Help me analysis what did hacker do?

Dagmar d'Surreal dagmar.wants at nospam.com
Wed Jul 16 16:51:47 PDT 2003


On Wed, 2003-07-16 at 17:54, Sam Halliday wrote:
> Christophe Devine wrote:
> > Ares Liu wrote:
> > > In / directory I find out a .bash_history file.
> > Heh. It's really surprising how many so-called hackers are totally
> > unaware of the bare necessity of cleaning log files, especially shell
> > commands - which can be done rather easily with bash:
> > $ rm -f ~/.bash_history; unset HISTFILE
> 
> or instead of unset HISTFILE:
> 
>   history -c

Can we talk about the best way to find and exploit vulnerable suids
now?  :)

But seriously, there is an argument to be made that people should
disable that feature of bash in their ~/.bashrc (using unset HISTFILE or
by explicitly pointing it at /dev/null if you want to be very unsubtle)
if they don't strictly need their command history to continue from
session to session.  One of the things I... er... umm... this guy I knew
would /always/ search after compromising a system would be the
~/.bash_history files looking for hosts other users are telnetting or
sshing into.  Anyone sshing in using host keys to authenticate instead
of passwords would subsequently be 0wned automatically, plus it gives a
cracker a really good idea of what sloppy practices the sysadmin is into
in order to get a leg up on compromising anything else they might be
responsible for.
-- 
The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar  Jabber: evilDagmar at jabber.org

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list