use the hacked the password to gain root and use the attach feature
b> did same process as above... took about 5 days
Now I had the sysadmin username and password I could sniff mail and other
fun stuff. In time I beleive I could get root for the system. Without
being detected.
Problem is, none of this is logged anywhere that I could find.
Thanks
Rob
Systems Programmer "Open the doors of your stores
rob@fgi.net 24 hours a day"
morgan@springpatch.com Springpatch Mall
http://www.springpatch.com