AIX for Penetration Testers

[Nytro]

AIX for Penetration Testers

GIAC (GPEN) Gold Certification

Author: Zoltan Panczel, panczelz@gmail.com

Advisor: Robert!Vandenbrink

Accepted: January 7th 2015

Abstract

AIX is a widely used operating system by banks, insurance companies, power stations

and universities. The operating system handles various sensitive or critical information

for these services. There is limited public information for penetration testers about AIX

hacking, compared the other common operating systems like Windows or Linux. When

testers get user level access in the system the privilege escalation is difficult if the

administrators properly installed the security patches. Simple, detailed and effective steps

of penetration testing will be presented by analyzing the latest fully patched AIX system.

Only shell scripts and the default installed tools are necessary to perform this assessment.

The paper proposes some basic methods to do comprehensive local security checks and

how to exploit the vulnerabilities.

Download: http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890

[Zatarra]

Stati dracu cuminit.. va prindeti urechile in AIX Si majoritatea AIX-urilor sunt in private networks.. e destul de greu sa ajungi la ele..

[marckyy]

Stati dracu cuminit.. va prindeti urechile in AIX Si majoritatea AIX-urilor sunt in private networks.. e destul de greu sa ajungi la ele..

Serios ? Asta e al tau: 58.180.227.211 USER: informix PASS: zatarra2014 port 23 ???

inca un exemplu: 211.48.76.37 USER: oracle PASS: oracle -- rlogin (port 513)

Edited January 9, 2015 by marckyy

[Zatarra]

Da, ambele sunt ale mele, eu de obicei ma logez pe sisteme cu useri de baze de date (gen informis, oracle). Asa ma logez si pe RST, cu useru mysql si apoi facu su -