Re: Documenting a server conf

On Mon, 22 Oct 2007 12:48:11 -0000, edcrosbys <edcrosbys@xxxxxxxxx> wrote:
I'll give it a shake..
Situation:
Server doesn't have network connectivity and I cannot get root access.

A vague situation description, I'll admit, yes.

Assumptions:
no root console access due to incorrect passwd
something is running that will be corrupted if we bounce and force our
way in via single user.

oooh, a nice twist, thank you; I may use that.

domainname was mentioned sounds like sweet sweet insecurity to me.

Oh, hell yes.

The co-workers can provide little assistance (in the way of user level
acct only)
Query users/bosses/others for any admin type access - probably futile,
but could pay off

Nice approach.

Hop on a functioning box as user and grab NIS map. Run NIS map (edited
for user security, of course) through jack the ripper.
While Jack is running, hop on dead box as user.
Look at network config, log files, GSM hardware logs, sudo config
(pray some more), others with uid 0, are there apps that prevent
forced access.

In other words, bad security practices are out there, see if any of 'em
are in place here you can exploit. Hell, if we had NIS, we could create
a (mumble) with a UID of (grumblesnarf) and be in.

Have network guy check things from his end just in case.
If everything appears to be configured correctly and you see no
errors, replace the cable.

Stranger things have happened.

Check for SUID/SGID files
If everything is properly secured (except using NIS) and the issue is
a config/hardware problem on the server, then you will need to bring
the box down to gain access and/or fix hardware. Now if my assumptions
were off, you have a different ball game.

Thank you, I enjoyed the exercise

You gave me a couple ideas that I haven't used. If the box is off the
network and deemed dead enough to call dead, options then include trying
to boot from alternate media (cd, boot net:dhcp - s , or probably other
ways), or the ultimate brute force, take the HD out and stick it in a
box you HAVE root on.

With physical access, logical access is just a matter of time. The most
fascinating thing I ever watched was one of the guys who at the time
worked for me, break into a box by dropping to the OK prompt and poking
around in the memory, changing the effective UID of the running process
to 0, and then typing "go" at the OK prompt to get back into his (now,
root) shell. Amazing.

.

Relevant Pages

  • Re: Ghosting clients
    ... can you post the netcard settings from the DOS config files. ... It also handed out a Primary DNS server. ... what does the network information look like on the DOS machine under DOS? ...
    (microsoft.public.windows.server.general)
  • Re: move ISA server to new computer?
    ... replace on the old name to the new server name. ... ISA Server detected routes through adapter NIC 1 - Internal ... Connection that do not correlate with the network element to which this ... Machine Name in the Config file so that it matches the new ISA's Machine ...
    (microsoft.public.isa)
  • RE: PIX config , pls advice
    ... > Subject: PIX config, pls advice ... > .I have scenario where in PIX 515E firewall and routers are ... > involved in the network and public access servers. ... > happening from mail server to pix and pix to mail server. ...
    (Security-Basics)
  • Re: SUDOERS: how to setup in a school
    ... > I'm teacher of a Linux course, and I'm using Fedora Core 2 to teach ... > to login using ROOT user or a user created with ROOT privileges, ... There are many config. ... I prefer Knoppix's Terminal Server; what I did is, ...
    (comp.os.linux.security)
  • Re: Documenting a server conf
    ... Server doesn't have network connectivity and I cannot get root access. ... no root console access due to incorrect passwd ... Look at network config, log files, GSM hardware logs, sudo config ...
    (comp.unix.admin)
Loading