From: Niklas Karlsson <nikke.karlsson@gmail.com>
To: The Eunuchs Hysterical Society <tuhs@tuhs.org>
Subject: [TUHS] Re: shell escapes in utilities
Date: Tue, 1 Aug 2023 20:55:41 +0200 [thread overview]
Message-ID: <CAK6BEgegH3TeE4ETM489s70jV4xDFzEJF1EV7u2QPkHEr4pCFA@mail.gmail.com> (raw)
In-Reply-To: <ema20a2ab4-d44e-4b1c-8e7e-079960bdd910@a70c2ae8.com>
[-- Attachment #1: Type: text/plain, Size: 1257 bytes --]
Den tis 1 aug. 2023 kl 20:43 skrev Ron Natalie <ron@ronnatalie.com>:
>
> I remember IBM sending me an early RS/6000. Booted the
> thing up but had no clue what root or any other password was.
> So, I set to work hacking on it. Now this thing had a physical key on
> the front. Off, On, and a Wrench symbol. OK, let’s try the wrench.
> Boots up some sort of maintenance program. After playing around with
> it a bit I find a help option. This starts up a paginator (more or pg
> or something). Sure enough you can shell escape otu of that.
> Instant root shell. Now it’s trivial to change the root password and
> reboot in normal mode.
>
To be fair, local root exploits are a bit of a different animal from
remote ones. Even now, if you have physical access to your average *nix
box, you can likely gain root. Sure, there are ways and means of
preventing that, but IME it's really only people doing really secret
spook stuff that bother with those. Even engineering outfits with big
secrets to protect usually don't bother.
What you did with that RS/6000 sounds roughly equivalent to booting a
modern Linux box in single-user mode, where you can also set the root
password to anything you like.
Niklas
[-- Attachment #2: Type: text/html, Size: 1651 bytes --]
next prev parent reply other threads:[~2023-08-01 18:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-01 5:47 [TUHS] " ron minnich
2023-08-01 11:38 ` [TUHS] " Leah Neukirchen
2023-08-01 12:31 ` G. Branden Robinson
2023-08-01 20:33 ` Dave Horsfall
2023-08-01 20:40 ` arnold
2023-08-01 14:29 ` Skip Tavakkolian
2023-08-01 15:30 ` ron minnich
2023-08-01 18:43 ` Ron Natalie
2023-08-01 18:55 ` Niklas Karlsson [this message]
2023-08-01 20:48 ` Steffen Nurpmeso
2023-08-01 21:11 ` Ron Natalie
2023-08-01 21:52 ` Steffen Nurpmeso
2023-08-01 21:13 ` Niklas Karlsson
2023-08-01 21:19 ` Dave Horsfall
2023-08-02 3:01 ` Grant Taylor via TUHS
2023-08-02 3:42 ` Niklas Karlsson
2023-08-02 2:59 ` Grant Taylor via TUHS
2023-08-02 10:49 ` Rich Salz
2023-08-02 14:49 ` Grant Taylor via TUHS
2023-08-02 14:20 ` Clem Cole
2023-09-19 16:56 ` Ori Bernstein
2023-09-19 17:04 ` ron minnich
2023-08-01 15:36 ` Phil Budne
2023-08-01 15:37 ` Clem Cole
2023-08-01 15:37 ` Grant Taylor via TUHS
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAK6BEgegH3TeE4ETM489s70jV4xDFzEJF1EV7u2QPkHEr4pCFA@mail.gmail.com \
--to=nikke.karlsson@gmail.com \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).