Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] ftp etc/passwd
From: John Weekley <weekleyj () FOOBARLABS ORG>
Date: Tue, 28 Nov 2000 21:54:20 -0600

"Edwards, David (JTD)" wrote:


-----Original Message-----
From: Seth Georgion [mailto:sgeorgion () ECLOSER COM]
Subject: [PEN-TEST] ftp etc/passwd

I'm doing a pen-test on a Solaris/NT network and I found a
Solaris server
with anonymous ftp on and with what appears to be the root
directory of a
user on the system.

Anon ftp normally runs chroot so you are probably only seeing
bogus system files. Check the size of passwd, it should only
be around 20 bytes or so, just a line for the anon ftp user.
The group file should only contain the ftp group as well.


Quite possibly, it may be larger, containing bogus entries for root and
other users. If so it will
be larger, I'd think twice before believing I hit paydirt.

John Weekley

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]