Results 1 to 8 of 8
Thread: Hacked Server
-
06-10-2004, 07:25 AM #1Junior Guru Wannabe
- Join Date
- Feb 2004
- Posts
- 55
Hacked Server
On of my cleint server was hacked last night (I think that they have found out the administrators password and got in that way). the trouble is that they have now changed this password and I have no way of logging into the server to sort out the problem.
Does anybidy know of any safe password crackers that I could try to find out what the administrators password has been changed to. Or do you think that the server is a lost cause and will have to be rebuilt?
-
06-10-2004, 07:29 AM #2WHT Addict
- Join Date
- May 2004
- Location
- Hungary
- Posts
- 106
Nutcracker will hack the password if it is found in the dictionary file.
-
06-10-2004, 07:55 AM #3Aspiring Evangelist
- Join Date
- Nov 2000
- Location
- Dayton OH
- Posts
- 359
To be perfeclty honest, I would say that the chances of breaking a password are slim to none. Can your data center admins not help you out at the console ? I would think there was something the staff could do to help you sort this out !
Nathan M.
Stormwire.com
A decade of professional hosting !
-
06-10-2004, 08:12 AM #4Web Hosting Master
- Join Date
- Oct 2003
- Location
- Georgetown, Ontario
- Posts
- 1,771
Ask the datacenter admins to login into the machine in single user mode and reset the password.
·· Repeat after me... ProSupport is the best... Prosupport is... ··
ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
VertiHost Inc. - We run a quality business. Do you?
-
06-10-2004, 10:54 AM #5Web Hosting Master
- Join Date
- Dec 2002
- Location
- The Shadows
- Posts
- 2,925
Have they changed the root password, or just the "admin" password?
Best bet would be to call the DC and get them to drop the IPs, boot it into single user, and reset the password.
If they just have the admin account compromised though, you might be able to su - using a clients password if you haven't enabled wheel group requirement.Dan Sheppard ~ Freelance whatever
-
06-10-2004, 01:35 PM #6Originally posted by nate
To be perfeclty honest, I would say that the chances of breaking a password are slim to none.
If they've got administrative passwords, it's safe to assume that everything is compromised. With administrator passwords, you can use something such as jtr (a tool I actually use myself to keep my server secure) to attempt to crack user passwords. Most passwords are guessed within 15 minutes, some take days, it all depends.
What all was hacked? If it was just 1 account, then you might be safe. However, it's never safe to assume that just 1 account was hacked. Have someone go over your server with a fine toothed comb and see whether or not everything was compromised.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
06-10-2004, 02:09 PM #7Web Hosting Master
- Join Date
- Jan 2002
- Location
- Home, chair
- Posts
- 723
Try 'John the Ripper', and there are sites where you can download very big word-lists. First try the word-lists and various methods, where it combines words from lists i differents ways. If it doesn't work, then you can try brute-forcing it, but chances here are really slim.
-
06-10-2004, 02:34 PM #8Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Guys stop with the brute-forcing chances slim to none. If you got a quick system u can crack any password pretty fast. You can even brute force md5 if you got time to wait.
Now for the serious stuff:
Do you keep up wuth updates, such as kernels, apache, etc.?Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance