FTP and SSH access question

Hi All,
I am working on a RedHat 9 machine remotely (in a lab environment),
trying to access a file owned by root (permissions: -r--------) on the
remote machine. I have root FTP access (upstream) but only user-level
access via SSH.

The FTP data port (20) is closed, so I can't get the file with FTP. I
can't use SSH (or SCP) to view/download the file, because root is
disabled from connecting to SSH (even locally).

Does anyone have any ideas? I figure the combination between root FTP
access and standard SSH access can be used in some way. The remote
machine also has web services running, and the user account I can use
via SSH has access to a personal web page directory.

Any help is much appreciated.

Thanks,
c3dy8911r

c3dy8911r wrote:
> I am working on a RedHat 9 machine remotely (in a lab environment),
> trying to access a file owned by root (permissions: -r--------) on the
> remote machine. I have root FTP access (upstream) but only user-level
> access via SSH.

Urk?! "root" and "FTP" in the same sentence? Gee, I hope not!

> The FTP data port (20) is closed, so I can't get the file with FTP. I
> can't use SSH (or SCP) to view/download the file, because root is
> disabled from connecting to SSH (even locally).
>
> Does anyone have any ideas? I figure the combination between root FTP
> access and standard SSH access can be used in some way. The remote
> machine also has web services running, and the user account I can use
> via SSH has access to a personal web page directory.

The FTP port obviously _should_ be closed. The SSH suite provides tools
like 'scp' which can do secure file-copying. At minimum it also provides a
simple form of "tunneling" which allows communications using insecure
protocols to take place through a secure tunnel. IPSEC (Virtual Private
Networks) also provides the same basic idea.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

c3dy8911r wrote:
|
| The FTP data port (20) is closed, so I can't get the file with FTP. I
| can't use SSH (or SCP) to view/download the file, because root is
| disabled from connecting to SSH (even locally).

Just "su" to root when connected over ssh
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFBrQrTGFXfHI9FVgYRArEVAKCeWlSI7p8Bn9zb4usn8L bs7SCHLACgjlC8
aEaIsSoCTc7GlmzfZGfEKGs=
=ZKYl
-----END PGP SIGNATURE-----

Thanks for your reply -- let me clarify:

I am running this experiment in an authorized lab environment. I've
trojaned the vsftp daemon on the remote machine to allow root access
(with a set password). Therefore, I don't have the root password to
use with a sudo command (via SSH or anything else).

Is there a work-around to the permissions problem that would allow me
to access the file remotely via SSH given the limited root FTP access
I have?

Thanks again,
c3dy8911r


Sundial Services <(E-Mail Removed)> wrote in message news:<coisbr$c4e$(E-Mail Removed)>...
> c3dy8911r wrote:
> > I am working on a RedHat 9 machine remotely (in a lab environment),
> > trying to access a file owned by root (permissions: -r--------) on the
> > remote machine. I have root FTP access (upstream) but only user-level
> > access via SSH.
>
> Urk?! "root" and "FTP" in the same sentence? Gee, I hope not!
>
> > The FTP data port (20) is closed, so I can't get the file with FTP. I
> > can't use SSH (or SCP) to view/download the file, because root is
> > disabled from connecting to SSH (even locally).
> >
> > Does anyone have any ideas? I figure the combination between root FTP
> > access and standard SSH access can be used in some way. The remote
> > machine also has web services running, and the user account I can use
> > via SSH has access to a personal web page directory.
>
> The FTP port obviously _should_ be closed. The SSH suite provides tools
> like 'scp' which can do secure file-copying. At minimum it also provides a
> simple form of "tunneling" which allows communications using insecure
> protocols to take place through a secure tunnel. IPSEC (Virtual Private
> Networks) also provides the same basic idea.

> I am running this experiment in an authorized lab environment. I've
> trojaned the vsftp daemon on the remote machine to allow root access
> (with a set password). Therefore, I don't have the root password to
> use with a sudo command (via SSH or anything else).

ok, so when you ftp in do '!' and change the owner of the file or change the
file permissions so that scp can read it.


> Is there a work-around to the permissions problem that would allow me
> to access the file remotely via SSH given the limited root FTP access
> I have?
>
> Thanks again,
> c3dy8911r
>
>
> Sundial Services <(E-Mail Removed)> wrote in message
news:<coisbr$c4e$(E-Mail Removed)>...
> > c3dy8911r wrote:
> > > I am working on a RedHat 9 machine remotely (in a lab environment),
> > > trying to access a file owned by root (permissions: -r--------) on the
> > > remote machine. I have root FTP access (upstream) but only user-level
> > > access via SSH.
> >
> > Urk?! "root" and "FTP" in the same sentence? Gee, I hope not!
> >
> > > The FTP data port (20) is closed, so I can't get the file with FTP. I
> > > can't use SSH (or SCP) to view/download the file, because root is
> > > disabled from connecting to SSH (even locally).
> > >
> > > Does anyone have any ideas? I figure the combination between root FTP
> > > access and standard SSH access can be used in some way. The remote
> > > machine also has web services running, and the user account I can use
> > > via SSH has access to a personal web page directory.
> >
> > The FTP port obviously _should_ be closed. The SSH suite provides tools
> > like 'scp' which can do secure file-copying. At minimum it also
provides a
> > simple form of "tunneling" which allows communications using insecure
> > protocols to take place through a secure tunnel. IPSEC (Virtual Private
> > Networks) also provides the same basic idea.

I can't su because the root password has been changed by the other
(defending) team -- this is a lab project.

Any other ideas?

> I can't su because the root password has been changed by the other
> (defending) team -- this is a lab project.
>
> Any other ideas?

ok, so when you ftp in do '!' and change the owner of the file or change the
file permissions so that scp can read it.

In comp.os.linux.networking c3dy8911r <(E-Mail Removed)> wrote:
> I can't su because the root password has been changed by the other
> (defending) team -- this is a lab project.
>
> Any other ideas?

Why do you need to su? Just copy whatever it is, or change its perms if
it belongs to you.

Peter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQBBsH7C+gVZmutkHqERAnaXAKCXUSJQE3erayUVMVZ18E 6+aenxKACgkOmy
NlZLhZgUV9ZcDR5o3GqvhOU=
=SpOO
-----END PGP SIGNATURE-----

/dev/null wrote:

>> I can't su because the root password has been changed by the other
>> (defending) team -- this is a lab project.
>>
>> Any other ideas?
>
> ok, so when you ftp in do '!' and change the owner of the file or change
> the file permissions so that scp can read it.

Hmmm... On my system ! sends me to a shell on the local host, not the host
to which I have ftp'd. I can't seem to find anything in the RFC about
accessing a shell on the target host, either.

Could you give more information on this?

There is a limited set of shell-like commands available to FTP, though.
(cf. RFC 959).

Jon.

-- * Does the walker choose the path, or does the path choose the walker?
(fr. Sabriel) * --