Re: [PEN-TEST] Linux

[El Nahual <nahual () S0D SAL ITESM MX>]

Actually there is a method ... you can bruteforce directories when ya have
no read permission to them or the parent, its a bug based on umask, the
code SHOULD be up on www.s0d.org today or tomorrow tops, its basic and
proof of concept (as usual) ....

With that maybe you can get some nice files and then able to gain further
access .....

I promise to get more tools in there but Am3ntiA our web main guy has ben
sick (hope you get better) so he hasn't been able to put some stuff I
already sent him there .. but I'll give him a call ....


El Nahual

On Thu, 9 Nov 2000, Adassovsky Michel wrote:

> First of all, thanks to HD for considering me as an
> amateur ...
> I did not mentionned it in my first mail because it
> seemd obvious to me that the Redhat I am talking about
> is not a stock RedHat.
>
> Let me be more precise :
>
> Redhat 6.2 with patches
> Minimal services installation.
> No unecessary packages installed
> No Xfree nor X manager installed
> No unecessary users
> Shadow-MD5 passwords
>
> I have a user level-access.
>
> What i'd liked to know is if there is acvanced
> techniques (even agressives techniques) to gain root
> access.
>
> Before to send those mails to the list, I've tried the
> exploits recensed on :
>
> Security Focus
> Seuriteam
> PacketStorm
> And others ....
>
> Bye
>
> Michel
>
> __________________________________________________
> Do You Yahoo!?
> Thousands of Stores.  Millions of Products.  All in one Place.
> http://shopping.yahoo.com/