Quiz no 1
Christos Ricudis
ricudis at itc.auth.gr
Fri Mar 26 10:46:38 EET 2004
On Wed, 24 Mar 2004 13:46:20 -0800 (PST)
Alaios <alaios at yahoo.com> wrote:
> Kalispera....mias pou eimai foititis sinithizo na bazo diafora themata sto kefali mou stin prospatheia mou na mathaino genikotera...... Parakato sas paratheto enan problimatismo pou exo teleytaia kai ton opoion ton exo thesei kata kairous k se diaforous mou kathigites xoris na pairno panta tis apantiseis pou tha ithela :)....
Dhladh kaneis stous ka8hghtes sou mia erwthsh exontas dedomenh thn apanthsh poy 8eleis na pareis? Den einai o kalyteros tropos gia na se doun me kalo mati oi ka8hghtes sou :P
> Akoulouthei to problima
> "Exoume ena pc to opoio exei leitoyrgiko Linux, sto pc ayto exete se ola ta arxeia dikaioma anagnosis (k mono anagnosis) ma se ola ektos apo ena to /etc/shadow. To pc ayto trexei apo ipiresies mono apache(k php)-mysql. Skopos mas einai na kanoume oso perissotero kako mporoyme. Ti mporoume na kanoume?"
1) Denial of service attack :P
2) Efoson exeis read access se ola ma ola ta arxeia tou syshmatos, ARA exeis kai sta device nodes twn diskwn, opote mporeis poly aneta na psakseis ekei mesa kai na breis ta periexomena tou /etc/shadow prospernwntas to filesystem kai ta access restrictions tou.
3) Epishs afou exeis se ola ma ola ma apolytws ola ma de sou leipei kanena ma ola milame ta arxeia tou systhmatos, exeis prosbash kai sto /proc/kcore, kai sto /proc/<INSERT PID OF /sbin/getty, /bin/login, /bin/su, or other interesting programs>/mem, ara 8a mporouses 8ewrhtika na diabaseis to password tou root thn epomenh fora poy aytos 8a to dwsei se kapoio password prompt.
>
> akolouthoun kapoia sxolia
>
> -Akoma kai ean mporousame na diabasoume to /etc/shadow den itan sigouro oti tha mporousame na anaktisoume tous kodikous mias pou einai kodikopoimenoi me to pio robust algorithmo kryptografisis me to pio megalo kleidi poy yparxei
Nai, e? Phgaine ston ka8hghth pou se perase sto ma8hma ths kryptografias kai pes tou oti prolabainei akoma na dior8wsei th malakia poy ekane.
> -Ean endiaferestai gia paromoia themata pio dyskola omos peste mou gia na grafo kata kairous......allios peste to kai to ligo edo
> Elpizo na sas aresoun tetoia thematakia giati exo oreksi :)
Efoson exeis oreksh gia diabasma kai anazhthsh, nomizw oti 8a htan kalytero na thn katey8yneis pros to antikeimeno twn spoudwn sou. H 8ewria ypologismwn p.x. 8a se kanei kalytero programmatisth, asxeta ki an den to katalabaineis ayto apo twra. O,ti ma8eis sta diktya ypologistwn, oso bareto kai anousio sou fainetai ayth th stigmh, toso xrhsimo 8a sou fanei sto mellon. Problhmatismoi ths ektashs kai ths poiothtas "pws diabazw to /etc/shadow" apo thn allh, mono kalytero script kiddie mporei na se kanoyn, kai oloi kseroume oti DEN yparxoun kala script kiddies.
--
Christos Ricudis ricudis at itc.auth.gr
Systems Administrator +30-2310-998305
IT Support Center
Aristotles University of Thessaloniki, GREECE
More information about the Linux-greek-users
mailing list