Re: [vox-tech] Cracking...

[Peter Jay Salzman <p@belial.ucMAPSdavis.edu>]

On Fri, 1 Dec 2000, Mark Kim wrote:
> On Fri, 1 Dec 2000, Peter Jay Salzman wrote:
> 
> > > The web server doesn't have any CGI programs on it.
> >  
> > ok, but you should at least try.  the advisory did say that this cgi comes
> > packaged, by default, with thttpd.   for all you know, bishop doesn't even
> > know it's on the system.
> 
> It's one of the first things I tried.  And Bishop explicitly told us that
> he knows about the ssi exploit when we complained that he wasn't putting
> up any CGI programs.

ahh, ok.  i didn't know this.

> > > I'm sure he won't fall for "will you leave the room for a
> > > minute" technique right after I tell him what I'm going to do :P
> >  
> > with a little imagination, i'll bet he would.  be creative!   get the
> > department secretary into the picture.  or one of his TA's.  the
> > possibilities are endless...
> 
> Well... I really wouldn't be learning anything technical...
 
true, but i'm not 100% you wouldn't be learning about computer security,
which is also valuable.

there are a number of remote vulnerabilities involving sendmail.  depending
on what distribution, you could get yourself a root or bin shell.  can you
determine which MTA is running on the machine?

does anyone actually log into this machine to be hacked?  maybe can you get a
laptop running a sniffer to sniff out passwords.

does the SMTP port allow vrfy and expn?

peter