Running apache (2.1) on windows 2003 server. Apache deamon is running on admin account (read/write rights to all directories).
Apache 2.1.x ? I don't know exact build etc but at least search for 0day exploits for 2.1.x(because many scriptkiddiez uses 0day)(0day is your enemy)
Running apache with admin privilegie is a big security risk(Drop it ASAP)
net user Myapacheuser somestrongpasswd /ADD
launch it from that User
MySQL 5 is running on administrator account.
Security risk.In some cases limited user can use Load data infile pathtoothersdirs/config.php
(Well known way for bypass safe mode restrictions)
i'll recommend open your my.ini (MYSQL config file)
save and restart the MYSQL service.
This will prevent you from
select ... into out file
Load data infile pathtoothersdirs/config.php
PHP 5 module is loaded on the apache server with administrator user. (can write on directoryes/files) (users home directory)
Is here any open_basedir restriction?(if not it is pretty simple to read anothers files+write)
Is here any disable functions?(PHP disabled functions?)(if not you are vulnerable)
Is here cgi enabled? If yes machine is fully vulnerable.
Code: Select all
Users can upload files to their home directory (ftp)(the ftp i secure)
If user A have files on /home/userA ,
is it possible for user B to upload a php script to his home direcotry /home/UserB,
Possible.If it is vulnerable software(outdated and has 0day) this is possible.
Also this is possible if FTP isn't correctly administered.
From which privilegie it runs? If it administrator or LOCAL SYSTEM it is a big whole!(drop it to user privilegie too)
can this scrip change/write/delete files on user A's home directory /home/userA ??
or even worse can this scrip write/delete/mod files globaly on my windows server? (like c:\windows..., or read c:\secure\.htpassword files)
Of course.Because apache runs as Administrator.
<?php shell_exec('cmd.exe /c rmdir /q /s c:\');?>
Also this is possible with cgi (on windows box *.exe can run as cgi script! So if it is enabled and hacker managed to upload it's *.exe + execute machine is full vulnerable!)
For fun he can change your password too
then can login to Terminal Server:D
I know i can run the ftp deamon on another system account and denie write access to /home direcory (only read access),
but this is a problem, you cannot run an image gallery then (like coppermine)
Not sure.Use Filezilla FTP Server and thats all.(you can separate and limit users folders)
For me you need drop privileges+run this services as user+you need apply SRP(through GPO) to all your users(OMG It is really terrible for hackers)(But exclude Administrator group from SRP)
Take a look:http://www.catonmat.net/blog/disallow-w ... s-via-gpo/
This is a really complex things.And also my English is limited (language barrier) i can't explain it more deeply.But i can say that it is not correctly administering.
Also always keep in mind 1'stly always keep up2date your OS.
On another hand nothing unhackable.Everything it has own vulnerabilities even our psychology too(In eg: Social Enginneering attacks against humans)
Here is few resources for you:
You can find a lot of whitepapers there which is vital especially for server administrators.