Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Penetration of HP/UX

From: Paul Melson <pmelson () gmail com>
Date: Sun, 12 Jun 2011 20:01:55 -0400
On Jun 8, 2011, at 3:30 AM, Philipp Lachberger <ph_lachi () yahoo de> wrote:

There are two services listening - Sendmail and ProFTPD, both not obviously wrong configured.
Exploits don't work for HP/UX as they do for "normal" Linuxes/Unixes. This is because HP/UX (as far as I know) mainly 
works on SPARC CPU's, thus having Big Endian instructions which is different from standard x86 - or am I wrong?


HP-UX runs on either PA-RISC or Itanium CPUs, not SPARC.  And it's more an just the issue of endianness, the registers 
are different, etc.  But your general statement that x86 shellcode won't work on this system is correct.  

That said, you (or someone that knows IA64 ASM anyway) can write shellcode that will work in exploiting vulnerabilities 
on this box.  GIYF.

Otherwise, it's time for you to fire up hydra and guess some passwords. Or social.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: