Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Linux

Re: [PEN-TEST] Linux

From: Dunker, Noah <NDunker_at_FISHNETSECURITY.COM>
Date: Tue, 7 Nov 2000 18:06:33 -0600

Stock Red Hat 6.2 with no patches?

I've had some luck with the following:

The Dump and Restore vulnerabilities (local):
http://packetstorm.securify.com/0011-exploits/dump.sh

The SUIDPERL / Mailx mess (local):
http://packetstorm.securify.com/0008-exploits/suidperlhack.pl

The rpc.statd REMOTE ROOT:
(url not available, I have the source though.) I think it
was called "statdx2.c" and it was on www.hack.co.za, which is
down right now. Maybe find an up-to-date mirror, if exists?

these are all lame script-kiddie exploits that
are still actively being used. Anyone who keeps up on
their patches will have fixed all of these.

--Noah dunker

-----Original Message-----
From: Adassovsky Michel [mailto:manahune_at_YAHOO.COM]
Sent: Tuesday, November 07, 2000 1:42 PM
To: PEN-TEST_at_SECURITYFOCUS.COM
Subject: Linux

Hello,

I am doing a penetration test for a customer of us.
I have obtained user acces on a RedHat 6.2 box.
Can someone tell me how can I now gain root access, or
if you know any links giving exploits to gain root
acces...

Thank you

Michel - FRANCE

__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
Received on Nov 08 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]