| From: | Jettero Heller <heller@*****.CBA.CSUOHIO.EDU> |
|---|---|
| Subject: | Re: Matrix |
| Date: | Fri, 21 Apr 1995 21:45:41 -0400 |
<mfender@******.SGCL.LIB.MO.US> writes:
> > Once again, correct, but how do you find a hole into the system without a
> > password? Catch-22. If you happen to know a hole through good
> catch-22. But I am out of my league. I have never hacked a machine,
> and I will probably never hack one that does not belong to me. If
> someone else wants to elaborate, then please do.
This sounds much like an invitation. . .so here goes.
There are a number of ways to connect to a computer and have it execute
a process with out ever knowing a password on it. As a few examples
are: sending mail (the receiving machine must execute something to
receive mail), finger (the machine you finger executes a program to
give you the output you want), ftp, rlogin and a host of other "UNIX"
utilities. Utilities that exist on virtually every machine on the
internet. Now, some of the programs have bugs in them that cause
people to be able to access the machine with out a password.
Quick Internet history lesson, 1988 a guy named Robert Morris released
the "internet worm". It broke into many many computers on the internet
all by itself. One of the attacks it used was the 'fingerd' attack,
essentially what it did was feed the finger daemon (the program running
on a computer to which it didn't have a password) some bogus input
that made it execute the command he wanted it to. If that command
happens to be the one that changes the superusers password to
nothing then not only has he found a hole into a system, but he's
also obtained very high level access.
Now don't think that since that was "way back in '88" that it won't
happen again because we learned better. There was just a report of
a remarkably similar bug in a piece of software that almost everyone
had running. . .
** Heller
