IPB





Welcome Guest ( Log In | Register )

2 Pages V  < 1 2  
Closed TopicStart new topic
> Survey, Any help appreciated
Magik5
post Mar 27 2009, 02:46 PM
Post #21


Paddle Master
**********

Group: Clan Members
Posts: 2,085
Thank(s): 30
Points: 317
Joined: 3-December 07
Member No.: 50




but isnt that obvious anyway... no webhosting companies in their right minds will give customers root access to logs/apache conf files etc ... or am i wrong?

youd have to go dedicated or whatever for full rw permissions, unless your that 1337 that chmod doesnt apply to you


--------------------
Go to the top of the page
 
+Quote Post
MonkeyFiend
post Mar 27 2009, 02:52 PM
Post #22


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




nope, quite correct.


--------------------

Go to the top of the page
 
+Quote Post
fido77
post Mar 27 2009, 02:58 PM
Post #23


Knight Lieutenant
********

Group: Clan Members
Posts: 989
Thank(s): 1
Points: 215
Joined: 5-June 08
From: Tyler, Texas, US
Member No.: 124




QUOTE(MonkeyFiend @ Mar 27 2009, 08:36 AM) *
to be fair it's not that simple......

If this was some spotty linux wannabe that flattened their dell pc and stuck on red hat and apache just to be l33t, then yes... there's probably a lot one could do.

If on the other hand we're talking about a shared linux/apache webhosting service.. same as many you'd rent from around the place. The markdorley user is not a superuser and has no root access. In fact he has no actual real permissions within the server structure. For reference kernel 2.6.24.2dn.am with apache 1.3.41

Assuming I created a site called markdorleycantdowebsites.com and was assigned by the powers ((or scripts) that be a user account called fidoisnotasgayasmonkey with permissions to write files within the public html or www direcotories

The fidoisnotasgayasmonkey user is a restricted.

Commonly (unfortunately.. chroot jail ftw!) the owner of the access-logs is root (0) - even if the fidoisnotasgayasmonkey user ftp'd to their shiny new hosting and went to their access-logs folder they would find a bunch of files with 640 or similar permissions owned by root, (-rw-r------ if you prefer), the group can read em, but only the owner can write to them and I mentioned before the owner is root .

Fidoisnotasgayasmonkey would not be able to tamper with these files and would logout safe in the knowledge that his access logs are secure and could return to pwning at L4D cool.gif


assuming this is true, which i'm sure it is. you still touch youself at night tongue.gif


--------------------

Go to the top of the page
 
+Quote Post
MonkeyFiend
post Mar 27 2009, 03:17 PM
Post #24


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




it's a dirty job, but someones got to do it tongue.gif

and user is fidoisgay is a secret superuser account that comes with all versions of unix.. it's just a well kept secret biggrin.gif


--------------------

Go to the top of the page
 
+Quote Post
=R6= Raile
post Mar 27 2009, 03:24 PM
Post #25


Knight Errant
*******

Group: SM Guild Members
Posts: 543
Thank(s): 0
Points: 102
Joined: 29-October 07
Member No.: 32




QUOTE(MonkeyFiend @ Mar 26 2009, 09:26 AM) *
IT'S MONKEYFIEND
FIEND!
with an FIE!
There's no R in there!
MONKEYFIEND!


I lol'd pretty hard at that..
Wouldn't be so bad if not for monkey getting so upset about it biggrin.gif
Go to the top of the page
 
+Quote Post
Lawpf2001
post Mar 27 2009, 04:51 PM
Post #26


Knight Errant
*******

Group: Clan Members
Posts: 645
Thank(s): 0
Points: 79
Joined: 18-November 07
From: Swindon
Member No.: 43




I am quite happy to say I have noclue what your all on about


--------------------
Go to the top of the page
 
+Quote Post
Magik6
post Mar 28 2009, 02:26 AM
Post #27


Knight Lieutenant
********

Group: Clan Members
Posts: 824
Thank(s): 0
Points: 218
Joined: 30-December 07
From: Brighton
Member No.: 54




Agreed


--------------------

There are 10 types of people in this world, those who understand binary and those who don't
Go to the top of the page
 
+Quote Post
MonkeyFiend
post Apr 8 2009, 12:47 PM
Post #28


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




I find myself wondering whats wrong with you, Mr. Dorley?

Learning about security is a good thing; but trying to do so by attempting to gain root admin on this site is frankly retarded.

Running linux (especially feisty fawn) does not make one l33t. All the form entries were santised here so there won't be any code injections or whatever the hell you thought you were doing.

Now...

1. Your computers root password is currently set to: markdorkley1, feel free to change this.

2. Once online, don't return here or mail me.. Attempting to hack this website does not make us bestest buddies ohmy.gif

3. Get a haircut - stupid fringe; you look like a chav.

k. thx. bye.


--------------------

Go to the top of the page
 
+Quote Post

2 Pages V  < 1 2
Closed TopicStart new topic

 



RSS Lo-Fi Version Time is now: 28th November 2024 - 10:17 AM
Sneaky Monkeys Clan :: MonkeyFiend.com