 |
Menu |
 |
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
 |
User Info |
 |
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 319
Members: 0
Total: 319
|
|
|
|
|
 |
Full disclosure |
 |
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
etc/passwd - now what? |
 |
Posted: Wed Jun 20, 2007 12:10 pm |
|
|
blaxenet |
Active user |

 |
|
Joined: Jun 20, 2007 |
Posts: 26 |
|
|
|
 |
 |
 |
|
Hi Guys,
I have gotten myself onto a server that has /etc/passwd viewable, just wondering what my next step would be.
I've never quite understood this,
Fair enough you can upload a php shell such as C99 or R57.
You can have a fiddle around providing the permissions are set in your favour, go through config files and connect to the D/B's with the passwords.
But is there anything deeper?
Hence why I have asked what's next from /etc/passwd
Thanks everyone
BlaxeNet
(I am learning how this works!) |
|
|
|
|
 |
 |
|
 |
Posted: Wed Jun 20, 2007 4:13 pm |
|
|
waraxe |
Site admin |

 |
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
 |
 |
 |
|
If you have allready php scripting level and operating system shell level acces to server, then next try to find out operating system and kernel versions and then look for local root exploits. So next you upload that exploit's source code to server and will compile it, or upload allready precompiled exploit. Ultimate goal is to gain root access to server and install backdoor(s). And when you are root, then you can read "etc/shadow" file, so you have changes to crack root password - just for fun. Now, when you have "r00ted" that server, then you can install sniffer and spy network traffic on LAN. If the webserver is connected directly to corporative internal network, then you have possibilities to compromise lots of other computers, rip internal databases etc. But if webserver is located in DMZ, then this needs more work.
This was just one scenario. Rooting is considered as serious cybercrime, so I suggest to stay to low-privileges level  |
|
|
|
|
 |
 |
|
 |
Posted: Wed Jun 20, 2007 4:46 pm |
|
|
pexli |
Valuable expert |

 |
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
 |
 |
 |
|
waraxe wrote: | Rooting is considered as serious cybercrime, so I suggest to stay to low-privileges level Smile |
Good idea  |
|
|
|
|
 |
 |
|
 |
Posted: Fri Jun 22, 2007 8:23 am |
|
|
blaxenet |
Active user |

 |
|
Joined: Jun 20, 2007 |
Posts: 26 |
|
|
|
 |
 |
 |
|
Hi Waraxe,
The system (Server 1) I was looking at doesn't have etc/shadow but rather a file called etc/master.passwd so I am presuming this is what I am looking for.
Needless to say, another system (Server 2) I was 'on' last night has etc/shadow so i'll have the chance to 'play' around a bit.
Just a quick rundown for you all-
**Server 1**
Software: Apache/2.2.2 (FreeBSD) mod_ssl/2.2.2 OpenSSL/0.9.7e-p1 DAV/2 PHP/4.4.2
**Server 2**
Software: Apache/2.2.2 (Fedora). PHP/5.1.6
On both of these I have the user 'www' access.
I'm not lazy so i'll do some research later and see how I go with the above recommendation(s) and see if I can advance any further.
Of course, I only want this info for what we call educational purposes
Thanks for the info Waraxe!
BlaxeNet |
|
|
|
|
Posted: Fri Jun 22, 2007 3:49 pm |
|
|
waraxe |
Site admin |

 |
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
 |
 |
 |
|
|
|
|
|
www.waraxe.us Forum Index -> Shell commands injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|