|
|
> tsarly wrote: > > Basically I have a working set up openvpn server on a > > slackware 10.1 box. > > The problem is that I've recently changed the root password > > and ....!! lost it.... > > Now the thing is that I haven't got access to the server cause > > well... it is a different country ...but as I said the server is > > active... so basically I can connect to the remote lan using my > > keys... Connect, meaning openvpn? Are there any open services on this machine? Do you have any shell access at all? If so, with a little hard work you should be able to find some way to escalate privileges. No shell? Then look at your open services. Occasionally some have exploits which allow an attacker to get shell, and from there you work on privilege escalation. Check the known security issues with 10.1: http://slackware.com/security/ http://slackware.com/security/list.php?l=slackware-security&y=2005 10.1 was released in February, so everything listed there probably affects 10.1. Offhand I'd say PHP is your best hope. > > The question is... can I somehow get inside my (Openvpn Server) box > > through the vpn connection to change the root password?? If openvpn is your only open service, there is no known exploit against it, TTBOMK. > > Any help would be appreciated!! You might have to hire someone to help, if you're not sure what you're doing. Again I would suggest PHP ... someone in PHP forums might know how to exploit it. Anyone assisting you would need solid assurance that you ARE the rightful owner of this machine, of course. :) On Tuesday 2005-October-04 07:10, Terry L. Inzauro wrote: > one would hope not ;) i'; assuming that the easiest approach is not > available(console access). if sshd is listening on all > interfaces(physical and tun) try ssh'ing to the tun ip or the lan ip > of you openvpn box. if tcp wrappers, iptables, and sudo is setup > correctly, you should be able to accomplish your goal. FSVO "correct". :) I would negate that statement. But I know what you mean. In fact I make it a point NOT to know root passwords on my own systems; I rely on sudo. If I need to login as root for some reason, I generate a random password, change it with sudo, and never write it down. > perhaps you should post this question to a different mailing > list.......... Yes, it's topical insofar as the question is "how can I use openvpn to gain root privilege?" But after that it goes off topic. I have rooted two machines on behalf of their owners. Both Red Hat, for what that's worth, which is in fact worth nothing. Both times I exploited glaring weaknesses in proprietary software. Amazing how the axiom, "You get what you pay for," does not seem to apply to software. (It does apply - just that money is not usually a valid means of payment. :) ) -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |