[rescue] SGI Irix / Indy question
Brooke Gravitt
brooke at gravitt.org
Sat Dec 20 18:08:09 CST 2003
> Too bad. Did you use a wordfile and -rules?
> I have a homebrew 40MB wordlist that works pretty well.
Yup. I've got a pretty extensive wordlist, too. There are only 2 accounts
with passwords on the box, and they look to be secure.
> Your best bet is to telnet to those ports, grab a banner (i.e. OPTIONS /
> HTTP/1.0 for port 80) and google for version string + vulnerability. I
> don't think ports 7, 11, 13, 37 will be very useful. Maybe there's an
> rexec (512), telnet (23), ftp (21) or web (80) exploit.
Exactly. I've tried everything I know. That's why I was hoping someone
knew of a specific exploit that might crack this puppy. I've been trying
to exploit rexec, telnet, & ftp in every way I can think of. It's not
serving pages- any way to tell what version of httpd is running to maybe
overflow?
More information about the rescue
mailing list