[rescue] SGI Irix / Indy question

Brooke Gravitt brooke at gravitt.org
Sat Dec 20 18:08:09 CST 2003

> Too bad. Did you use a wordfile and -rules?
> I have a homebrew 40MB wordlist that works pretty well.

Yup. I've got a pretty extensive wordlist, too. There are only 2 accounts
with passwords on the box, and they look to be secure.

 > Your best bet is to telnet to those ports, grab a banner (i.e. OPTIONS /
> HTTP/1.0 for port 80) and google for version string + vulnerability. I
> don't think ports 7, 11, 13, 37 will be very useful. Maybe there's an
> rexec (512), telnet (23), ftp (21) or web (80) exploit.

Exactly. I've tried everything I know. That's why I was hoping someone
knew of a specific exploit that might crack this puppy.  I've been trying
to exploit rexec, telnet, & ftp in every way I can think of. It's not
serving pages- any way to tell what version of httpd is running to maybe

More information about the rescue mailing list