Results 1 to 8 of 8

Thread: Hacked Server

  1. #1
    Join Date
    Feb 2004
    Posts
    55

    Hacked Server

    On of my cleint server was hacked last night (I think that they have found out the administrators password and got in that way). the trouble is that they have now changed this password and I have no way of logging into the server to sort out the problem.

    Does anybidy know of any safe password crackers that I could try to find out what the administrators password has been changed to. Or do you think that the server is a lost cause and will have to be rebuilt?

  2. #2
    Join Date
    May 2004
    Location
    Hungary
    Posts
    106
    Nutcracker will hack the password if it is found in the dictionary file.

  3. #3
    Join Date
    Nov 2000
    Location
    Dayton OH
    Posts
    359
    To be perfeclty honest, I would say that the chances of breaking a password are slim to none. Can your data center admins not help you out at the console ? I would think there was something the staff could do to help you sort this out !
    Nathan M.
    Stormwire.com
    A decade of professional hosting !

  4. #4
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,771
    Ask the datacenter admins to login into the machine in single user mode and reset the password.
    ·· Repeat after me... ProSupport is the best... Prosupport is... ··
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  5. #5
    Join Date
    Dec 2002
    Location
    The Shadows
    Posts
    2,925
    Have they changed the root password, or just the "admin" password?

    Best bet would be to call the DC and get them to drop the IPs, boot it into single user, and reset the password.

    If they just have the admin account compromised though, you might be able to su - using a clients password if you haven't enabled wheel group requirement.
    Dan Sheppard ~ Freelance whatever

  6. #6
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Originally posted by nate
    To be perfeclty honest, I would say that the chances of breaking a password are slim to none.
    And pigs fly!
    If they've got administrative passwords, it's safe to assume that everything is compromised. With administrator passwords, you can use something such as jtr (a tool I actually use myself to keep my server secure) to attempt to crack user passwords. Most passwords are guessed within 15 minutes, some take days, it all depends.

    What all was hacked? If it was just 1 account, then you might be safe. However, it's never safe to assume that just 1 account was hacked. Have someone go over your server with a fine toothed comb and see whether or not everything was compromised.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  7. #7
    Join Date
    Jan 2002
    Location
    Home, chair
    Posts
    723
    Try 'John the Ripper', and there are sites where you can download very big word-lists. First try the word-lists and various methods, where it combines words from lists i differents ways. If it doesn't work, then you can try brute-forcing it, but chances here are really slim.

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Guys stop with the brute-forcing chances slim to none. If you got a quick system u can crack any password pretty fast. You can even brute force md5 if you got time to wait.

    Now for the serious stuff:

    Do you keep up wuth updates, such as kernels, apache, etc.?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •