[Full-disclosure] Putty Proxy login/password discolsure....
Dude VanWinkle
dudevanwinkle at gmail.com
Thu Nov 2 21:00:55 GMT 2006
On 11/2/06, Valdis.Kletnieks at vt.edu <Valdis.Kletnieks at vt.edu> wrote:
> On Thu, 02 Nov 2006 01:15:19 CST, nocfed said:
>
> > And if you have physical access then you can simply use a floppy, usb
> > dongle, or any other type of removable media to boot from. Once
> > physical access is obtained then you pretty much have full access,
> > barring full disk encryption.
>
> For bonus points, figure out how to reboot the machine without being
> detected. For starters, there's that pesky 'uptime' ;)
Back up the settings and configuration of the Operating System and
monitored applications.Then clone the GUID/SID/etc of the machine to
the Attackers laptop and do a restore of the backed up data also to
the attackers laptop, which had the necessary OS put on it in
preparation for the attack.
Pull the data cable out of the server and put it in the laptop. You
are now free to install your rootkit, reboot the server and then cover
your tracks.
Replace cable in server and vamoose
-JP
Full-Disclosure is hosted and sponsored by Secunia.