Firewall Wizards mailing list archives
RE: Web Stuff
From: "Kertesz, Imre" <ikertesz () ASEC-MD2 COM>
Date: Tue, 10 Aug 1999 08:29:30 -0400
There are different perspectives to this problem. In response to the obvious perspective, you need to be a little more convincing that your 'friend' is legitimately running a server. Otherwise, you will not find answers here. Perhaps the $kript_K16613$ mailing list would bear fruit for you. However, I won't send you away empty-handed. My method for remotely gaining access to a SunOS 5.6 machine hosting a web server is to Secure Shell in via my legitimate user account. Because I have the box configured to ignore initial root logins, only users can initially log in. I enter my pass phrase (some Arabic poetry), log in, and su to root, entering root's pass phrase (this time a Hungarian colloquialism). I go to the httpd directory tree and replace a file. About a minute later, my pager goes off - it reads '666': that means my cron agent ran a mini Tripwire integrity script and found that not all was well is Webville. Through the modem, the pony express shuttles off a letter containing '666' to my pager number. Ooops, forgot to turn that of before I started changing files. Temporarily disabling the process (because it will automatically kick back on in 10 minutes unless I renew my request to keep it off), I continue changing 'stuff'. All the while, my auditing agent is making two copies of the transaction: one in the standard log repository and one in a secondary directory that a remote black box secure-copies over every minute at random intervals. Finally, all my changes made, I log out. Good luck - let us know it works out -IK
-----Original Message----- From: CRZYJSTR () aol com [SMTP:CRZYJSTR () aol com] Sent: Sunday, August 08, 1999 2:00 AM To: firewall-wizards () nfr net Subject: Web Stuff Hey I was wondering what vulnerabilities there would be on a web server running on SunOS 5.6. My friend is running a server, and he was just curious how a hacker just might need to do to hack the webpage... can you please explain how one actually gains access and changes stuff so he can learn different methods to stop them?
Current thread:
- Web Stuff CRZYJSTR (Aug 09)
- Re: Web Stuff Perry E. Metzger (Aug 10)
- Re: Web Stuff Matt Curtin (Aug 10)
- Re: Web Stuff S. Jonah Pressman (Aug 10)
- Re: Web Stuff George Jones (Aug 10)
- Re: Web Stuff Siglite (Aug 10)
- <Possible follow-ups>
- Re: Web Stuff Jason White (Aug 10)
- RE: Web Stuff Kertesz, Imre (Aug 10)
- RE: Web Stuff Olsen, Jason (Aug 11)