[Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
Gichuki John Chuksjonia
chuksjonia at gmail.com
Wed Sep 30 04:54:48 BST 2009
Thank you for this my.hndl. There are some issues i have been having
and seems your methodology may work on Fedora and others OSs.
On 9/30/09, maxigas <maxigas at anargeek.net> wrote:
> From: "bodik at civ.zcu.cz" <bodik at civ.zcu.cz>
> Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials
> from Attackers
> Date: Wed, 30 Sep 2009 00:03:51 +0200
>>> All standard users have read access to /var/log/auth, so if root
>> they shouldn't, at least on my default debian they don't ...
> On my default Ubuntu, users in "adm" group have reac access to the
> authentication log file:
> me at machine: ls -l /var/log/auth.log
> -rw-r----- 1 syslog adm 46774 2009-09-30 01:10 /var/log/auth.log
> ×× maxigas
> // villanypásztor / kiberpunk / web shepherd //
> -= Important communication disclaimer: by replying to my emails you are
> disclaiming all your disclaimers. =-
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosigmer at inbox.com
Full-Disclosure is hosted and sponsored by Secunia.