CPSA Unix Security Assessment
Questions with Complete Solutions7
What R* services can be used for user enumeration? - ANSWERS-rusers, rwho.
What does rwho do? - ANSWERS-Reports information on logged on users on a remote host.
What does rwho do? - ANSWERS-Reports all users logged onto machines in the local network.
How can users be enumerated with SMTP? - ANSWERS-VRFY or RCPT TO command.
What does finger do? - ANSWERS-Finger is a program that can be used to find information
about users of a system. It usually lists the login name, the full name, and possibly other details
about the user you are fingering. This is a dated service that was used to determine who was
currently on a device. Gets it information from /etc/passwd.
What ports are used for FTP and for what reasons? - ANSWERS-20 - data and 21 - command
What kind of access allows any users to interact with an FTP service? - ANSWERS-Anonymous
What could be risk of allowing anyone to write to FTP service? - ANSWERS-Potential upload into
code execution, obtaining sensitive files, identifying vulnerable version.
What is a mail relay? - ANSWERS-SMTP relay lets users send e-mails through external servers.
Spammers and hackers can use an e-mail server to send spam or malware through e-mail under
the guise of the unsuspecting open-relay owner.
, What is CVE-2003-0694? - ANSWERS-The prescan function in Sendmail 8.12.9 allows remote
attackers to execute arbitrary code via buffer overflow attacks.
What is CVE-2003-0161? - ANSWERS-A buffer overflow has been reported in the prescan()
function of Sendmail versions 8.12.9 and earlier. The overflow can be exploited to execute
arbitrary code on the system.
What is CVE-2002-1337? - ANSWERS-Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote
attackers to execute arbitrary code via certain formatted address fields, related to sender and
recipient header comments as processed by the crackaddr function of headers.c.
What is NFS? - ANSWERS-NFS is Network File System, a legacy protocol providing network based
file services. Allowing files to be accessed as they would be locally.
How can NFS be restricted? - ANSWERS-The etcexports file can be altered to add a policy
restricting access to certain hosts or directories. The SUID bit can be disabled too.
What is Root Squash? - ANSWERS-Root Squashing remaps the root user to an anonymous user
in NFS. The no_root_squash needs to be changed to root_squash to prevent this.
What options can be set to restrict what can be done to abuse NFS? - ANSWERS-NoExec -
prevents execution of binaries on the system. NoSuid - prevents suid being used on the system.
This is when connecting via NFS.
How can restricted files be accessed via UID/GID manipulation in certain NFS setups? -
ANSWERS-Auth relies on UID and GID from the OS. You can change the UID in a VM to match
that of the target and get their permissions.
What do the /etc/hosts.equiv and.rhosts files do and what are the differences? - ANSWERS-
Gives a specified user(s) permission to log in remotely from the specified host without having to
Questions with Complete Solutions7
What R* services can be used for user enumeration? - ANSWERS-rusers, rwho.
What does rwho do? - ANSWERS-Reports information on logged on users on a remote host.
What does rwho do? - ANSWERS-Reports all users logged onto machines in the local network.
How can users be enumerated with SMTP? - ANSWERS-VRFY or RCPT TO command.
What does finger do? - ANSWERS-Finger is a program that can be used to find information
about users of a system. It usually lists the login name, the full name, and possibly other details
about the user you are fingering. This is a dated service that was used to determine who was
currently on a device. Gets it information from /etc/passwd.
What ports are used for FTP and for what reasons? - ANSWERS-20 - data and 21 - command
What kind of access allows any users to interact with an FTP service? - ANSWERS-Anonymous
What could be risk of allowing anyone to write to FTP service? - ANSWERS-Potential upload into
code execution, obtaining sensitive files, identifying vulnerable version.
What is a mail relay? - ANSWERS-SMTP relay lets users send e-mails through external servers.
Spammers and hackers can use an e-mail server to send spam or malware through e-mail under
the guise of the unsuspecting open-relay owner.
, What is CVE-2003-0694? - ANSWERS-The prescan function in Sendmail 8.12.9 allows remote
attackers to execute arbitrary code via buffer overflow attacks.
What is CVE-2003-0161? - ANSWERS-A buffer overflow has been reported in the prescan()
function of Sendmail versions 8.12.9 and earlier. The overflow can be exploited to execute
arbitrary code on the system.
What is CVE-2002-1337? - ANSWERS-Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote
attackers to execute arbitrary code via certain formatted address fields, related to sender and
recipient header comments as processed by the crackaddr function of headers.c.
What is NFS? - ANSWERS-NFS is Network File System, a legacy protocol providing network based
file services. Allowing files to be accessed as they would be locally.
How can NFS be restricted? - ANSWERS-The etcexports file can be altered to add a policy
restricting access to certain hosts or directories. The SUID bit can be disabled too.
What is Root Squash? - ANSWERS-Root Squashing remaps the root user to an anonymous user
in NFS. The no_root_squash needs to be changed to root_squash to prevent this.
What options can be set to restrict what can be done to abuse NFS? - ANSWERS-NoExec -
prevents execution of binaries on the system. NoSuid - prevents suid being used on the system.
This is when connecting via NFS.
How can restricted files be accessed via UID/GID manipulation in certain NFS setups? -
ANSWERS-Auth relies on UID and GID from the OS. You can change the UID in a VM to match
that of the target and get their permissions.
What do the /etc/hosts.equiv and.rhosts files do and what are the differences? - ANSWERS-
Gives a specified user(s) permission to log in remotely from the specified host without having to
