dimanche 8 février 2015

Explain the last part of how Mitnick hacked Tsutomu Shimomura with an IP sequence attack



I was reading up on why TCP ISNs need to be randomized, which led me to this write up by Tsutomu Shimomura. I understood how IP address spoofing and predicting the ISN helped the attacker establish a one way connection to the 'x-terminal'. But after that the attacker sends this data - rsh x-terminal "echo + + >>/.rhosts. He doesn't explain what this did and how he was able to get root access to the 'x-terminal'. I understand that rsh allows you to execute commands on a remote host. What I don't understand is what exactly does the command echo + + >>/.rhosts do?





Aucun commentaire:

Enregistrer un commentaire