From: Vlad (recompiler@hacksrus.com)
Date: Fri Aug 29 2003 - 00:17:18 EDT
In the process of performing a pen test a ran across a little admin
interface one of the admins appears to have setup for him/her self. It is
not password protected, and I can do fun things like access one of those
web/SNMP enabled apc power controls and manage or shutoff something more
or less vital to their daily operations.
1) Should I notify the company immediately and terminate the pen test
early to safeguard them?
2) Could this just be a sys admins honeypot or private joke?
3) Has anyone ever encountered anything similar?
4) Who wants to help me take the sys admin out back and apply a baseball
bat to him if it is indeed what it appears to be?
any advice is greatly appreciated
thank you
-- Vlad G. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT