LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-12-2013, 12:25 PM   #1
svenxix
LQ Newbie
 
Registered: Feb 2012
Distribution: Debian, Fedora
Posts: 24

Rep: Reputation: 0
rsh without a password


I'm setting up an intentionally insecure server for an information security class. I'm basing it off of the metasploitable vm, but that is too easy, so I'm trying to copy some stuff off of it.

I would like to let the users rsh without a password, regardless from what machine they are trying to login with.

Here's what I have so far.

Rsh is running, but it prompts for passwords.

The vulnerable user is named Steve. His ~/.rhosts file says "+ +".

A lot of sites say I have to specify IP address from trusted hosts in the /etc/hosts.equiv file, but metasploitable doesn't do that, and I want to have the server accessible from any ip address.

I created a user named steve on my Backtrack VM that I am trying to login from.
 
Old 03-12-2013, 12:41 PM   #2
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 801
Blog Entries: 2

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
Originally Posted by svenxix View Post
Rsh is running, but it prompts for passwords.

The vulnerable user is named Steve. His ~/.rhosts file says "+ +".

A lot of sites say I have to specify IP address from trusted hosts in the /etc/hosts.equiv file, but metasploitable doesn't do that, and I want to have the server accessible from any ip address.
Are you NOT using any hosts.deny (or anything like that in PAM or xinetd)?

Assuming you've got an unencumbered process listening then either .rhosts or hosts.equiv should be able to give access to all hosts with a + sign.

Is the username the same (case-sensitive Steve != steve)?

Have you both rsh(shell) and rlogin(login) running? An rsh command with no arguments becomes an rlogin command (but "rsh somewhere sh -i" is a remote command that gets you a shell).

http://www.porcupine.org/satan/admin...-cracking.html
 
Old 03-12-2013, 01:15 PM   #3
svenxix
LQ Newbie
 
Registered: Feb 2012
Distribution: Debian, Fedora
Posts: 24

Original Poster
Rep: Reputation: 0
/etc/hosts.deny is empty.
The username I am using is the correct case.

The command I am using to connect is

$ rsh -l steve <ip address>
and
$ rlogin -l steve <ip address>

They both prompt for a password.

The permissions for /home/.rhost are

600 steve steve

I am not familiar with xinetd or PAM configurations, so I have not modified any of them. Which files should I look at?
 
Old 03-12-2013, 11:34 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,287

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Here's a good Chapter on xinetd http://www.linuxtopia.org/online_boo...rappers-xinetd
PAM from the same manual http://www.linuxtopia.org/online_boo...l5_ch-pam.html

Basically http://www.linuxtopia.org/online_boo...dministration/
 
Old 03-18-2013, 04:42 PM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 2,232

Rep: Reputation: 577Reputation: 577Reputation: 577Reputation: 577Reputation: 577Reputation: 577
rsh without a command switches to rlogin.

Also check for a .rhosts file in the users home directory. If the remote system is not entered you are supposed to be denied.
 
  


Reply

Tags
rsh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rsh as root with no password McBLT Linux - Newbie 7 08-03-2012 07:54 PM
cant rsh without password dispite following howto's! SourCreamAndOni Linux - Software 2 08-09-2009 04:11 PM
Rsh , Rlogin Without password shan_nathan Linux - Security 8 08-18-2007 01:21 AM
rsh without password JurajPsycho Linux - Networking 4 08-03-2005 05:38 AM
rsh without password Qex Linux - Security 3 08-09-2003 12:54 PM


All times are GMT -5. The time now is 11:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration