0

I'm a Software Engineer, but I have no experience in security, so i'm trying to learn by doing (woot Experiential learning!).

I know that the permission settings on the tmp folder are very relaxed. If I have an IP address of a server/computer can i ssh into the tmp folder without requiring the password of the server/computer?

  • Are there any good resources people could recommend? Everyone has told me to check out the most popular book on penetration testing, etc; (which I'm open to) but I'm looking into other areas as well!
ECE
  • 117
  • 1

2 Answers2

8

No, you can't. You can't ssh to folders, only to accounts. You might be able to mount the /tmp folder on another machine without a password if the server is running NFS or Samba and has fairly relaxed permissions.

Mike Scott
  • 10,118
  • 1
  • 27
  • 35
1

/tmp will be one of the first folders an attacker will try to write files to after finding a security hole in your server configuration or (web) application.

A good way to harden your server can be to offload /tmp to a dedicated partition and mount it as non-executeable. Though this only will work if you are not runnign any (bad) software that needs to execute stuff in the /tmp folder (I saw this with IBM Websphere patches for example).

Good ressources would be everything around: pentesting, metasploit, offensive security, msf unleashed, pauldotcom security weekly, and loads more free resources you can find on the web. If you start with these or other sites you will quickly get the hang of it and find more useful resources via google.

Sebastian B.
  • 571
  • 3
  • 7