Re: GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability
On 30 Apr 2007 11:10:51 -0000, crazy_king@xxxxxxxx <crazy_king@xxxxxxxx> wrote:
By Cr@zy_King
crazy_king@xxxxxxxx
Biyosecurity.Net & Expw0rm.Com
Thanks : Liz0 & DarkXBoyZ & Eno7 & ApAci & Uyuss & Crackers_Child & Th3_43k1R &
Xoron & Ajannn
Portal : GHH
Hi there,
GHH is a honeypot, not a portal, and it is meant to expose this
information. The file passwd.txt is actually a PHP script which
generates a random password.
http://ghh.sourceforge.net/introduction.php describes briefly how GHH works.
cheers,
Jamie
--
Jamie Riden, CISSP / jamesr@xxxxxxxxxx / jamie@xxxxxxxxxxxxxxx
UK Honeynet Project: http://www.ukhoneynet.org/