Application Errors
One of the most common ways to exploit a system is to take advantageof application errors. For instance, an old version of the UNIX sendmail
SMTP server allows any file on the remote system (e.g. the shadowed
password file) to be e-mailed to an attacker.
More recently, an old bug has re-surfaced thanks to the growing
number of HTTP interfaces to various applications. This bug is known
as the root-bug. In effect, the vulnerability allows you to read any file
on the remote file system irrespective of whether or not the requested
file is within the webroot directory. One of the most common
applications open to the vulnerability is Compaq’s Insight Manager
’utility’.
If an administrator on the remote system has run the rdisk utility, then
by simply going to http://victim:2301/../../../winnt/repair/sam._
will allow the attacker to retrieve the remote system’s SAM file (in
compressed form). This can then easily be imported into a tool such as
L0phtcrack and the account details and passwords gained.
There are two main ways to discover application errors:
• Automated Tools
• Manual Checking
No comments:
Post a Comment