Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Linux
From: El Nahual <nahual () S0D SAL ITESM MX>
Date: Fri, 10 Nov 2000 07:47:21 -0900

Actually there is a method ... you can bruteforce directories when ya have
no read permission to them or the parent, its a bug based on umask, the
code SHOULD be up on www.s0d.org today or tomorrow tops, its basic and
proof of concept (as usual) ....

With that maybe you can get some nice files and then able to gain further
access .....

I promise to get more tools in there but Am3ntiA our web main guy has ben
sick (hope you get better) so he hasn't been able to put some stuff I
already sent him there .. but I'll give him a call ....


El Nahual

On Thu, 9 Nov 2000, Adassovsky Michel wrote:

First of all, thanks to HD for considering me as an
amateur ...
I did not mentionned it in my first mail because it
seemd obvious to me that the Redhat I am talking about
is not a stock RedHat.

Let me be more precise :

Redhat 6.2 with patches
Minimal services installation.
No unecessary packages installed
No Xfree nor X manager installed
No unecessary users
Shadow-MD5 passwords

I have a user level-access.

What i'd liked to know is if there is acvanced
techniques (even agressives techniques) to gain root
access.

Before to send those mails to the list, I've tried the
exploits recensed on :

Security Focus
Seuriteam
PacketStorm
And others ....

Bye

Michel

__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.
http://shopping.yahoo.com/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]