[NTLUG:Discuss] FW: motivating shady clients to payup
Steve Baker
sjbaker1 at airmail.net
Tue Aug 27 06:42:52 CDT 2002
jeremyb at univista.com wrote:
> sorry, I gotta call your cards on this one... what does this accomplish?
>
> cp /etc/passwd /mnt/etc/passwd
> cp /etc/shadow /mnt/etc/shadow
If you took the hard drive out of the PC and put it into another
then simply copying the password files from the main hard drive
of that second PC onto the hard drive of the PC you installed
would be sufficient to give them password access when they moved
the hard drive back again.
I said that because Aaron suggested that...
>>It has been my experience that a client sufficiently skilled to pull
>>this off (and modify such files as /etc/passwd or /etc/shadow to
>>permit access once the machine is setup again) doesn't need one
>>of us to set up a traffic analysis tool.
I was merely pointing out that as someone who couldn't write a
traffic analysis tool, I at least am someone who *could* none
the less be skilled enough to pull off modifying /etc/passwd to
give me access.
----------------------------- Steve Baker -------------------------------
Mail : <sjbaker1 at airmail.net> WorkMail: <sjbaker at link.com>
URLs : http://www.sjbaker.org
http://plib.sf.net http://tuxaqfh.sf.net http://tuxkart.sf.net
http://prettypoly.sf.net http://freeglut.sf.net
http://toobular.sf.net http://lodestone.sf.net
More information about the Discuss
mailing list