DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th April 2010
tetrodozombie tetrodozombie is offline
Real Name: bill slusser
Banned
 
Join Date: Dec 2009
Location: atlanta, ga
Posts: 82
Default Desperate. Doing the unthinkable! ( never seen it done here before )

This guy is gaining root access on his xbox, playstation, whatever with some kind of stupid script that puts his name in my root. I know this guy, too. It happens when I do a ftp install of OpenBSD 47 snapshot.


Here's the master.passwd file: ( top of it anyway )

root:$2a$08$PNfB7EKYiT63/UfkxIT2I.EobNwxB8ibMN/O4RWVIiXr1yMVRrjcW:0:0:daemon:0:0:Charlie &:/root:/bin/ksh
daemon:*:1:1::0:0:The devil himself:/root:/sbin/nologin
operator:*:2:5::0:0:System &:/operator:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Message Submission Program:/nonexistent:/sbin/nologin
Reply With Quote
  #2   (View Single Post)  
Old 25th April 2010
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

"Charlie &" is the default name given to the root user on OpenBSD. An ancient BSDism.

Look at the source to master.passwd delivered to you by the Project:

http://www.openbsd.org/cgi-bin/cvswe.../master.passwd

Now, go change your root password, since you have published it. /etc/master.password is chmod 600 for a reason.
Reply With Quote
  #3   (View Single Post)  
Old 25th April 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by jggimi View Post
An ancient BSDism.
It is also worthwhile searching the misc@ archives for similar information. ie.

http://marc.info/?l=openbsd-misc&m=99640482412430&w=2
Reply With Quote
  #4   (View Single Post)  
Old 25th April 2010
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

No offence to the OP, but this was hilarious.
Reply With Quote
  #5   (View Single Post)  
Old 25th April 2010
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

Did I miss April Fools again?
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #6   (View Single Post)  
Old 26th April 2010
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Talking

If you know him, tell him to stop. Besides, Charlie has his Angels, not daemons.
__________________
That's nothing a couple o' pints wouldn't fix.
Reply With Quote
  #7   (View Single Post)  
Old 26th April 2010
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

LOL. I like to change the default name to "root beer".
Reply With Quote
  #8   (View Single Post)  
Old 27th April 2010
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Default

Quote:
Originally Posted by IdOp View Post
LOL. I like to change the default name to "root beer".
Hmmm, if you were to change the name in /etc/passwd from Charlie & to & Beer, would it show up as Root Beer?
__________________
That's nothing a couple o' pints wouldn't fix.
Reply With Quote
  #9   (View Single Post)  
Old 27th April 2010
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

Quote:
Originally Posted by marcolino View Post
Hmmm, if you were to change the name in /etc/passwd from Charlie & to & Beer, would it show up as Root Beer?
Just tried it (on Linux ...), and indeed it does show up as "Root Beer" ! Now I'll have to go read the man page, lol.
Reply With Quote
Old 2nd May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

I once had a customer who insisted someone was hacking her computer and kept creating accounts for himself: Administrator and Guest.

It was funny at first, but she came back four times and kept yelling at me that I didn't fix the problem. I believe her brain had a "block in quick" rule since no new information seemed to arrive there.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 7th May 2010
tetrodozombie tetrodozombie is offline
Real Name: bill slusser
Banned
 
Join Date: Dec 2009
Location: atlanta, ga
Posts: 82
Default

End Game: Charlie is a must have "HACKER" name if you wanna be a 'real' serious OpenBSD Hacker. Then, you just have to pretend to have an interest in the Occult, and voila! Get root, put your name "Charlie" there and be an egotistical jackass and say, "The Devil Himself! If I don't say so myself!" HA!!!!
Reply With Quote
Old 7th May 2010
tetrodozombie tetrodozombie is offline
Real Name: bill slusser
Banned
 
Join Date: Dec 2009
Location: atlanta, ga
Posts: 82
Default

See, I have a friend down the street named "Charlie." He was in the military, was airborne qualified, supposedly did a lot of 'Counter Intelligence' work. Who knows maybe he did, maybe he didn't. He loves the occult. Please don't say the word Daemon or Demon around him because he'll go off on a tangent about religion and yada yada yada. He plays Star Wars shoot'em up games on his Playstation and Xbox all day.

When I saw the contents of that file, with his name, saying 'the devil himself' I almost died. I could have sworn he had been violating my computer territory.

Now, after the fact. It's funny as hell. I just couldn't believe the coincidences. One it's a maybe, but two? It's almost surely not. Right? Well, no. I was wrong.

Thanks to jggmi for helping me see the light.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Desperate help needed for KDE disappearedng FreeBSD General 12 17th July 2008 05:21 PM


All times are GMT. The time now is 09:49 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick