Penetration Testing mailing list archives
Pen-Testing help (Compaq Insight & htsearch)
From: "Tim Russo" <trusso () wireguided com>
Date: Mon, 10 Dec 2001 11:44:23 -0500
I am pen-testing a customer's network and stumbled upon their Compaq Digital-Unix web server. This web server happens to be in front of their firewall too. I have detected 2 immediate security issues: 1) They are running Compaq Insight Manager. 2) Their web server has the htsearch cgi-bin script. Questions: 1) I know Insight Manager has buffer overflows and can be used as a proxy. Do exploits for the buffer overflows exist? Also, I am not sure if I am configuring the proxy client correctly. Anyone have luck with this? 2)When I try to exploit the htsearch script I get the following error: "Unable to read word database file '/xxx/xxx/htdig/db/db.words.db' Did you run htmerge?" [xxx are for obscurity] :) Any help with either one of these and/or general Digital-Unix pen-test info would be very helpful. Thank you. -Tim __________________________________ Tim Russo Email: trusso () wireguided com Tel: 617.504.3008 Fax: 781.849.0127 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Pen-Testing help (Compaq Insight & htsearch) Tim Russo (Dec 10)
- Re: Pen-Testing help (Compaq Insight & htsearch) Philipp Stucke (Dec 11)
- Re: Pen-Testing help (Compaq Insight & htsearch) warchild (Dec 11)
- <Possible follow-ups>
- RE: Pen-Testing help (Compaq Insight & htsearch) Zwan-van-der.Erwin (Dec 11)
- Re: Pen-Testing help (Compaq Insight & htsearch) rudi carell (Dec 11)