20051004

Lo que tinc entre mans :-o

Tinc diversos server UNIX: -sunrayb;-shetland;-bute;-arran;-orkney(no puc accedir pero se un user que si).

Tinc una llista dels users a l'estil seguent :
login:##login:uid:gid: "Nom i Cognoms", Departament en el qual treballa :/homedir/login:/usr/local/bin/sush

Vale aqui també puc veure que de bash na de na, pero es semblant.
A part del sush també hi ha users amb el csh.

La configuració del proxy és la seguent:

function FindProxyForURL(url, host) {
if (
(
isInNet(host,"130.159.0.0","255.255.0.0")
|| isInNet(host,"10.0.0.0", "255.0.0.0")
|| isPlainHostName(host)

|| dnsDomainIs(host, "localhost")
|| isInNet(host,"127.0.0.1","255.255.255.255")

)
) return "DIRECT";
else return "PROXY www-cache5.strath.ac.uk:8080; PROXY www-cache3.strath.ac.uk:8080; PROXY www-cache1.strath.ac.uk:8080";
}

Suposo que també podria obtenir el grups de la mateixa manera que els logins.

A partir d'aqui podria usar força bruta, pero ho hauria de fer des de fora, perque sino el proxy em diria "Pero que haces nennngggg..!!!!" i a més no és bonic, deixem aixo com a ultima solució.

--------------------------------------------------------
Trying 130.159.248.9...
Connected to dns1.strath.ac.uk.
Escape character is '^]'.


SunOS 5.9

Password:
SHETLAND

The new Unix server is arran and you should use this from now on.
You will not be able to access arran via telnet. Instead you
must use secure shell to access arran ie

ssh arran.cc.strath.ac.uk

If you are accessing arran via Windows you will have to use putty.
Putty can be downloaded from

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

SHETLAND

The new Unix server is arran and you should use this from now on.
You will not be able to access arran via telnet. Instead you
must use secure shell to access arran ie

ssh arran.cc.strath.ac.uk

If you are accessing arran via Windows you will have to use putty.
Putty can be downloaded from

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html



D'aqui puc extreure que arran és més nou, per tant possiblement més complicat d'entrar, com ja em va dir nessus lo tengo xungo nen.

Interesting ports on arran-16.cc.strath.ac.uk (130.159.16.198):
(The 1578 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
3/tcp closed compressnet
17/tcp closed qotd
21/tcp open ftp
22/tcp open ssh
23/tcp closed telnet
53/tcp closed domain
la resta tot closed :(
Device type: general purpose
Running: Sun Solaris 9
OS details: Sun Solaris 9

Solució buscar vulneravilitats a un altre lloc, potser el shetland ?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)