Re: List /home directory without logging in?

From: Gerard Wassink (DontWant_at_SP_aM.nl)
Date: 07/06/04


Date: Tue, 6 Jul 2004 14:07:47 +0200

On 5 Jul 2004 13:35:41 -0700, Alan Baker scribbled:

> alanwbaker@yahoo.com (Alan Baker) wrote in message news:<4e2aa94d.0407042219.3a9d19c9@posting.google.com>...
>> Someone recently tried to log into all the userids on my Linux box.
>> First they connected several times via http, telnet, ftp, pop3, and
>> imap but were unsuccessful in logging in. Then they tried every
>> userid twice in alphabetical order via SSH. Also unsuccessfully.
>> (Use those strong passwords, friends!)
>>
>> They didn't actually use the names in /etc/passwd, but instead tried
>> all directory names under /home (including non-users like lost+found).
>> This makes me wonder if the preliminary probes revealed /home's
>> directory list.
>>
>> How could someone list /home without logging in? Is there a known
>> vuln I'm missing?
>>
>> Alan
>
> Thanks for your ideas, Jem, Steve, and Bit Twister.
>
> This is a server so the http, telnet, ftp, pop3, imap, and ssh ports
> are open through the firewall.
>
> Good idea about a vulnerable web CGI script that reveals /home. I'm
> running mailman (pop-mail reader written in Perl) and cgipasswd
> (password-changer written in PHP). They have no documented
> vulnerabilities I can find. Further suggestions?
>
> Alan

Forgive me for asking the obvious "is-it-plugged-in" like question:

Would you be servicing anonymous ftp?

And if so, what's the chmod value of your /home directory, and is it
perhaps reachable by anonymous clients?

-- 
GerardLinux ay tee filternet dee oo tee ann el
                  |
              \       /
                .---. 
           '-.  |   |  .-'
             ___|   |___
        -=  [           ]  =-
            `---.   .---' 
         __||__ |   | __||__
         '-..-' |   | '-..-'
           ||   |   |   ||
           ||_.-|   |-,_||
         .-"`   `"`'`   `"-.
       .'                   '.
 
Jesus is alive, I spoke with Him this morning!


Relevant Pages

  • Re: List /home directory without logging in?
    ... This is a server so the http, telnet, ftp, pop3, imap, and ssh ports ...
    (comp.os.linux.security)
  • Re: List /home directory without logging in?
    ... This is a server so the http, telnet, ftp, pop3, imap, and ssh ports ...
    (comp.security.unix)
  • Re: Understanding iptables FC4
    ... >>make my http, ftp, telnet working from the outside world I would truly ... ftp needs to be setup as passive. ... I thought I knew what I was doing till you mentioned SSH, SCP, and DMZ ... access DSL, http, ftp and telnet.. ...
    (alt.os.linux)
  • Re: Firmware for locked Speedtouch 350
    ... > It's not possible to use the reset/default button to unlock it. ... > telnet / ftp and http requires a combination of user and password which I ...
    (comp.os.linux.networking)
  • Re: Firmware for locked Speedtouch 350
    ... > It's not possible to use the reset/default button to unlock it. ... > telnet / ftp and http requires a combination of user and password which I ...
    (comp.os.linux.hardware)