R: Pen-Testing help (Compaq Insight & htsearch)

["Scalise, Marzio" <marzioscalise () KPMG it>]

i've found a default user/passwd for C.I.M.:
administrator/administrator
operator/operator

moreover some version of C.I.M. are afflict by "dot dot bug"

eg. www.target.com:2301/../../boot.ini

regards.

Marzio


-----Messaggio originale-----
Da: Zwan-van-der.Erwin [mailto:Erwin.Zwan-van-der () siemens nl]
Inviato: martedì 11 dicembre 2001 11.25
A: 'Tim Russo'; pen-test () securityfocus com
Oggetto: RE: Pen-Testing help (Compaq Insight & htsearch)


On several projects I was able to connect to the Compaq server using a
standard web browser to port 2301 (http://ipadress:2301). The dual homed
server then just acts as a proxy. Note that it is not a full proxy compliant
systems of course. Therefore cookies, activex controls, pictures and stuff
might not be passed to your client. It is great to establish a hidden
outbound connection to the Internet though.

Erwin

-----Original Message-----
From: Tim Russo [mailto:trusso () wireguided com]
Sent: maandag 10 december 2001 17:44
To: pen-test () securityfocus com
Subject: Pen-Testing help (Compaq Insight & htsearch)


I am pen-testing a customer's network and stumbled upon their Compaq
Digital-Unix web server. This web server happens to be in front of their
firewall too. I have detected 2 immediate security issues:

1) They are running Compaq Insight Manager.
2) Their web server has the htsearch cgi-bin script.

Questions:

1) I know Insight Manager has buffer overflows and can be used as a proxy.
Do exploits for the buffer overflows exist? Also, I am not sure if I am
configuring the proxy client correctly. Anyone have luck with this?

2)When I try to exploit the htsearch script I get the following error:

"Unable to read word database file '/xxx/xxx/htdig/db/db.words.db' Did you
run htmerge?" [xxx are for obscurity] :)

Any help with either one of these and/or general Digital-Unix pen-test info
would be very helpful.

Thank you.

-Tim
__________________________________
Tim Russo
Email:  trusso () wireguided com
Tel:          617.504.3008
Fax:          781.849.0127


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


**************************************************************************
The information in this email is confidential and may be legally
privileged.
It is intended solely for the addressee. Access to this email by
anyone else is unauthorized. 

If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. When addressed to 
our clients any opinions or advice contained in this email are 
subject to the terms and conditions expressed in the governing
KPMG client engagement letter.         
**************************************************************************

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/