Penetration Testing mailing list archives
[PEN-TEST] Debug command on Sendmail
From: "DonSata (ZekSata)" <zeksata () UNICRAFT COM>
Date: Tue, 12 Sep 2000 23:32:57 -0400
Hi there, Im not a security expert and probably very far from getting there... anyhow Im making a really big effort to get to it. =) I've been an active reader of all comments in all the security realted mailing lists and have been trying to exercise all kinds of exploits and penetration tests in my own home-built lab. I guess its the best way to learn how to protect myself from them. ok.. enough of that... Im hoping someone could help with the following. I have bumped several times into the DEBUG COMMAND exploit for Sendmail. I get this using nessus scanner. Like with all other vulnerabilities, I try to find the way to make it work, without using any kind of scripts. (Remember... my goal here is to learn... not actually the succesfull penetration of a system.) The only information I get about this vulnerability is the one at www.nessus.org home page and the one in here: www.cert.org//advisories/CA-93.14.Internet.Security.Scanner.html Can anybody point me to a script which I can study with to learn how this exploit actually works? or a paper that describes something usefull about it? I only seem to find people that say.. "update the version of sendmail" and things like that... my question is "WHY?". Regards, ZekSata
Current thread:
- [PEN-TEST] Have SQL admin account and password... now what? Loschiavo, Dave (Sep 12)
- Re: [PEN-TEST] Have SQL admin account and password... now what? Andrew Cogger (Sep 12)
- Re: [PEN-TEST] Have SQL admin account and password... now what? Vitaly McLain (Sep 12)
- [PEN-TEST] Debug command on Sendmail DonSata (ZekSata) (Sep 13)
- Re: [PEN-TEST] Debug command on Sendmail Max Vision (Sep 13)