Survey, Any help appreciated |
Survey, Any help appreciated |
Mar 27 2009, 02:46 PM
Post
#21
|
|
Paddle Master Group: Clan Members Posts: 2,085 Thank(s): 30 Points: 317 Joined: 3-December 07 Member No.: 50 |
but isnt that obvious anyway... no webhosting companies in their right minds will give customers root access to logs/apache conf files etc ... or am i wrong?
youd have to go dedicated or whatever for full rw permissions, unless your that 1337 that chmod doesnt apply to you -------------------- |
|
|
Mar 27 2009, 02:52 PM
Post
#22
|
|
Security and Projects Group: Clan Dogsbody Posts: 4,687 Thank(s): 1098 Points: 2,440 Joined: 31-August 07 From: A Magical Place, with toys in the million, all under one roof Member No.: 1 |
nope, quite correct.
-------------------- |
|
|
Mar 27 2009, 02:58 PM
Post
#23
|
|
Knight Lieutenant Group: Clan Members Posts: 989 Thank(s): 1 Points: 215 Joined: 5-June 08 From: Tyler, Texas, US Member No.: 124 |
to be fair it's not that simple...... If this was some spotty linux wannabe that flattened their dell pc and stuck on red hat and apache just to be l33t, then yes... there's probably a lot one could do. If on the other hand we're talking about a shared linux/apache webhosting service.. same as many you'd rent from around the place. The markdorley user is not a superuser and has no root access. In fact he has no actual real permissions within the server structure. For reference kernel 2.6.24.2dn.am with apache 1.3.41 Assuming I created a site called markdorleycantdowebsites.com and was assigned by the powers ((or scripts) that be a user account called fidoisnotasgayasmonkey with permissions to write files within the public html or www direcotories The fidoisnotasgayasmonkey user is a restricted. Commonly (unfortunately.. chroot jail ftw!) the owner of the access-logs is root (0) - even if the fidoisnotasgayasmonkey user ftp'd to their shiny new hosting and went to their access-logs folder they would find a bunch of files with 640 or similar permissions owned by root, (-rw-r------ if you prefer), the group can read em, but only the owner can write to them and I mentioned before the owner is root . Fidoisnotasgayasmonkey would not be able to tamper with these files and would logout safe in the knowledge that his access logs are secure and could return to pwning at L4D assuming this is true, which i'm sure it is. you still touch youself at night -------------------- |
|
|
Mar 27 2009, 03:17 PM
Post
#24
|
|
Security and Projects Group: Clan Dogsbody Posts: 4,687 Thank(s): 1098 Points: 2,440 Joined: 31-August 07 From: A Magical Place, with toys in the million, all under one roof Member No.: 1 |
it's a dirty job, but someones got to do it
and user is fidoisgay is a secret superuser account that comes with all versions of unix.. it's just a well kept secret -------------------- |
|
|
Mar 27 2009, 03:24 PM
Post
#25
|
|
Knight Errant Group: SM Guild Members Posts: 543 Thank(s): 0 Points: 102 Joined: 29-October 07 Member No.: 32 |
|
|
|
Mar 27 2009, 04:51 PM
Post
#26
|
|
Knight Errant Group: Clan Members Posts: 645 Thank(s): 0 Points: 79 Joined: 18-November 07 From: Swindon Member No.: 43 |
I am quite happy to say I have noclue what your all on about
-------------------- |
|
|
Mar 28 2009, 02:26 AM
Post
#27
|
|
Knight Lieutenant Group: Clan Members Posts: 824 Thank(s): 0 Points: 218 Joined: 30-December 07 From: Brighton Member No.: 54 |
Agreed
-------------------- There are 10 types of people in this world, those who understand binary and those who don't |
|
|
Apr 8 2009, 12:47 PM
Post
#28
|
|
Security and Projects Group: Clan Dogsbody Posts: 4,687 Thank(s): 1098 Points: 2,440 Joined: 31-August 07 From: A Magical Place, with toys in the million, all under one roof Member No.: 1 |
I find myself wondering whats wrong with you, Mr. Dorley?
Learning about security is a good thing; but trying to do so by attempting to gain root admin on this site is frankly retarded. Running linux (especially feisty fawn) does not make one l33t. All the form entries were santised here so there won't be any code injections or whatever the hell you thought you were doing. Now... 1. Your computers root password is currently set to: markdorkley1, feel free to change this. 2. Once online, don't return here or mail me.. Attempting to hack this website does not make us bestest buddies 3. Get a haircut - stupid fringe; you look like a chav. k. thx. bye. -------------------- |
|
|
Lo-Fi Version | Time is now: 24th November 2024 - 04:26 PM |