Security Basics mailing list archives
shell to root through ftp?
From: fIrestOrm <dskw_86 () yahoo com>
Date: Thu, 4 Nov 2004 01:47:55 -0800 (PST)
Hi, I have a question that has been bugging me for days. I plan to run an ftp server on my home pc runing redhat to serve some users. For those users, they will have their home directory configured as their default directory when they log on to ftp. My questions are: -What are the possible implications if they are allowed to traverse and enter every directory including / (root) but excluding /root (due to permissions set)? Are they able to get a shell prompt through ftp only? -apache 1.3 is also running on the same box, hence, the users are granted access to www-root. One possible scenario I can think of is by uploading netcat and running it using HTTP. Can it be done through apache? If so, how? -Are there any avenues for privilege escalation to rootuser here? -Are there any other scenarios which utilizes ftp as an attack vector to get a shell prompt ? (please exclude rootkits, chmod to protect /bin, www-root etc). thanks __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
Current thread:
- shell to root through ftp? fIrestOrm (Nov 04)
- Re: shell to root through ftp? bcl (Nov 05)
- Re: shell to root through ftp? Chris Umphress (Nov 05)
- Re: shell to root through ftp? xyberpix (Nov 05)