|
-
April 2nd, 2002, 04:25 AM
#1
Junior Member
 help me,thanks.
I would give a talk about the system security to my workmates,
and i would show an expoit attack for Unix.
Now i have the system of SunOS 5.6,
i would want to know what security hole for this system,
and i would go where to find the expoit code.
You should tell these to me if you are good at it PLS,
and i would say TKS to you.
-
April 2nd, 2002, 04:42 AM
#2
What services are you running on this box? Systems are usually hacked through a service so you'll have to tell us more about it. I'm not really sure of the educational value of showing your *cough* workmates *cough* a unix hacking exploit. Why not start with the basics, like having a good security policy or not sticky-taping your root password to the monitor?
Remember: The weakest point in any security system is always the user.
OpenBSD - The proactively secure operating system.
-
April 2nd, 2002, 04:58 AM
#3
Junior Member
Thank u,smirc.
In fact ,i had give more knowledge about security to my workmates.
Because the operation of us is do something for telecom,
so the security is be called strongly.
The SunOS 5.6 is just used for test inside company.
And the services on it is so little.
Now i would give u the ports it had open:
Port 21 is opened: FTP (Control)
[Banner]
220 SunSolaris FTP server ready.
[End of banner]
Port 25 is opened: SMTP, Simple Mail Transfer Protocol
[Banner]
220 SunSolaris. Sendmail SMI-8.6/SMI-SVR4 ready at Tue, 2 Apr 2002 11:42:56 +0800
[End of banner]
Port 23 is opened: Telnet
[Banner]
ÿ?ÿ?ÿ?ÿ?ÿ?
[End of banner]
Port 15 is opened: Unassigned
[Banner]
TCP Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- localhost.32817 localhost.32815 32768 0 32768 0 ESTABLISHED localhost.32815 localhost.32817 32768 0 32768 0 ESTABLISHED localhost.32820 localhost.32819 32768 0 32768 0 ESTABLISHED localhost.32819 localhost.32820 32768 0 32768 0 ESTABLISHED localhost.32823 localhost.32815 32768 0 32768 0 ESTABLISHED localhost.32815 localhost.32823 32768 0 32768 0 ESTABLISHED localhost.32826 localhost.32825 32768 0 32768 0 ESTABLISHED localhost.32825 localhost.32826 32768 0 32768 0 ESTABLISHED localhost.32835 localhost.32815 32768 0 32768 0 ESTABLISHED localhost.32815 localhost.32835 32768 0 32768 0 ESTABLISHED localhost.32838 localhost.32837 32768 0 32768 0
[End of banner]
Port 111 is opened: SUN RPC
[Banner]
[None]
[End of banner
Do u know these?And would u like to tell me the answer?TKS.
-
April 2nd, 2002, 05:08 AM
#4
Why is your port 15 open? That's netstat, that's definitely a bad thing. Close it! Now! A hacker could get all the information on your network that they needed to lauch a full on attack.
Get rid of Telnet and install SSH. Telnet allows the transmission of cleartext passwords. Not a good thing.
As for FTP and SMPT these are known to have exploits in them. Read the sendmail bugfix list if you want some examples.
If it were my box, none of these ports would be open.
OpenBSD - The proactively secure operating system.
-
April 2nd, 2002, 05:18 AM
#5
Junior Member
Just as u know,the comman user and passwd in SunOS is easy to get.
Now ,if i had a comman user and passwd and i can telnet the remote host(sunOS 5.6),
I want to get the id for root.
would u like to tell me what kind of exploit hole to be used to get it?
and where would i go to find the exploit code?TKS.
-
April 2nd, 2002, 05:20 AM
#6
Hehe, This is a classic case of Social Engeneering 
-
April 2nd, 2002, 05:46 AM
#7
Is this ever social engeneering!
"Can you hold my hand while I cross the street?"
-
April 2nd, 2002, 05:52 AM
#8
Junior Member
Sorry.but i am a real programmer.
i am not interested in anything about hacking.
the most important thing to me is to protect the security of my system.
If u think me to cheat u, i am sorry and i would say it is not so.
-
April 2nd, 2002, 07:30 AM
#9
Actually, this may not be completely social engineering. I will not be that judgemental...yet. I don't know much about SunOS, cause I haven't used it, so I can't help, but that is beside the point.
About 8 months ago, we got hit with both the lovebug virus and the sircam virus at my company within 2 weeks of each other. Well, obviously, some idiot was opening attachments, but the way our system was set up, I was unable to figure out who did it (yes, our system has been updated a little since then). Anyway, what I ended up doing was emailing a copy of sub7 to each user from an account that they would never be able to figure out was me. Well, 24 hours later, I searcher our network and found a few different versions of sub7 server running. Instead of just talking to these people, I had a little fun with them first. To make a long story short, we haven't had an infection since, and still don't have an AV in place except on a few select computers.
All I am saying is that their is a possibity that he is telling the truth.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
April 2nd, 2002, 10:13 AM
#10
Junior Member
Now i had found the code to exploits in SunOS,
it is called "rdistex.c".U can find it in "security downloads".
It works fine,u can get root id by using it.
TKS everyone.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
