Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] ftp etc/passwd
From: cdowns <cdowns () SKILLSOFT COM>
Date: Tue, 28 Nov 2000 22:41:06 -0500

Seth Georgion wrote:

I'm doing a pen-test on a Solaris/NT network and I found a Solaris server
with anonymous ftp on and with what appears to be the root directory of a
user on the system. Pardon my terminology as my experience lies mostly with
NT. Anyway, inside etc is passwd, which I suppose I need to get to wrap this
out, however everytime I try and retrieve it I get the error

ftp> get /etc/passwd
200 PORT command successful.
550 /etc/passwd is marked unretrievable

Another one of the folders reports access denied but this one definitely
does not.

Anybody have an idea on what I am doing wrong or how to get access to it.


Seth Georgion

This most likely means you are not the owner of the file and the owner is root.
so trying to get this file may be almost impossible. have you tried a plain old
buffer overflow? reason i say this is because if you have an account you also
might be in luck of a known BO for the ftpd version and you should be able to
gain root access to that machine.
if you have world read/writable acces such as user nobody or guest you may be
able to get a trojan of some sort onto the remote machine and tool the server.

just ideas for ya.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]