Fwd: Re: python adds an extra half space when reading from a string or list

Νίκος nikos at superhost.gr
Thu Jul 4 12:06:20 CEST 2013


Στις 3/7/2013 8:23 μμ, ο/η Chris Angelico έγραψε:
>>> What are the file permissions (file modes) on all your home
>>> directories? Do you know what they mean?
>>
>>
>> root at nikos [~]# ls -al /home
>> total 88
>> drwx--x--x 22 root     root     4096 Jul  3 20:03 ./
>> drwxr-xr-x 22 root     root     4096 Jun 12 01:21 ../
>> drwx--x--x 14 akis     akis     4096 Apr  5 22:21 akis/
>> same with others just +x for group and others.
>>
>> Does that mean you can easily i.e. 'cd /home/akis/' accessing their home
>> directories?
>
> Yes.

You can cd to the other users home directories but you wont be able to
view their files because of the lack of +r attribute.

But i'll remove it just in case by:

chmod go-x -R /home/whatever_username

>> Yes they do, but cPanel offers some protection against these kind of
methods
>> called "CPHulk" so it wont be easy!
>
> Neat. Now I know how to lock you out of your own account. Five seconds
> with Google brought this up:
>
> http://docs.cpanel.net/twiki/bin/view/11_30/WHMDocs/CPHulk
>
> Can you, by reading that page, tell me what I would have to do to stop
> you from accessing your login?

yes constantly ping my server by faking you ip address as my ip address
so to force CPHulk to refuse to let me login.

Of course the same page provides a means of how to unlock myself in case
that happens.

> Also, CPHulk does not appear to have _any_ protection against
> privilege escalation. It's a completely different thing.

Yes, it does not. Its mostly a way to block nmap requests of pinging and
identifying of services running on the server itself.

-- 
What is now proved was at first only imagined!





More information about the Python-list mailing list