|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: linux pen-test
From: Javier Fernandez-Sanguino (jfernandez
germinus.com)
Date: Mon Aug 08 2005 - 06:29:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bruno Kovacs wrote:
> Hi,
>
> Im pen-testing a linux system and I could port-scan the following open tcp
> ports:
(...)
> Any suggestions ? I need at least a shell.
> I´ve looked Metasploit exploits but the are no one appropriate.
Based on the server's footprint you are looking at a server that does
both mail (SMTP, POP3 and IMAP), DNS, web (80, 443) and probably news
(119 port) and IRC. Too much stuff in a single server if you ask me.
You should take a look, as suggested in this thread to the banners of
the different servers and put 2 and 2 together (nmap -sV will return
you those but you can just telnet to the open port directly and see
for yourself).
If the HTTP server is Apache 2.0.40 the server is either is running an
old Linux distribution (check out Distrowatch, newer distributions
ship newer httpd package versions, SuSE 8.1 and RH9, which were
released a long time ago, shipped with httpd 2.0.4) or it has been
locally compiled.
Based on the server banners of, at least, SMTP, POP3, IMAP, DNS and
HTTPs you could probably pinpoint the distribution version in use if
all those are installed from the packages provided by it (and not
compiled from scratch). Based on that you can determine possibly
unpatched services that might be remotely exploitable and give you a
local shell. If the server is running an out of date OpenSSL version
and is exposed to the Internet it might have been already rooted (and
that would explain the IRC server there).
Regards
Javier
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]