Penetration Testing mailing list archives
Re: [PEN-TEST] ftp etc/passwd
From: cdowns <cdowns () SKILLSOFT COM>
Date: Tue, 28 Nov 2000 22:41:06 -0500
Seth Georgion wrote:
I'm doing a pen-test on a Solaris/NT network and I found a Solaris server with anonymous ftp on and with what appears to be the root directory of a user on the system. Pardon my terminology as my experience lies mostly with NT. Anyway, inside etc is passwd, which I suppose I need to get to wrap this out, however everytime I try and retrieve it I get the error ftp> get /etc/passwd 200 PORT command successful. 550 /etc/passwd is marked unretrievable Another one of the folders reports access denied but this one definitely does not. Anybody have an idea on what I am doing wrong or how to get access to it. Thanks Seth Georgion E-Closer
This most likely means you are not the owner of the file and the owner is root. so trying to get this file may be almost impossible. have you tried a plain old buffer overflow? reason i say this is because if you have an account you also might be in luck of a known BO for the ftpd version and you should be able to gain root access to that machine. if you have world read/writable acces such as user nobody or guest you may be able to get a trojan of some sort onto the remote machine and tool the server. just ideas for ya. chris
Current thread:
- [PEN-TEST] Attacking Cisco using SNMP Fabio Pietrosanti (naif) (Nov 29)
- [PEN-TEST] ftp etc/passwd Seth Georgion (Nov 29)
- Re: [PEN-TEST] ftp etc/passwd cdowns (Nov 29)
- Re: [PEN-TEST] ftp etc/passwd Bill Weiss (Nov 29)
- Re: [PEN-TEST] ftp etc/passwd Alan Olsen (Nov 29)
- Re: [PEN-TEST] Attacking Cisco using SNMP David Taylor (Nov 29)
- Message not available
- Re: [PEN-TEST] Attacking Cisco using SNMP Teicher, Mark (Nov 29)
- [PEN-TEST] ftp etc/passwd Seth Georgion (Nov 29)
- <Possible follow-ups>
- Re: [PEN-TEST] Attacking Cisco using SNMP Todd Garrison (Nov 30)