April 28, 2014
This attack usually occurs after the attacker has been able to read the contents of the /etc/passwd file and has enumerated the server’s users. The attacker then runs a script which blindly builds symbolic links (a bit like shortcuts on Windows or Aliases on a Mac) to locations where configuration files for commonly used CMS […]