Seth Georgion(sgeorgion_at_ECLOSER.COM)@Tue, Nov 28, 2000 at 02:50:13PM -0800:
> I'm doing a pen-test on a Solaris/NT network and I found a Solaris server
> with anonymous ftp on and with what appears to be the root directory of a
> user on the system. Pardon my terminology as my experience lies mostly with
> NT. Anyway, inside etc is passwd, which I suppose I need to get to wrap this
> out, however everytime I try and retrieve it I get the error
>
> ftp> get /etc/passwd
> 200 PORT command successful.
> 550 /etc/passwd is marked unretrievable
>
> Another one of the folders reports access denied but this one definitely
> does not.
>
> Anybody have an idea on what I am doing wrong or how to get access to it.
(If anyone knows this better than I, speak up)
I doubt that the FTP server really is giving you the root directory.
It probably is chroot()ing (or something similar).
I imagine that, when writing a FTP server, I would just keep anonymous users
from downloading even the fake /etc/passwd, which it may. Not knowing Solaris
(Slack-type myself...), it's a guess.
Received on Nov 30 2000
Intro
