2 Feb
2011
2 Feb
'11
5:35 p.m.
Kwan Lowe wrote:
On Wed, Feb 2, 2011 at 9:44 AM, James Bensley jwbensley@gmail.com wrote:
So on a virtual server the root password was no longer working (as in I couldn't ssh in anymore). Only I and one other know it and neither of us have changed it. No other account had the correct privileges to
<snip>
Anyhoo, coincidentally I was thinking of ways to change a root password on a 24/7 system. Some of the things I tested was to overwrite some of the cron scripts that I had access to, create a suid binary on a trusted and mounted fs (i.e., no root squash, noexec not enabled), exec a shell from with a sudo command that had shell out capability, etc..
<snip> Well, if you could get on the system at all, and had sudo privileges, no problem.
mark