>>>>> "Pankaj" == Pankaj Mishra <Pankaj> writes:
Pankaj> Hi folks, Today I witnessed a demo by Microsoft gang of
Pankaj> hacking Linux (RH 7.3) Thru browser on a windows client ,
Pankaj> a php file was sent to Linux thru browser and then
Pankaj> executed. After that a page appeared thru which command
Pankaj> can be executed on Linux. They copied the whole
Pankaj> /etc/shadow and tried to break the root password and
Pankaj> demonstrated breaking of root password within a minute. I
Pankaj> asked them how they are doing it and under what account
Pankaj> Apache was running. But they gave evasive replies. IS THIS
Pankaj> POSSIBLE !! I want to again get back to them and seek
Pankaj> their response. BUT PLEASE TELL ME FIRST IS THIS POSSIBLE
Pankaj> ? I want to do my homework first and then confront them.
Pankaj> IS IT POSSIBLE TO WRITE A FILE ON LINUX BY GIVING SIMPLE
Pankaj> PHP COMMANDS THRU URL? IS IT POSSIBLE TO EXECUTE THAT PHP
Pankaj> SCRIPT AND GET ACCESSS TO /etc/shadow.
1. Who had installed and configured the box? If MS, then this is just
a big joke.
2. Had security patches been installed?
3. Why was PHP running? What application? Was it the newest verion
of the application?
4. Basically sounds like lots of MS cra^H^H^H FUD to me.
And to answer your question, yes, anything is possible. If you have
time, resources and intelligence you can crack into just about any box
in the world. MS just makes it a bit easier for people to get into
their own boxes. They are probably believers in open systems -- wide
open.
-- Raju
Pankaj> Please reply fast. Punkuz
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
It is the mind that moves
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
