|
.bash_history by anonymous A simple way of getting accounts, even though its unpratical and should be used as a last resort, is to look at users .bash_history and .history files that are stored in their $HOME. It is suprising how easy it is to access other people's private information by looking at their logs. By default any file thats been created by the user is set chmod 744, this lets anyone read the file if they have the same group privledges as that user. Same goes when a new user first logs in, the /etc/skel files are copied to their home and .bash_history will be created when the user logs in next time, assuming its a bash shell (Bourne Again). Inside the .bash_history you might be lucky enough to find some typo's of passwords, heres some examples of what you might want to look for: aloc:/home/victom# cat .bash_history tenlet whitehouse.gov /* mis spelt */ telnet whitehouse.gov : cat /etc/passwd ls cd .. more /var/log/messages : login Lewinsk1 /* login as user Lewinsk1 */ If there are many users on the system you may want to use grep: aloc:~# grep telnet /home/*/.bash_history | more /home/victom1/.bash_history:telnet whitehouse.gov /home/victom2/.bash_history:telnet /home/victom3/.bash_history:telnet fed.gov.au If your looking for some 0 GID or even root you look for: aloc:~# grep su /home/*/.bash_history /root/.bash_history | more or even: aloc:~# grep passwd /home/*/.bash_history /root/.bash_history | more It may be a good choice if you find some that look promising enough then have a look at the file, it may take a while to find anything but its up to you if you want to trade time for accounts. It's a good idea to check out the /etc/passwd to have an idea of where the home directories are located and what type of shells they use because they may very from system to system. Also you may need to pissfart round with the login or passwd but its up to you depending how desperate you need the accounts. To fix this if your a user then a simple "chmod 000 .bash_history" will do the trick. or even "ln -s ~/.bash_history /dev/null" does a better job. If your an admin then do the following: touch /etc/skel/.bash_history /etc/skel/.history chmod 700 /etc/skel/.*history chmod 700 /home/*/.*history (depending on where your users home is placed) This maybe considered as a lame method of gaining accounts but I belive its worth a mention. Posted in by a Spaceman from outer space that wants to stay Anonymous.