Penetration Testing mailing list archives

Re: [PEN-TEST] Linux

From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Tue, 7 Nov 2000 18:06:33 -0600

Stock Red Hat 6.2 with no patches?

I've had some luck with the following:

The Dump and Restore vulnerabilities (local):
http://packetstorm.securify.com/0011-exploits/dump.sh

The SUIDPERL / Mailx mess (local):
http://packetstorm.securify.com/0008-exploits/suidperlhack.pl

The rpc.statd REMOTE ROOT:
(url not available, I have the source though.)  I think it
was called "statdx2.c" and it was on www.hack.co.za, which is
down right now.  Maybe find an up-to-date mirror, if exists?

these are all lame script-kiddie exploits that
are still actively being used.  Anyone who keeps up on
their patches will have fixed all of these.

--Noah dunker



-----Original Message-----
From: Adassovsky Michel [mailto:manahune () YAHOO COM]
Sent: Tuesday, November 07, 2000 1:42 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Linux


Hello,

I am doing a penetration test for a customer of us.
I have obtained user acces on a RedHat 6.2 box.
Can someone tell me how can I now gain root access, or
if you know any links giving exploits to gain root
acces...

Thank you


Michel - FRANCE

__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.
http://shopping.yahoo.com/

Current thread:

[PEN-TEST] Linux Adassovsky Michel (Nov 08)
- Re: [PEN-TEST] Linux Michel Kaempf (Nov 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Linux Dunker, Noah (Nov 08)
  - Re: [PEN-TEST] Linux Riley Hassell (Nov 08)
- Re: [PEN-TEST] Linux Ben Ford (Nov 08)
- Re: [PEN-TEST] Linux Miller, William T DISC4/Sytex (Nov 09)
  - Re: [PEN-TEST] Linux Michel Kaempf (Nov 09)
- Re: [PEN-TEST] Linux Adassovsky Michel (Nov 10)
  - Re: [PEN-TEST] Linux El Nahual (Nov 11)
  - Re: [PEN-TEST] Linux j a s o n (Nov 14)