Penetration Testing mailing list archives
Re: Pen-Testing help (Compaq Insight & htsearch)
From: warchild <warchild () spoofed org>
Date: Mon, 10 Dec 2001 22:47:56 -0500 (EST)
"Unable to read word database file '/xxx/xxx/htdig/db/db.words.db' Did you run htmerge?" [xxx are for obscurity] :) Any help with either one of these and/or general Digital-Unix pen-test info would be very helpful.
If you have write access of some part to the machine in question (local user, anonymous ftp), then you can craft your own config file and pass it to htsearch using "-c <path-to-config-file>". Its not much, but it will get you read access to files should permissions allow it. For example, I wrote a config file like the following: nothing_found_file: /etc/passwd database_dir: <path-to-anonymous-ftp>/incoming and uploaded it to <path-to-anonymous-ftp>/incoming, then made blank db files as htsearch will complain if they aren't found. What it gets you is the contents of /etc/passwd after passing this dummy config to htsearch. Its not much, but it is a start. -warchild ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Pen-Testing help (Compaq Insight & htsearch) Tim Russo (Dec 10)
- Re: Pen-Testing help (Compaq Insight & htsearch) Philipp Stucke (Dec 11)
- Re: Pen-Testing help (Compaq Insight & htsearch) warchild (Dec 11)
- <Possible follow-ups>
- RE: Pen-Testing help (Compaq Insight & htsearch) Zwan-van-der.Erwin (Dec 11)
- Re: Pen-Testing help (Compaq Insight & htsearch) rudi carell (Dec 11)