Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: webstar servers and macintosh

From: Wayne Dunne <wayne () elive net>
Date: Wed, 05 Sep 2001 22:21:28 +0100
1. Check to see if the log files are protected by a realm. the default is
http://yourserver/webstar.log or http://yourserver/logs/webstar.log

2. There is a buffer overflow in a version of webstar, i think its 3.x, its in
the vuln db @ secfocus but their seach is down. You could use that as a DoS.

3. download the remote admin tools for Web* and Eims and try
the usual passwords etc...

other than that there isnt much you can do to a mac...no shell.
scan for remote admin tools like timbuktoo. see if guest can send notes or
knock for a reply.

the is a buffer overflow in timbuktoo Ver 4.8 (i think)
telnet to port 407 and pipe a large text file to it will crash the machine.

if i think of more i'll add it

wayne

"Shea, Tim" wrote:


Hello,

 We are doing a pen-test for a small firm running WebSTAR 3.0.1 and Eudora
Internet Mail Server 3.0 ... Does anyone have any suggestions for these
services or general tips for pen-testing macintosh networks?

Thanks.
T

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: