Monday, January 8, 2007

using Mount to gain access to unix systems

This is not hard to do and there are many systems out there that are mountable.
Mount is a command in unix that will allow you to mount remote machines drives
you yours. This is done so you can do installs from other machines, or just
share drives or directories across the network. The problem is that many
admins are good with unix commands or setup. Or maybe they are just plain
lazy and mount the drives with world access not understanding that the world
can mount the drive and gain write access to their users directories.

What you will need to get started here is a hacked root account. To be able to
mount the remote drive and gain access you will need to modify the system's
password file and use the su command.

Ok let's say we have root access. let's get started!

You can see if another system has mountable drives by using the showmount
command.

From root account:

$root> showmount -e wwa.com
mount clntudp_create: RPC: Port mapper failure - RPC: Unable to receive

Ok, no problem, this domain will not work, go on to the next one...

$root> showmount -e seva.net
Export list for seva.net:
/var/mail pluto.seva.net
/home/user1 pluto.seva.net
/usr/local pluto.seva.net,rover.seva.net
/export/X11R6.3 rover.seva.net
/export/rover rover.seva.net,pluto.seva.net
/export/ftp/linux-archive/redhat-4.1/i386/RedHat (everyone)

Notice the (everyone), this would be good if we wanted to install linux
from this guy's box, but we want open directories to users.... so go on to
the next one...

$root> showmount -e XXXXX.XXX < this one worked ... find your own ;)
Export list for XXXXX.XXX:
/export/home (everyone)

Now this guy mounted his home directory, the user accounts are off of the home
directory ;) and look above ... (everyone) can access it!


Ok, this section was to show you how to see if they are mountable, in the next
section i will show you how to mount and hack it. But for now, here is a
script that will scan for EVERY DOMAIN on the internet that is mountable and
log them for you. (Next post)

Posted at 4:40 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)