[TUHS] Recovered /etc/passwd files
Dave Horsfall
dave at horsfall.org
Wed Oct 9 07:02:42 AEST 2019
On Tue, 8 Oct 2019, Arthur Krewat wrote:
> Slightly off-topic, but still UUCP related. If a SunOS box NFS exported
> /, and I could mount /, even without root NFS access, using the uucp
> user, I could overwrite uucico because it was owned by uucp. The entry
> in inetd.conf would automatically run uucico as root. Telnet to the box
> on that port, and it would happily run whatever I put in the uucico
> file.
>
> Bad joo-joo.
*Cough cough* I remember that *cough cough*...
Unix systems in those days were broken in subtle ways; we once broke into
a Gould (marketed as the most secure box on the planet[*]) by
social-engineering a marketoid (we tricked him into running a custom "ls"
or something). "Thank you Sir, and we've just broken into your Gould;
there's the root prompt".
[*]
They never did pay us our bounty, because we "cheated" :-)
-- Dave
More information about the TUHS
mailing list