> > Before he gets in, he still has to run a brute-force/dictionary-att. on
> > all users. He wouldn't have much time if the admins have done their
> > jobs.
>
> Well no. Think about sysadmins who have to allow users to run crappy
> PHP code on a shared server (so glad I'm not one of those people at
> the moment). An attacker can execute commands as a web user,
> probably far easier than brute-forcing an initial login. If they can
> then just copy a world readable /etc/passwd, they can do all the
> hash cracking offline. Which isn't possible if there's a /etc/shadow
This reminds me this document [1], which explains how some guys defeated
apache.org server long, long time ago. Very good.
Regards,
[1]
http://archives.neohapsis.com/archives/php/2000-05/att-0030/51-how_defaced_apache_org.txt
--
Roberto E. Vargas Caballero
Received on Wed Jun 04 2014 - 19:24:40 CEST