Penetration Testing mailing list archives
Re: linux pen-test
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Mon, 08 Aug 2005 13:29:35 +0200
Bruno Kovacs wrote:
Hi, Im pen-testing a linux system and I could port-scan the following open tcp ports:
(...)
Any suggestions ? I need at least a shell. I´ve looked Metasploit exploits but the are no one appropriate.
Based on the server's footprint you are looking at a server that does both mail (SMTP, POP3 and IMAP), DNS, web (80, 443) and probably news (119 port) and IRC. Too much stuff in a single server if you ask me. You should take a look, as suggested in this thread to the banners of the different servers and put 2 and 2 together (nmap -sV will return you those but you can just telnet to the open port directly and see for yourself).
If the HTTP server is Apache 2.0.40 the server is either is running an old Linux distribution (check out Distrowatch, newer distributions ship newer httpd package versions, SuSE 8.1 and RH9, which were released a long time ago, shipped with httpd 2.0.4) or it has been locally compiled.
Based on the server banners of, at least, SMTP, POP3, IMAP, DNS and HTTPs you could probably pinpoint the distribution version in use if all those are installed from the packages provided by it (and not compiled from scratch). Based on that you can determine possibly unpatched services that might be remotely exploitable and give you a local shell. If the server is running an out of date OpenSSL version and is exposed to the Internet it might have been already rooted (and that would explain the IRC server there).
Regards Javier ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- linux pen-test Bruno Kovacs (Aug 04)
- RE: linux pen-test Leandro Reox (Aug 05)
- Re: linux pen-test frank boldewin (Aug 05)
- Re: linux pen-test Adli Abdul Wahid (Aug 05)
- Re: linux pen-test okrehel (Aug 05)
- Re: linux pen-test Chris Benedict (Aug 10)
- Re: linux pen-test Javier Fernandez-Sanguino (Aug 08)
- <Possible follow-ups>
- Re: linux pen-test securityfocus (Aug 05)
- Re: linux pen-test s0u1d13r s0u1d13r (Aug 06)