mailing list archives
Re: [PEN-TEST] ftp etc/passwd
From: Bill Weiss <bill_weiss () att net>
Date: Tue, 28 Nov 2000 20:55:19 -0700
Seth Georgion(sgeorgion () ECLOSER COM)@Tue, Nov 28, 2000 at 02:50:13PM -0800:
I'm doing a pen-test on a Solaris/NT network and I found a Solaris server
with anonymous ftp on and with what appears to be the root directory of a
user on the system. Pardon my terminology as my experience lies mostly with
NT. Anyway, inside etc is passwd, which I suppose I need to get to wrap this
out, however everytime I try and retrieve it I get the error
ftp> get /etc/passwd
200 PORT command successful.
550 /etc/passwd is marked unretrievable
Another one of the folders reports access denied but this one definitely
Anybody have an idea on what I am doing wrong or how to get access to it.
(If anyone knows this better than I, speak up)
I doubt that the FTP server really is giving you the root directory.
It probably is chroot()ing (or something similar).
I imagine that, when writing a FTP server, I would just keep anonymous users
from downloading even the fake /etc/passwd, which it may. Not knowing Solaris
(Slack-type myself...), it's a guess.