[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Misconfigured Web Servers
Re: the "trick" below... an even more effective search is the
following...
http://www.altavista.digital.com/cgi-bin/query?pg=aq&what=web&q=url%3A
etc%2Fpasswd&r=&d0=&d1=&Submit.x=51&Submit.y=14
which searches all URLs that contain etc/passwd
See for yourself!
David Klur
_____________________________ Reply Separator _________________________________
Subject: BoS: Misconfigured Web Servers
Author: [email protected] at Internet-USA
Date: 12/26/95 3:57 PM
Everyone,
A friend of mine showed me a nasty little "trick" over the weekend. He
went to a Web Search server (http://www.altavista.digital.com/) and
did a search on the following keywords -
root: 0:0 sync: bin: daemon:
You get the idea. He copied out several encrypted root passwords from
passwd files, launched CrackerJack and a 1/2 MB word file and had a
root password in under 30 minutes. All without accessing the site's
server, just the index on a web search server!
Well, the first thing I did was check my site and it's ok. The second
thing I did was check my ISP for my home account, and it's okay. But
by trying various combinations of common accounts on web searches,
dozens of passwd files were found.
It seems that a large number of locations who use httpd and ftpd on
the same server often copy the regular passwd file to ftp/etc or
ftp-users/etc for ftp user access. A few sites have left the root
password in the file, and many contain user accounts' passwords. The
problems I see here are as follows:
1. You can get the passwd file in some cases by simply pointing your
URL to http://target.com/ftp/etc/passwd or
http://target.com/ftp-users/etc/passwd. Not good. Anon ftp can't get
it but a web browser can. Many passwd files are shadowed but you can
see some legit account names. Yes, I realize that this may be a dummy
file but hey, not always the case.
2. Some sites do not have the passwd file world readable, but the
entire passwd file stills exists indexed on the web search server. I
don't know about you, but I don't think I'd want my passwd file
indexed and searchable on a world accessible web server.
3. A ton of etc/group files turned up as well.
The guy that showed me this found it funny, but I find it disturbing.
Are there that many sites that are that poorly configured?
[email protected]