Ubuntu-Chicago Found a hole...
Freddy Martinez
freddymartinez9 at gmail.com
Thu Nov 16 01:26:04 GMT 2006
Yea i'd approach the school with the security hole and tell them to fix it
before they find you out you saw the hole. White hat cracking :). I don't
know much about networking though.
On 11/15/06, Eric O'Neal <fyedernoggersnodden at gmail.com> wrote:
>
> Mmkay, at my University, SSH access to the UNIX servers (With limited
> privilidges, of course) is dolled out freely to all students (I don't think
> it should be, but whatever). All they have to do is log onto a web
> interface, set a shell, and voila.
>
> A friend and I, for some reason or another, logged on the other night.
> Out of sheer curiosity, I cd'd into the root directory to see what all I had
> read access to. Just about everything, it seems. Being a comp. sci.
> student interested in how things are secured, I view the /etc/passwd file.
> Shaddowed. Good.
>
> Here's the kicker. My buddy, with the same non-malicious curiosity, typed
> "ypcat".
>
> Wham. The encrypted passwords of 9,000 or so users hit his LCD, coming
> stright from the NIS Domain server, core of the University's authentication
> system (The Windows domain copies the NIS domain).
>
> !!?!
>
> I downloaded John the Ripper and had some fun with it, finding 30 or so
> blank passwords, among others. However, I have no reason to keep those
> passwords, as I've never been tempted to try and feel "powerful" by holding
> such data. I deleted the encrypted pass's from my hard disk an hour later,
> but the security hole is still there.
>
> I don't know much about NIS, so I installed a server on my Ubuntu box, and
> cliented my FreeBSD box to test it. When I do "ypcat" from my client here
> at home, it doesn't display the passwords, but a little friendly 'x' instead
> amongst the user data. They seem to be shaddowed off, or something of that
> sort.
>
> Like I said, NIS is a black box to me. Is my Ubuntu ypserve really immune
> to getting passwords via ypcat? And, if so, would there be a simple way to
> shaddow off the passwords on a Solaris 7 server, which seems to be what
> they're running?
>
> This whole situation sounds dangerously similar to the gig Red_Herring got
> himself into a while back at his high school... how'd his hearing go, btw?
> I work programming for one the departments, and my friend works in campus
> IT, so I think we'll be okay if we go talk to the admin about it (I'd like
> to know it's solvable first), though we may have technically violated the
> policy already.
>
> Cheerio and advice welcome,
> SigmaX
>
> PS: Sry I haven't made it to a meeting. I'm in SW Michigan, remember,
> and so bogged down with classes that I didn't even realize there was a chat
> meeting 'till it was too late...
>
>
>
> --
> My home page: http://www.SigmaX.org
>
> "ttocs laeno cire oshkosh b'gosh fyedernoggersnodden nicht stein bon
> probiscus"
>
> "Education is what remains after one has forgotten everything he learned
> in school"
> -- Albert Einstein
> --
> Ubuntu-us-chicago mailing list
> Ubuntu-us-chicago at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-chicago
>
>
>
--
-Freddy Martinez-
Kubuntu. [GNU/]Linux for human beings.
</message>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-us-chicago/attachments/20061115/437d97ec/attachment.htm
More information about the Ubuntu-us-chicago
mailing list