[TUHS] Recovered /etc/passwd files
Arthur Krewat
krewat at kilonet.net
Wed Oct 9 07:22:03 AEST 2019
On 10/8/2019 5:02 PM, Dave Horsfall wrote:
> On Tue, 8 Oct 2019, Arthur Krewat wrote:
>
>> Slightly off-topic, but still UUCP related. If a SunOS box NFS
>> exported /, and I could mount /, even without root NFS access, using
>> the uucp user, I could overwrite uucico because it was owned by uucp.
>> The entry in inetd.conf would automatically run uucico as root.
>> Telnet to the box on that port, and it would happily run whatever I
>> put in the uucico file.
>>
>> Bad joo-joo.
>
> *Cough cough* I remember that *cough cough*...
cough cough back at you, sir ;)
>
> Unix systems in those days were broken in subtle ways; we once broke
> into a Gould (marketed as the most secure box on the planet[*]) by
> social-engineering a marketoid (we tricked him into running a custom
> "ls" or something). "Thank you Sir, and we've just broken into your
> Gould; there's the root prompt".
I was able to social-engineer an operator a few times on TOPS-10 systems
back in the day to reset passwords, or mount disks. "Can you give me a
list of disks you have ready to mount?" - "blah blah blah" - "OK, mount
pack BLARG".
But then, one time, I was talking to an "operator" for a while before I
realized it was an ELIZA-like program that kept going back around in a
loop. Trying to be suave, I started it by asking how they were doing,
and got all sorts of weird responses.
At some point, realizing I was talking to a bot, I said: "I feel bad" -
and it replied something to the effect of "Can you explain why you feel
bad?". Typical ELIZA response ;)
Someone at that university had a sense of humor, that's for sure. Broke
into it anyway guessing passwords.
ak
More information about the TUHS
mailing list