Nytro Posted January 9, 2015 Report Posted January 9, 2015 AIX for Penetration TestersGIAC (GPEN) Gold CertificationAuthor: Zoltan Panczel, panczelz@gmail.comAdvisor: Robert!VandenbrinkAccepted: January 7th 2015AbstractAIX is a widely used operating system by banks, insurance companies, power stationsand universities. The operating system handles various sensitive or critical informationfor these services. There is limited public information for penetration testers about AIXhacking, compared the other common operating systems like Windows or Linux. Whentesters get user level access in the system the privilege escalation is difficult if theadministrators properly installed the security patches. Simple, detailed and effective stepsof penetration testing will be presented by analyzing the latest fully patched AIX system.Only shell scripts and the default installed tools are necessary to perform this assessment.The paper proposes some basic methods to do comprehensive local security checks andhow to exploit the vulnerabilities.Download: http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890 Quote
Zatarra Posted January 9, 2015 Report Posted January 9, 2015 Stati dracu cuminit.. va prindeti urechile in AIX Si majoritatea AIX-urilor sunt in private networks.. e destul de greu sa ajungi la ele.. Quote
marckyy Posted January 9, 2015 Report Posted January 9, 2015 (edited) Stati dracu cuminit.. va prindeti urechile in AIX Si majoritatea AIX-urilor sunt in private networks.. e destul de greu sa ajungi la ele..Serios ? Asta e al tau: 58.180.227.211 USER: informix PASS: zatarra2014 port 23 ???inca un exemplu: 211.48.76.37 USER: oracle PASS: oracle -- rlogin (port 513) Edited January 9, 2015 by marckyy Quote
Zatarra Posted January 9, 2015 Report Posted January 9, 2015 Da, ambele sunt ale mele, eu de obicei ma logez pe sisteme cu useri de baze de date (gen informis, oracle). Asa ma logez si pe RST, cu useru mysql si apoi facu su - Quote