[TUHS] Recovered /etc/passwd files
norman at oclsc.org
Wed Oct 9 04:38:43 AEST 2019
Back in the heyday of uucp, some sites were lazy and allowed
uucico access to any file in the file system (that was accessible
to the uucp user). A common ploy for white hats and black hats
was to try
uucp remotesys!/etc/passwd ~/remotesys
or the like, and see what came in and whether it had any easy
hashes (shadow password files didn't quite exist yet).
The system known to the uucp world as research! was more
careful: / was mapped to /usr/spool/uucp. We left a phony
etc/passwd file there, containing plausible-looking entries
with hashes that, if cracked, spelled out
I don't remember whether anyone ever stole it by uucp, though
I think Bill Cheswick used it to set up the phony system
environment for Berferd to play in (Google for `cheswick berferd'
if you don't know the story).
More information about the TUHS