mailing list archives
Re: [PEN-TEST] ftp etc/passwd
From: cdowns <cdowns () SKILLSOFT COM>
Date: Tue, 28 Nov 2000 22:41:06 -0500
Seth Georgion wrote:
I'm doing a pen-test on a Solaris/NT network and I found a Solaris server
with anonymous ftp on and with what appears to be the root directory of a
user on the system. Pardon my terminology as my experience lies mostly with
NT. Anyway, inside etc is passwd, which I suppose I need to get to wrap this
out, however everytime I try and retrieve it I get the error
ftp> get /etc/passwd
200 PORT command successful.
550 /etc/passwd is marked unretrievable
Another one of the folders reports access denied but this one definitely
Anybody have an idea on what I am doing wrong or how to get access to it.
This most likely means you are not the owner of the file and the owner is root.
so trying to get this file may be almost impossible. have you tried a plain old
buffer overflow? reason i say this is because if you have an account you also
might be in luck of a known BO for the ftpd version and you should be able to
gain root access to that machine.
if you have world read/writable acces such as user nobody or guest you may be
able to get a trojan of some sort onto the remote machine and tool the server.
just ideas for ya.