Security Basics mailing list archives
Re: shell to root through ftp?
From: Chris Umphress <umphress () gmail com>
Date: Thu, 4 Nov 2004 21:28:55 -0800
-What are the possible implications if they are allowed to traverse and enter every directory including / (root) but excluding /root (due to permissions set)? Are they able to get a shell prompt through ftp only?
The largest implication is that they could download files or upload files where they don't belong. I would not recommend letting users do this.
-apache 1.3 is also running on the same box, hence, the users are granted access to www-root. One possible scenario I can think of is by uploading netcat and running it using HTTP. Can it be done through apache? If so, how?
Do you have any server-side scripting languages installed/enabled? SSI, PHP, etc. could be used to run a program or possibly read/write files on your system.
-Are there any avenues for privilege escalation to rootuser here?
If your file permissions are very restrictive, it would minimize the risk. Also, you would want to remove root's ability to log in remotely at all. The HTTP server depends on whether you have server-side scripting installed in any way. If you do, you might as well give them shell access as the user your server runs as.
-Are there any other scenarios which utilizes ftp as an attack vector to get a shell prompt ? (please exclude rootkits, chmod to protect /bin, www-root etc).
I'll leave that question for someone else. --Chris -- Chris Umphress <http://daga.dyndns.org/>
Current thread:
- shell to root through ftp? fIrestOrm (Nov 04)
- Re: shell to root through ftp? bcl (Nov 05)
- Re: shell to root through ftp? Chris Umphress (Nov 05)
- Re: shell to root through ftp? xyberpix (Nov 05)