Penetration Testing mailing list archives
Re: Penetration of HP/UX
From: AK <platsakos () gmail com>
Date: Mon, 13 Jun 2011 00:21:33 +0300
Shellcoder's handbook 1st edition covers HP/UX exploitation if I am not mistaken. IIRC correctly (although I have not encountered an HP/UX since the ancient 10.20 days) HP/UX does not run on SPARC On 06/08/2011 10:30 AM, Philipp Lachberger wrote:
Hello fellow pen-testers, I've recently encountered a HP/UX Box in a penetration test. Now I've been searching for materials on HP/UX as it is (over here) not a common system to encounter. All I've found on public search engines were links to exploits from < 2001. Have I just not searched thoroughly enough or are there hardly any papers? I would greatly appreciate it if you could give me directions to look at. Now what kind of makes me wonder: How do you usually approach a system you haven't encountered before? I have been doing a "usual suspect"-analysis in mapping the OS with your-favourite-port-scanner-here and your-favourite-vulnerability-scanner-here - but beyond that? There are two services listening - Sendmail and ProFTPD, both not obviously wrong configured. Exploits don't work for HP/UX as they do for "normal" Linuxes/Unixes. This is because HP/UX (as far as I know) mainly works on SPARC CPU's, thus having Big Endian instructions which is different from standard x86 - or am I wrong? Thank you all for your time! Best Regards, -Philipp ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- What is the air-speed velocity of an unladen swallow? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Penetration of HP/UX Philipp Lachberger (Jun 12)
- Re: Penetration of HP/UX AK (Jun 14)
- Re: Penetration of HP/UX Nur Agus (Jun 14)
- Re: Penetration of HP/UX Abuse 007 (Jun 18)
- Re: Penetration of HP/UX michael getachew (Jun 19)
- Re: Penetration of HP/UX Roland Kessler (Jun 19)
- Re: Penetration of HP/UX michael getachew (Jun 19)
- Re: Penetration of HP/UX Paul Melson (Jun 19)
- Re: Penetration of HP/UX AK (Jun 19)
- Re: Penetration of HP/UX Paul Melson (Jun 19)
- Re: Penetration of HP/UX Abuse 007 (Jun 18)
- Re: Penetration of HP/UX Jan Muenther (Jun 23)