Here's what I know:
I also know there there is currently no firewall set up.
PORT STATE SERVICE VERSION
25/tcp filtered smtp
80/tcp open http Apache httpd
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1720/tcp filtered H.323/Q.931
2233/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
A nessus scan didn't turn up a ton of useful information, at least not that I could see.
I actually retract what I mentioned about useful information. There was a www.websitehere.org/test.php but after I mentioned that I found it my friend deleted it. I did however manage to save a copy and can view the information at any time so let's assume I have access to everything test.php would tell me.
The following files are calling the function phpinfo() which
disclose potentially sensitive information to the remote attacker :
In addition to NMap and Nessus, I ran Nikto and gathered some random info, namely it was pointing out test.php. There were other directories that required authorization to view and from what I could tell, SWL injection was not an option for hacking /phpmyadmin.
With these things in mind, how should I go about getting into this machine? I read up on as much as I could on the services listed on test.php such as:
and as I said, pretty much anything test.php lists and ways to exploit them. Unfortunately, I've hit a wall.
PHP Version 5.2.3-1ubuntu6
PHP Core Configuration
Apache API version
Info on the Apache Environment
Despite all the reading I've done I was hoping someone would be kind enough to point me in the right direction as to how I should proceed from here. Any and all help is much appreciated. Thanks!
Edited by 2point0, 16 November 2007 - 03:32 AM.