Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Firewall identification and penetration
From: Ben Lull <blull () VALLEYLOCAL COM>
Date: Wed, 6 Sep 2000 15:45:23 -0700

Mike Ireton wrote:

On Fri, 25 Aug 2000, Ben Lull wrote:

    Seeing a system from a super user's standpoint may allow you to see things
which you won't see as a normal user, but it may also cause you to over look
other things which only a normal user would notice.  To use the sudo reference
above, a super user sees a poorly configured sudoers file.  A normal user sees
the account he has, allows sudo access.  Even if you were to create a very well
configured sudeors file, the normal user will not know this, thus spinning off
into subsets of tests to determine what can and can't be done with sudo.  The
sudoers file may be secured, but because the normal user does not know this, he
may inadvertently find another security hole which was over looked.

        Oh I agree with you %100. A tester with non-privilidged access is
going to pull every trick in the book to GET privilidged access, and so
will push non-privilidged access level to the hilt, pounding on anything
in their path. But I still belive it's advantagous to have privilidged
access for the reason of checking up on systems configurations that may
require impossible-to-identify-otherwise conditions to exploit. I think it
makes a lot of sense when you consider that most sysadmins (no flames to
anyone) don't really have much of a clue when it comes to secure systems
configuration and are prone to thinking of 'making it work at all' and
leaving it that way once it's going.

Just to note I belive that I stated in the e-mail you quoted (don't have it right
here to read), that I also agreed that having super-user access isn't bad.  I just
think that it should be given afterwards to do the actual securing of the system.
Also what you said about most system administrators... Everyone I've worked with
(people with 20 years under their belts w/ degrees up the wazoo) to the newbies who
picked up a book and learned how to fdisk and fsck never had a clue about security.
For example, a previous place I was employeed at had a almost genious
administrator... he could fix anything while tweaking performance levels to
unbelivable bounds.  The problem was, you could break root on the system about 17
different ways (litterally).  heh wouldn't it be nice to have a standards commitee
which must "dub" people as System Administrators (break out a 20 pound unix manual
and a tap on each shoulder)?  =)

- Ben

* Ben Lull
* Valley Local Internet, Inc.
* Systems Administrator

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]