List /home directory without logging in?
From: Alan Baker (alanwbaker_at_yahoo.com)
Date: 07/05/04
- Previous message: Bodo Eggert: "Re: Policing user CGI scripts"
- Next in thread: Bit Twister: "Re: List /home directory without logging in?"
- Reply: Bit Twister: "Re: List /home directory without logging in?"
- Reply: Steve Kemp: "Re: List /home directory without logging in?"
- Reply: Jem Berkes: "Re: List /home directory without logging in?"
- Reply: Gandalf Parker: "Re: List /home directory without logging in?"
- Reply: Alan Baker: "Re: List /home directory without logging in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 Jul 2004 23:19:28 -0700
Someone recently tried to log into all the userids on my Linux box.
First they connected several times via http, telnet, ftp, pop3, and
imap but were unsuccessful in logging in. Then they tried every
userid twice in alphabetical order via SSH. Also unsuccessfully.
(Use those strong passwords, friends!)
They didn't actually use the names in /etc/passwd, but instead tried
all directory names under /home (including non-users like lost+found).
This makes me wonder if the preliminary probes revealed /home's
directory list.
How could someone list /home without logging in? Is there a known
vuln I'm missing?
Alan
- Previous message: Bodo Eggert: "Re: Policing user CGI scripts"
- Next in thread: Bit Twister: "Re: List /home directory without logging in?"
- Reply: Bit Twister: "Re: List /home directory without logging in?"
- Reply: Steve Kemp: "Re: List /home directory without logging in?"
- Reply: Jem Berkes: "Re: List /home directory without logging in?"
- Reply: Gandalf Parker: "Re: List /home directory without logging in?"
- Reply: Alan Baker: "Re: List /home directory without logging in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
