Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: linux pen-test
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Mon, 08 Aug 2005 13:29:35 +0200

Bruno Kovacs wrote:

Hi,

Im pen-testing a linux system and I could port-scan the following open tcp
ports:

(...)

Any suggestions ?  I need at least a shell.
I´ve looked Metasploit exploits but the are no one appropriate.

Based on the server's footprint you are looking at a server that does both mail (SMTP, POP3 and IMAP), DNS, web (80, 443) and probably news (119 port) and IRC. Too much stuff in a single server if you ask me. You should take a look, as suggested in this thread to the banners of the different servers and put 2 and 2 together (nmap -sV will return you those but you can just telnet to the open port directly and see for yourself).

If the HTTP server is Apache 2.0.40 the server is either is running an old Linux distribution (check out Distrowatch, newer distributions ship newer httpd package versions, SuSE 8.1 and RH9, which were released a long time ago, shipped with httpd 2.0.4) or it has been locally compiled.

Based on the server banners of, at least, SMTP, POP3, IMAP, DNS and HTTPs you could probably pinpoint the distribution version in use if all those are installed from the packages provided by it (and not compiled from scratch). Based on that you can determine possibly unpatched services that might be remotely exploitable and give you a local shell. If the server is running an out of date OpenSSL version and is exposed to the Internet it might have been already rooted (and that would explain the IRC server there).

Regards

Javier

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]