Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] ftp etc/passwd
From: Bill Weiss <bill_weiss () att net>
Date: Tue, 28 Nov 2000 20:55:19 -0700

Seth Georgion(sgeorgion () ECLOSER COM)@Tue, Nov 28, 2000 at 02:50:13PM -0800:
I'm doing a pen-test on a Solaris/NT network and I found a Solaris server
with anonymous ftp on and with what appears to be the root directory of a
user on the system. Pardon my terminology as my experience lies mostly with
NT. Anyway, inside etc is passwd, which I suppose I need to get to wrap this
out, however everytime I try and retrieve it I get the error

ftp> get /etc/passwd
200 PORT command successful.
550 /etc/passwd is marked unretrievable

Another one of the folders reports access denied but this one definitely
does not.

Anybody have an idea on what I am doing wrong or how to get access to it.

(If anyone knows this better than I, speak up)

I doubt that the FTP server really is giving you the root directory.
It probably is chroot()ing (or something similar).

I imagine that, when writing a FTP server, I would just keep anonymous users
from downloading even the fake /etc/passwd, which it may.  Not knowing Solaris
(Slack-type myself...), it's a guess.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]