Date: Mon, 28 Sep 1998 15:31:28 -0700
From: Dan Stromberg <[email protected]>
To: [email protected]Subject: IRIX 6.2 passwordless accounts exploit?
We've had a lot of script kiddies running an exploit against our campus,
that checks for accounts that are passwordless by default in IRIX 6.2 -
like 4Dgifts, EZsetup, and so on. I've seen indications this isn't
limited to our campus...
This script has been generating hoardes of syslog entries like:
Sep 27 12:43:19 foo.bar login[16310]: failed: [email protected] as 4Dgifts
Amusingly, our suns, decs and linux machines run a fake tcpmux, so we
have lots of somewhat clueless kiddies checking for this vulnerability
on machines of the wrong OS :).
Anyway, can anyone make this exploit available, so I don't need to
reinvent the wheel in order to check for this myself? It'd probably be
easy in python, but it'd be nice to have "the real thing", the script
the kiddies are using themselves.
I checked rootshell.com, queried for sgi and 4Dgifts, but nothing
relevant popped up.
I know, if I "were a white hat" I could check /etc/passwd (or
/etc/shadow) myself. It's complicated. And I am a white hat. Besides,
the list is full disclosure.
