Penetration of HP/UXJun 08 2011 07:30AM Philipp Lachberger (ph_lachi yahoo de) (4 replies)
Hello fellow pen-testers,
I've recently encountered a HP/UX Box in a penetration test. Now I've been searching for materials on HP/UX as it is (over here) not a common system to encounter.
All I've found on public search engines were links to exploits from < 2001. Have I just not searched thoroughly enough or are there hardly any papers?
I would greatly appreciate it if you could give me directions to look at.
Now what kind of makes me wonder:
How do you usually approach a system you haven't encountered before? I have been doing a "usual suspect"-analysis in mapping the OS with your-favourite-port-scanner-here and your-favourite-vulnerability-scanner-here - but beyond that? There are two services listening - Sendmail and ProFTPD, both not obviously wrong configured.
Exploits don't work for HP/UX as they do for "normal" Linuxes/Unixes. This is because HP/UX (as far as I know) mainly works on SPARC CPU's, thus having Big Endian instructions which is different from standard x86 - or am I wrong?
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
I've recently encountered a HP/UX Box in a penetration test. Now I've been searching for materials on HP/UX as it is (over here) not a common system to encounter.
All I've found on public search engines were links to exploits from < 2001. Have I just not searched thoroughly enough or are there hardly any papers?
I would greatly appreciate it if you could give me directions to look at.
Now what kind of makes me wonder:
How do you usually approach a system you haven't encountered before? I have been doing a "usual suspect"-analysis in mapping the OS with your-favourite-port-scanner-here and your-favourite-vulnerability-scanner-here - but beyond that? There are two services listening - Sendmail and ProFTPD, both not obviously wrong configured.
Exploits don't work for HP/UX as they do for "normal" Linuxes/Unixes. This is because HP/UX (as far as I know) mainly works on SPARC CPU's, thus having Big Endian instructions which is different from standard x86 - or am I wrong?
Thank you all for your time!
Best Regards,
-Philipp
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]