Penetration Testing mailing list archives
[PEN-TEST] Cobalt Raq II - Unprotected Admin Pages
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Sun, 25 Mar 2001 17:16:01 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On the topic of RAQ's, I thought I would throw this one out. On older RAQ installs (maybe new ones too, havent checked), you can access a couple items in the administration interface without logging in: Current system load: /cgi-bin/.cobalt/cpuUsage/loadavg.cgi Legato Backup Server: /cgi-bin/.cobalt/networker/networker.cgi Telnet Usage: /cgi-bin/.cobalt/telnetUsage/telnetUsage.cgi The fun one here is the Legato Backup Server, you can go download the evaluation version of Legato for Linux, change the server to your IP address, and have the system backup its data to your machine ;) - -HD http://www.diigtaloffense.net/ On Sunday 25 March 2001 04:46 pm, Gossi The Dog wrote:
If not, perhaps folks could post any that they have come across to this list so a collection can be compiled.Well, a nice one to look out for on Cobalt RaQ's (which run a modified version of Redhat 6) is port 81 - the web administrator port, which runs Apache. Oh, and apache is running as root so the CGI scripts run properly. This is, of course, extremely dumb, and has been covered indepth on bugtraq.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBOr58MjwRvqMPEDLhEQJjLgCeK6zCZck52SJyYUAZJTsvirUvkIIAnRjz 6T2wg4ddAHvlaMh36vG9lmbi =NCiM -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Finding Web Admin Pages Julian Niemeyer (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Fyodor (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding Web Admin Pages Yonatan Bokovza (Mar 25)