Firewall Wizards mailing list archives

RE: Web Stuff

From: "Kertesz, Imre" <ikertesz () ASEC-MD2 COM>
Date: Tue, 10 Aug 1999 08:29:30 -0400

There are different perspectives to this problem. In response to the
obvious perspective, you need to be a little more convincing that your
'friend' is legitimately running a server. Otherwise, you will not find
answers here. Perhaps the $kript_K16613$ mailing list would bear fruit
for you.

However, I won't send you away empty-handed. My method for remotely
gaining access to a SunOS 5.6 machine hosting a web server is to Secure
Shell in via my legitimate user account. Because I have the box
configured to ignore initial root logins, only users can initially log
in.  I enter my pass phrase (some Arabic poetry), log in, and su to
root, entering root's pass phrase (this time a Hungarian colloquialism).
I go to the httpd directory tree and replace a file. About a minute
later, my pager goes off - it reads '666': that means my cron agent ran
a mini Tripwire integrity script and found that not all was well is
Webville. Through the modem, the pony express shuttles off a letter
containing '666' to my pager number. Ooops, forgot to turn that of
before I started changing files.  Temporarily disabling the process
(because it will automatically kick back on in 10 minutes unless I renew
my request to keep it off), I continue changing 'stuff'. All the while,
my auditing agent is making two copies of the transaction: one in the
standard log repository and one in a secondary directory that a remote
black box secure-copies over every minute at random intervals. Finally,
all my changes made, I log out.

Good luck - let us know it works out

-IK

-----Original Message-----
From: CRZYJSTR () aol com [SMTP:CRZYJSTR () aol com]
Sent: Sunday, August 08, 1999 2:00 AM
To:   firewall-wizards () nfr net
Subject:      Web Stuff

Hey I was wondering what vulnerabilities there would be on a web
server 
running on SunOS 5.6. My friend is running a server, and he was just
curious 
how a hacker just might need to do to hack the webpage... can you
please 
explain how one actually gains access and changes stuff so he can
learn 
different methods to stop them?

Current thread:

Web Stuff CRZYJSTR (Aug 09)
- Re: Web Stuff Perry E. Metzger (Aug 10)
- Re: Web Stuff Matt Curtin (Aug 10)
- Re: Web Stuff S. Jonah Pressman (Aug 10)
- Re: Web Stuff George Jones (Aug 10)
- Re: Web Stuff Siglite (Aug 10)
- <Possible follow-ups>
- Re: Web Stuff Jason White (Aug 10)
- RE: Web Stuff Kertesz, Imre (Aug 10)
- RE: Web Stuff Olsen, Jason (Aug 11)