Hacker News new | past | comments | ask | show | jobs | submit login

This brings back memories of a common exploit w/tftp, such that you could download an unshodowed /etc/passwd file from a remote machine, decrypt it, log into that remote system, collect new hosts from /etc/hosts, then rinse and repeat. Hash rate were pretty slow back then, but the fact that people used passwds straight out of dictionaries helped, so I'm told...

Better yet, open the /etc/passwd and see the root user's password wasn't set...

Back in college I ran ToneLoc overnight and would try ftp on the successful hits. One server didn't have root set, so I telnet'ed, <Enter> when prompted for the password, and I was in.

I ran 'who', saw a user logged in. Decided to wall them a message of "You should really set your root password." and logged out.

A couple of days later, I got an email on the trash email account I would use for ftp logins - dude was super nice but freaked out and wanted to know how I found his server. I didn't reply.

Do you know the train biscuits story?


Imagine the anecdote coming from the person you wall'd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact