Penetration Testing mailing list archives
Re: [PEN-TEST] ftp etc/passwd
From: Bill Weiss <bill_weiss () att net>
Date: Tue, 28 Nov 2000 20:55:19 -0700
Seth Georgion(sgeorgion () ECLOSER COM)@Tue, Nov 28, 2000 at 02:50:13PM -0800:
I'm doing a pen-test on a Solaris/NT network and I found a Solaris server with anonymous ftp on and with what appears to be the root directory of a user on the system. Pardon my terminology as my experience lies mostly with NT. Anyway, inside etc is passwd, which I suppose I need to get to wrap this out, however everytime I try and retrieve it I get the error ftp> get /etc/passwd 200 PORT command successful. 550 /etc/passwd is marked unretrievable Another one of the folders reports access denied but this one definitely does not. Anybody have an idea on what I am doing wrong or how to get access to it.
(If anyone knows this better than I, speak up) I doubt that the FTP server really is giving you the root directory. It probably is chroot()ing (or something similar). I imagine that, when writing a FTP server, I would just keep anonymous users from downloading even the fake /etc/passwd, which it may. Not knowing Solaris (Slack-type myself...), it's a guess.
Current thread:
- [PEN-TEST] Attacking Cisco using SNMP Fabio Pietrosanti (naif) (Nov 29)
- [PEN-TEST] ftp etc/passwd Seth Georgion (Nov 29)
- Re: [PEN-TEST] ftp etc/passwd cdowns (Nov 29)
- Re: [PEN-TEST] ftp etc/passwd Bill Weiss (Nov 29)
- Re: [PEN-TEST] ftp etc/passwd Alan Olsen (Nov 29)
- Re: [PEN-TEST] Attacking Cisco using SNMP David Taylor (Nov 29)
- Message not available
- Re: [PEN-TEST] Attacking Cisco using SNMP Teicher, Mark (Nov 29)
- [PEN-TEST] ftp etc/passwd Seth Georgion (Nov 29)
- <Possible follow-ups>
- Re: [PEN-TEST] Attacking Cisco using SNMP Todd Garrison (Nov 30)