This article was posted to the Usenet group alt.hackers in
1995; any technical information is probably outdated.
Parent Parent
Re: Need Help With Phone Pranksters
Article: 7408 of alt.hackers From: fcusack@psu.edu (Frank Cusack Jr.) Newsgroups: alt.hackers Subject: Re: Need Help With Phone Pranksters Date: Fri, 17 Feb 1995 20:44:15 -0500 Organization: Penn State University Lines: 28 Approved: Approve these nuts Message-ID: fcusack-1702952044150001@jfc117.rh.psu.edu NNTP-Posting-Host: jfc117.rh.psu.edu Status: RO
In article <3i36p0$nj5@geraldo.cc.utexas.edu>, chandler@fiat.gslis.utexas.edu (chandler howell) wrote: > > ObAnti-HackerHack: > The OWNER of a machine that I adminstrate has the nasty habit of hacking > around in people's accounts as superuser, and since I can't just deny him > access (it's his machine, after all), I wrote SHELL SCRIPTS (rofl) > for who, w, and ps, so they wouldn't show me logged in, then changed > system time so the date/time stamp would match the rest of the system > files and copied them, then reset the time so I could watch him and see > what sort of scummy stuff he was doing--reading people's mail and stuff > like that. That is a pretty shitty thing for someone to do. I have 2 questions: 1) what did you do with the information you got? 2) why didn't you just 'touch' the shell scripts to set the date/time stamp? ObThisIsMyFirstPostSoIWantToStartOffRightHack: Ran with shadow passwords for awhile, using /etc/getty for a console login process. Well, I switched the login process (am I making sense here?) to xdm, but it turns out it wasn't compiled for shadow passwords. So, I could not login as root (or anything else) to change it back! After thinking about it for some time, I came up with an easy solution: I logged in remotely with telnet, (telnetd was shadow password aware) and copied the root passwd entry from /etc/shadow to /etc/passwd until I was able to re-compile xdm for shadow pw.
Parent Parent