Nostromo

This is a web server that allows for serving up user's home directories. From the man pages:

HOMEDIRS
     To serve the home directories of your users via HTTP, enable the homedirs
     option by defining the path in where the home directories are stored,
     normally /home.  To access a users home directory enter a ~ in the URL
     followed by the home directory name like in this example:

           http://www.nazgul.ch/~hacki/

     The content of the home directory is handled exactly the same way as a
     directory in your document root.  If some users don't want that their
     home directory can be accessed via HTTP, they shall remove the world
     readable flag on their home directory and a caller will receive a 403
     Forbidden response.  Also, if basic authentication is enabled, a user can
     create an .htaccess file in his home directory and a caller will need to
     authenticate.

     You can restrict the access within the home directories to a single sub
     directory by defining it via the homedirs_public option.

If a user carelessly shares their home directory, you may be able to get sensitive information such as their ssh keys.

To access a user's directory:

<URL>/~/<USERNAME>

If you can access the .htaccess file for Nostromo, you can potentially get the passwords associated with users' home directories if they are password protected.

Config File Locations

Possible places to search for config files for sensitive information:

/var/nostromo/conf

john hash.lst --show
?:Nowonly4me

1 password hash cracked, 0 left

PreviousApache NextServices

Last updated 3 years ago

Was this helpful?

Nostromo

This is a web server that allows for serving up user's home directories. From the man pages:

HOMEDIRS
     To serve the home directories of your users via HTTP, enable the homedirs
     option by defining the path in where the home directories are stored,
     normally /home.  To access a users home directory enter a ~ in the URL
     followed by the home directory name like in this example:

           http://www.nazgul.ch/~hacki/

     The content of the home directory is handled exactly the same way as a
     directory in your document root.  If some users don't want that their
     home directory can be accessed via HTTP, they shall remove the world
     readable flag on their home directory and a caller will receive a 403
     Forbidden response.  Also, if basic authentication is enabled, a user can
     create an .htaccess file in his home directory and a caller will need to
     authenticate.

     You can restrict the access within the home directories to a single sub
     directory by defining it via the homedirs_public option.

If a user carelessly shares their home directory, you may be able to get sensitive information such as their ssh keys.

To access a user's directory:

<URL>/~/<USERNAME>

If you can access the .htaccess file for Nostromo, you can potentially get the passwords associated with users' home directories if they are password protected.

Config File Locations

Possible places to search for config files for sensitive information:

/var/nostromo/conf

john hash.lst --show
?:Nowonly4me

1 password hash cracked, 0 left

PreviousApache NextServices

Last updated 3 years ago

Was this helpful?