On Tue, 07 Jan 2003, Joe Luna wrote: > While doing a web server audit I came across a backup copy of my clients > httpd.conf file. There is a password protected directory in the conf > file (see below) my question is how do I use this information to gain > further access to the server? I can see the host and DB name as well as > the username/password which I'm assuming is some sort of administrative > account. > > What I'm not sure of is the type of database or even how to connect > using the credentials gained from the conf file. > > Any pointers? This is a Postgres database. (that is determined by the dbi connect string - see the 'Pg'?) Assuming you have the postgres client on a local machine, you can try logging in to it doing something like psql -d main -h client.com -U username -W password Odds are that won't work, assuming a competent admin. Postres has the notion of "host based access" that's defined in a config file (that lives in various places under different OSes, under Debian, for instance, it is /etc/postgres/hba.conf), which controls, well, host based access. So, if you can get a shell on the apache server box, you can get database access with the privileges of the web server UID. Further poking around at things might require "man DBI::Pg" (assuming you have that perl module installed), "man postmaster", and "man psql" (both of those come from a postgres full install). Also very useful for postgres' flavor of SQL is http://www.commandprompt.com/ppbook/, and the O'Reilly books _Programming the Perl DBI_ and _Apache Modules in Perl and C_ (or something similar) are useful for understanding mod_perl and perl database handling. In general Postgres is a fairly solid database. Security-wise, it is hard to find problems with the database itself. People frequently write code that leaves you lots of oppurtunities on the front-end, however. Hope this helps, good luck. -j > <Location /accounting> > AuthName DBI > AuthType Basic > PerlAuthenHandler Apache::AuthDBI::authen > PerlAuthzHandler Apache::AuthDBI::authz > PerlSetVar Auth_DBI_data_source dbi:Pg:dbname=main;host=client.com > PerlSetVar Auth_DBI_username username > PerlSetVar Auth_DBI_password password > PerlSetVar Auth_DBI_pwd_table users > PerlSetVar Auth_DBI_uid_field username > PerlSetVar Auth_DBI_pwd_field password > require valid-user > </Location> > > > Regards, > Joe > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ -- Jamie Lawrence jalat_private "The more corrupt the state, the more numerous the laws" - Tacitus ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 16:45:41 PST