On Thu, 5 Jun 1997, Stan Wnuck wrote:
> OK! Let's say that they did get my passwd file.....
> How much damage can they do if I have a firewall in place that my web server
> sits behind? The only services available from this host to the Internet is
Well, given the fact that they can execute any command on the web server,
how much damage can someone with an account on the web server do? Can
that machine initiate connections to other hosts other than to SMTP
ports or for DNS resolution? If so, makes a great place to launch
attacks from. Are there other machines behind that firewall? Suddenly
there is a way to attack those machines.....
> http, dns, and smtp. So services like ftp and telnet would be denied if they
> tried. Is there something I am missing?
Don't need telnet, just install a web form that takes commands in, and
echos the output. Use PUT to upload files, and bingo, you don't need
telnet, FTP, or anything else. Or keep using the current CGI hole to
execute commands. The only thing missing is adding a crontab entry to
scrub the log files, and that's fairly trivial.
Are all the id/passwords on that machine unique to that machine?
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
References:
-
psswd HACK
From: Stan Wnuck <swnuck @
unixpros .
com>
|
|
