l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2001 Dec 30 16:59

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Cracking...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Cracking...



On Fri, 1 Dec 2000, Mark Kim wrote:
> On Fri, 1 Dec 2000, Peter Jay Salzman wrote:
> 
> > > The web server doesn't have any CGI programs on it.
> >  
> > ok, but you should at least try.  the advisory did say that this cgi comes
> > packaged, by default, with thttpd.   for all you know, bishop doesn't even
> > know it's on the system.
> 
> It's one of the first things I tried.  And Bishop explicitly told us that
> he knows about the ssi exploit when we complained that he wasn't putting
> up any CGI programs.

ahh, ok.  i didn't know this.

> > > I'm sure he won't fall for "will you leave the room for a
> > > minute" technique right after I tell him what I'm going to do :P
> >  
> > with a little imagination, i'll bet he would.  be creative!   get the
> > department secretary into the picture.  or one of his TA's.  the
> > possibilities are endless...
> 
> Well... I really wouldn't be learning anything technical...
 
true, but i'm not 100% you wouldn't be learning about computer security,
which is also valuable.

there are a number of remote vulnerabilities involving sendmail.  depending
on what distribution, you could get yourself a root or bin shell.  can you
determine which MTA is running on the machine?

does anyone actually log into this machine to be hacked?  maybe can you get a
laptop running a sniffer to sniff out passwords.

does the SMTP port allow vrfy and expn?

peter


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!