Sam Trenholme's webpage
This article was posted to the Usenet group alt.hackers in 1995; any technical information is probably outdated.

Re: Need Help With Phone Pranksters


Article: 7408 of alt.hackers
From: fcusack@psu.edu (Frank Cusack Jr.)
Newsgroups: alt.hackers
Subject: Re: Need Help With Phone Pranksters
Date: Fri, 17 Feb 1995 20:44:15 -0500
Organization: Penn State University
Lines: 28
Approved: Approve these nuts
Message-ID: fcusack-1702952044150001@jfc117.rh.psu.edu
NNTP-Posting-Host: jfc117.rh.psu.edu
Status: RO

In article <3i36p0$nj5@geraldo.cc.utexas.edu>,
chandler@fiat.gslis.utexas.edu (chandler howell) wrote:

>
> ObAnti-HackerHack:
> The OWNER of a machine that I adminstrate has the nasty habit of hacking
> around in people's accounts as superuser, and since I can't just deny him
> access (it's his machine, after all), I wrote SHELL SCRIPTS (rofl)
> for who, w, and ps, so they wouldn't show me logged in, then changed
> system time so the date/time stamp would match the rest of the system
> files and copied them, then reset the time so I could watch him and see
> what sort of scummy stuff he was doing--reading people's mail and stuff
> like that.

That is a pretty shitty thing for someone to do. I have 2 questions:

1) what did you do with the information you got?
2) why didn't you just 'touch' the shell scripts to set the date/time stamp?

ObThisIsMyFirstPostSoIWantToStartOffRightHack:
Ran with shadow passwords for awhile, using /etc/getty for a console login
process. Well, I switched the login process (am I making sense here?) to
xdm, but it turns out it wasn't compiled for shadow passwords. So, I could
not login as root (or anything else) to change it back! After thinking
about it for some time, I came up with an easy solution: I logged in
remotely with telnet, (telnetd was shadow password aware) and copied the
root passwd entry from /etc/shadow to /etc/passwd until I was able to
re-compile xdm for shadow pw.



Parent Parent

Child Child Child Child Child

Back to index