Penetration Testing mailing list archives

Re: linux pen-test

From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Mon, 08 Aug 2005 13:29:35 +0200

Bruno Kovacs wrote:

Hi,

Im pen-testing a linux system and I could port-scan the following open tcp
ports:


(...)

Any suggestions ?  I need at least a shell.
I´ve looked Metasploit exploits but the are no one appropriate.

Based on the server's footprint you are looking at a server that doesboth mail (SMTP, POP3 and IMAP), DNS, web (80, 443) and probably news(119 port) and IRC. Too much stuff in a single server if you ask me.You should take a look, as suggested in this thread to the banners ofthe different servers and put 2 and 2 together (nmap -sV will returnyou those but you can just telnet to the open port directly and seefor yourself).

If the HTTP server is Apache 2.0.40 the server is either is running anold Linux distribution (check out Distrowatch, newer distributionsship newer httpd package versions, SuSE 8.1 and RH9, which werereleased a long time ago, shipped with httpd 2.0.4) or it has beenlocally compiled.

Based on the server banners of, at least, SMTP, POP3, IMAP, DNS andHTTPs you could probably pinpoint the distribution version in use ifall those are installed from the packages provided by it (and notcompiled from scratch). Based on that you can determine possiblyunpatched services that might be remotely exploitable and give you alocal shell. If the server is running an out of date OpenSSL versionand is exposed to the Internet it might have been already rooted (andthat would explain the IRC server there).


Regards

Javier

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Current thread:

linux pen-test Bruno Kovacs (Aug 04)
- RE: linux pen-test Leandro Reox (Aug 05)
- Re: linux pen-test frank boldewin (Aug 05)
- Re: linux pen-test Adli Abdul Wahid (Aug 05)
- Re: linux pen-test okrehel (Aug 05)
  - Re: linux pen-test Chris Benedict (Aug 10)
- Re: linux pen-test Javier Fernandez-Sanguino (Aug 08)
- <Possible follow-ups>
- Re: linux pen-test securityfocus (Aug 05)
  - Re: linux pen-test s0u1d13r s0u1d13r (Aug 06)