Re: Possible Hacking routine

Ed Manaman (edl@rock.spectra.net)
Fri, 11 Jul 1997 12:26:26 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tom Samplonius: "Re: BGP (fwd)"
Previous message: Josh Ebel: "Re: sportster winmodem / PM3"

Interesting, but I would have to guess that you had a weak password on the
portmaster if you generated a random/dictionary password to get in.

If you logged the username and passwords used that might be a bigger risk
than not doing it a all. Just a thought,

On Fri, 11 Jul 1997, Robert Hiltibidal wrote:

>
> Howdy,
>
> Got a question... Does the portmaster log failed telnet attempts to the
> radius files? If it doesn't by default is there some way it could be
> coaxed into logging failed attempts? Basically what we want is to log the
> failed attempt, the username and ip the attempt came from and to really
> give us that warm fuzzy feeling we'd like to log the username and
> passwords used.
>
> >From experimentation we could telnet into the box and log in only as root. To
> log in as a specific user we had to log in as root and then do an attach
> operation and use the portmaster modem to dial out. On a centrix system you
> only have to dial 4 or 5 numbers to get the hunt group. So the attempt
> never appears on a phone bill.
>
> What I'd like to do is set up a tcp wrapper on the portmaster itself to
> allow telnet only from very specific sources. Any ideas on how to do that would
> be greatly appreciated.
>
> Here's the assignment I was given:
>
> Hack the system and tell us how you did it to prevent it
>
> How I did it (and it was my own system...honest):
>
> 1> Purchase a ppp account with a false name
> 2> Use a linux box that did the following:
> a> generate a list of passwords using perl.
> b> Use expect to telnet to the portmaster and try the password
> c> Log the successful attempt... took about 3 days
>
> Next: Send a letter to admin and see who responded
> a> use the hacked the password to gain root and use the attach feature
> b> did same process as above... took about 5 days
>
> Now I had the sysadmin username and password I could sniff mail and other
> fun stuff. In time I beleive I could get root for the system. Without
> being detected.
>
> Problem is, none of this is logged anywhere that I could find.
>
>
> Thanks
>
> Rob
>
>
>
> Systems Programmer "Open the doors of your stores
> rob@fgi.net 24 hours a day"
> morgan@springpatch.com Springpatch Mall
> http://www.springpatch.com
>

Next message: Tom Samplonius: "Re: BGP (fwd)"
Previous message: Josh Ebel: "Re: sportster winmodem / PM3"