Google Groups Home
Help | Sign in
n3td3v
Home
+ new post
About this group
Join this group
Message from discussion Putty Proxy login/password discolsure....
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
nocfed  
View profile
  More options 3 Nov 2006, 07:44
From: nocfed <noc...@gmail.com>
Date: Fri, 3 Nov 2006 01:44:53 -0600
Local: Fri 3 Nov 2006 07:44
Subject: Re: [Full-disclosure] Putty Proxy login/password discolsure....
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
On 11/2/06, Tonnerre Lombard <tonnerre.lomb...@sygroup.ch> wrote:

> Salut,

> On Thu, 2006-11-02 at 01:15 -0600, nocfed wrote:
> > And if you have physical access then you can simply use a floppy, usb
> > dongle, or any other type of removable media to boot from.  Once
> > physical access is obtained then you pretty much have full access,
> > barring full disk encryption.  Personally I see linux's password for
> > single user mode to be like a screen door infront of an old door with
> > a combination lock on it.  It takes VERY little effort to punch a
> > whole through it, even if you only have 1 minute alone with the
> > server.

> If you have physical access, just plug in your iPod with UNIX and enjoy
> full memory access to the host machine...

I've always enjoyed the idea of throwing a tiny rogue pxe
server(soekris) under the raised floor in a datacenter, vampire tapped
into the uplink ethernet, and having it set to pxe once into a hacked
up pxelinux that boots the server(s) one time into its own OS,
installs a rootkit, and reboot it again into its own media.  Setting
this up may require a bit more time as you would have to remove the
sheath, punch the wires making sure to not cut them, and tap in.
Using a simple environment like busybox you can have this type of
system mount just about any type of filesystem(regardless of OS),
figure out which OS it is and install the appropriate rootkit. This
would require that the servers be set to PXE before their normal boot
media but could cause all sorts of havok.  Most DC's will utilize a
PXE environment in order to (re)deploy servers on the fly.  I'm sure
you all get the point.

Another idea would be another type of vampire tap/wap combo so you can
have the network as your own little playground.  I think that I read
about a tiny one a while back, but did not find it with a simple
search.  Maybe someone knows what I am referring to?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message, you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google