lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: lwc at vapid.ath.cx (Larry W. Cashdollar)
Subject: HP Tandem NonStop servers


On Thu, 21 Aug 2003, KF wrote:

> Well if its a unix based OS I would start with a suid / sgid listing...
> as well as checking the listening services...
>
> Shoot me a find / -perm -4000 and a find / -perm -2000 along with a
> netstat -a and we can go from there.
>
> If you are willing to give up a shell I'll beat on the suids myself for
> a bit. =]
> -KF

Also see what type of hash function is used to store
passwords(md5?,crypt()) as well has any password file shadowing.
Check out system directory and file permissions as well.  Is there alot
of cruft installed? X11 japanise language fonts etc..? what are the
default system accounts in /etc/passwd?  look for that as well.


-- Larry C$

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ