Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

RE: Pen testing a CVS server
From: "Lluis Mora" <llmora () sentryware com>
Date: Tue, 20 May 2003 21:03:23 +0200
Hi Alexandre, Bugsy:

The following applies to (at least) cvs 1.10. Have not tried it on
newer/older releases.

You can tell wether the CVS setup is using system passwords or a separate
CVS password file. If the response is:

    "no such user xxxx in CVSROOT/passwd"

then it is using a separate cvs password file. But if the "cvs login"
response is:

    "xxxx: no such user"

then it is using system passwords, e.g. /etc/passwd (or NIS, or LDAP or ...)

So, in your case Bugsy it seems the pentested server is using system
passwords and you could try a bruteforce attack for user accounts password.
You can restrict system passwords usage by setting the option "SystemAuth"
to "no" in your CVSROOT/config file.

Cheers,

Lluis
.

-----Mensaje original-----
De: Alexandre Carmel-Veilleux [mailto:saruman () northernhacking org]
Enviado el: domingo, 18 de mayo de 2003 21:20
Para: Bugsy
CC: pen-test () securityfocus com
Asunto: Re: Pen testing a CVS server


On Sun, May 18, 2003 at 07:17:09AM -0700, Bugsy wrote:


Checking passwords
cvs -d :pserver:root () host domain com:/wrong/cvs/root
login
Tells me if i got the root password right or not.


        Hmm, I've never been in any environement where CVS didn't have it's
own, separate, password and group files. So this should not yield an actual
user passwords. Assuming the password is different then the system one.

        I agree that the error messages should be terser in order to leak
less information, possibly with an n seconds timeout after an error.

Alex


---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]