help me,thanks.
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: help me,thanks.

  1. #1
    Junior Member
    Join Date
    Feb 2002
    Posts
    12

    Question help me,thanks.

    I would give a talk about the system security to my workmates,
    and i would show an expoit attack for Unix.
    Now i have the system of SunOS 5.6,
    i would want to know what security hole for this system,
    and i would go where to find the expoit code.
    You should tell these to me if you are good at it PLS,
    and i would say TKS to you.

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    What services are you running on this box? Systems are usually hacked through a service so you'll have to tell us more about it. I'm not really sure of the educational value of showing your *cough* workmates *cough* a unix hacking exploit. Why not start with the basics, like having a good security policy or not sticky-taping your root password to the monitor?

    Remember: The weakest point in any security system is always the user.
    OpenBSD - The proactively secure operating system.

  3. #3
    Junior Member
    Join Date
    Feb 2002
    Posts
    12
    Thank u,smirc.
    In fact ,i had give more knowledge about security to my workmates.
    Because the operation of us is do something for telecom,
    so the security is be called strongly.
    The SunOS 5.6 is just used for test inside company.
    And the services on it is so little.
    Now i would give u the ports it had open:


    Port 21 is opened: FTP (Control)
    [Banner]
    220 SunSolaris FTP server ready.
    [End of banner]
    Port 25 is opened: SMTP, Simple Mail Transfer Protocol
    [Banner]
    220 SunSolaris. Sendmail SMI-8.6/SMI-SVR4 ready at Tue, 2 Apr 2002 11:42:56 +0800
    [End of banner]
    Port 23 is opened: Telnet
    [Banner]
    ?????
    [End of banner]
    Port 15 is opened: Unassigned
    [Banner]
    TCP Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- localhost.32817 localhost.32815 32768 0 32768 0 ESTABLISHED localhost.32815 localhost.32817 32768 0 32768 0 ESTABLISHED localhost.32820 localhost.32819 32768 0 32768 0 ESTABLISHED localhost.32819 localhost.32820 32768 0 32768 0 ESTABLISHED localhost.32823 localhost.32815 32768 0 32768 0 ESTABLISHED localhost.32815 localhost.32823 32768 0 32768 0 ESTABLISHED localhost.32826 localhost.32825 32768 0 32768 0 ESTABLISHED localhost.32825 localhost.32826 32768 0 32768 0 ESTABLISHED localhost.32835 localhost.32815 32768 0 32768 0 ESTABLISHED localhost.32815 localhost.32835 32768 0 32768 0 ESTABLISHED localhost.32838 localhost.32837 32768 0 32768 0
    [End of banner]
    Port 111 is opened: SUN RPC
    [Banner]
    [None]
    [End of banner


    Do u know these?And would u like to tell me the answer?TKS.

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    Why is your port 15 open? That's netstat, that's definitely a bad thing. Close it! Now! A hacker could get all the information on your network that they needed to lauch a full on attack.

    Get rid of Telnet and install SSH. Telnet allows the transmission of cleartext passwords. Not a good thing.

    As for FTP and SMPT these are known to have exploits in them. Read the sendmail bugfix list if you want some examples.

    If it were my box, none of these ports would be open.
    OpenBSD - The proactively secure operating system.

  5. #5
    Junior Member
    Join Date
    Feb 2002
    Posts
    12
    Just as u know,the comman user and passwd in SunOS is easy to get.
    Now ,if i had a comman user and passwd and i can telnet the remote host(sunOS 5.6),
    I want to get the id for root.
    would u like to tell me what kind of exploit hole to be used to get it?
    and where would i go to find the exploit code?TKS.

  6. #6
    Banned
    Join Date
    Oct 2001
    Posts
    1,462
    Hehe, This is a classic case of Social Engeneering

  7. #7
    Banned
    Join Date
    Mar 2002
    Posts
    968
    Is this ever social engeneering!

    "Can you hold my hand while I cross the street?"

  8. #8
    Junior Member
    Join Date
    Feb 2002
    Posts
    12
    Sorry.but i am a real programmer.
    i am not interested in anything about hacking.
    the most important thing to me is to protect the security of my system.
    If u think me to cheat u, i am sorry and i would say it is not so.

  9. #9
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Actually, this may not be completely social engineering. I will not be that judgemental...yet. I don't know much about SunOS, cause I haven't used it, so I can't help, but that is beside the point.

    About 8 months ago, we got hit with both the lovebug virus and the sircam virus at my company within 2 weeks of each other. Well, obviously, some idiot was opening attachments, but the way our system was set up, I was unable to figure out who did it (yes, our system has been updated a little since then). Anyway, what I ended up doing was emailing a copy of sub7 to each user from an account that they would never be able to figure out was me. Well, 24 hours later, I searcher our network and found a few different versions of sub7 server running. Instead of just talking to these people, I had a little fun with them first. To make a long story short, we haven't had an infection since, and still don't have an AV in place except on a few select computers.

    All I am saying is that their is a possibity that he is telling the truth.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  10. #10
    Junior Member
    Join Date
    Feb 2002
    Posts
    12
    Now i had found the code to exploits in SunOS,
    it is called "rdistex.c".U can find it in "security downloads".
    It works fine,u can get root id by using it.
    TKS everyone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •