[TUHS] Recovered /etc/passwd files

Arthur Krewat krewat at kilonet.net
Wed Oct 9 07:22:03 AEST 2019

On 10/8/2019 5:02 PM, Dave Horsfall wrote:
> On Tue, 8 Oct 2019, Arthur Krewat wrote:
>> Slightly off-topic, but still UUCP related. If a SunOS box NFS 
>> exported /, and I could mount /, even without root NFS access, using 
>> the uucp user, I could overwrite uucico because it was owned by uucp. 
>> The entry in inetd.conf would automatically run uucico as root. 
>> Telnet to the box on that port, and it would happily run whatever I 
>> put in the uucico file.
>> Bad joo-joo.
> *Cough cough* I remember that *cough cough*...

cough cough back at you, sir ;)

> Unix systems in those days were broken in subtle ways; we once broke 
> into a Gould (marketed as the most secure box on the planet[*]) by 
> social-engineering a marketoid (we tricked him into running a custom 
> "ls" or something).  "Thank you Sir, and we've just broken into your 
> Gould; there's the root prompt".

I was able to social-engineer an operator a few times on TOPS-10 systems 
back in the day to reset passwords, or mount disks. "Can you give me a 
list of disks you have ready to mount?" - "blah blah blah" - "OK, mount 
pack BLARG".

But then, one time, I was talking to an "operator" for a while before I 
realized it was an ELIZA-like program that kept going back around in a 
loop. Trying to be suave, I started it by asking how they were doing, 
and got all sorts of weird responses.

At some point, realizing I was talking to a bot, I said: "I feel bad" - 
and it replied something to the effect of "Can you explain why you feel 
bad?". Typical ELIZA response ;)

Someone at that university had a sense of humor, that's for sure. Broke 
into it anyway guessing passwords.


More information about the TUHS mailing list