hmmmm I see. It does look like an exploit could you do a screen capture and post the bitmap image? That way we could all see what you're seeing.
Printable View
hmmmm I see. It does look like an exploit could you do a screen capture and post the bitmap image? That way we could all see what you're seeing.
Ok this is what I can see.
excuse me if I hide the domain name.
Should I aware the sys admin?:D :confused:
Quote:
I just wonder what this mean: ftp:// mail.somewhere.com
is it a security hole? or something else...
may be it is a newbie question or something lame
hmm i wonder why no one answered dis question.. hehe but what da heck.. for da record ill answer it..
FTP is short for File Transfer Protocol... its basically self explainatory..
ftp gives u access to a certain directory depending on what rights u are logged on and from there... you can transfer files, add, delete, copy, modify.. as if it was in your own box.. but like i said.. it all depends on what rights u are logged on.
most annonymous login in ftp have full access just to ONE folder.. and only "Read Only" access on the other folders... or even "No Access" at all.. which in some cases u wont see the folder or even if u see it.. u cant open it.
LOL! It looks like an exploit? That's hilarious... He has readonly access to apparently only one directory, and it's an exploit?Quote:
Originally posted by antihaxor
hmmmm I see. It does look like an exploit could you do a screen capture and post the bitmap image? That way we could all see what you're seeing.
Guys guys guys, just because a server has the address mail.mydomain.com doesn't mean it absolutely MUST be a mail server...
I've seen instances where things like www.mydomain.com, mail.mydomain.com, ftp.mydomain.com, irc.mydomain.com, etc., all point to the same ip address.
Take www.dal.net for example. You could use the following services with the target host of www.dal.net:
FTP
SSH
TELNET
SMTP
WWW
POP3
IMAP
IRC
And quite possibly a few others... That means you could issue the command ftp://www.dal.net/ and it would work. There's no exploit there. I would suggest reading up on how DNS resolving works before panicking.
If I were you, unless you actually found a whole (ie: write access to any dir), I wouldn't bother the sysadmin about it.
ADDENDUM: It might be worth letting the sysadmin know, given the names of those files (assuming that wasn't just a crafted image).
Ok CHSh,
did I say that I am going to bother the sysadmin?
I didn't see anything here which is sign of bothering!
by the way , we all are here just for discussing the points, not for claming that we are good guys.
or nobody is here to telling others that : hey my sun , u shouldn't bother your friends, be a good one ok? "
Yes but no one knew what he had access to UNTIL he posted the bitmap. You are right though.Quote:
Originally posted by chsh
LOL! It looks like an exploit? That's hilarious... He has readonly access to apparently only one directory, and it's an exploit?
Ok guys, I guess that I should describe more.
we all know that a domain eg. somewhere.com has an IP like 127.0.0.1
and also we all know that www.somewher.com, ftp.somewhere.co, .....
have all the same ip, but different ports.
I just wonder that how it could be possible for me to log on mail server by port 21 or
how it is possible to run ftp command on mail server (ftp://mail.somewhere.com)
this is the point!
it is not important if I have write acsses or read acsses to the files
Quote:
Ok guys, I guess that I should describe more.
we all know that a domain eg. somewhere.com has an IP like 127.0.0.1
and also we all know that www.somewher.com, ftp.somewhere.co, .....
have all the same ip, but different ports.
I just wonder that how it could be possible for me to log on mail server by port 21 or
how it is possible to run ftp command on mail server (ftp://mail.somewhere.com)
this is the point!
it is not important if I have write acsses or read acsses to the files
Ok, I thought I explained this earlier. There is nothing that states that you MUST run a mail server on mail.somewhere.com.
A mail server is simply a piece of software that listens on a specific port (usually 25 and 110/143). An ftp server is nothing more than software that listens on a specific port as well. Nothing prevents you from running any number of different pieces of server software on your server.
What I'm trying to say is that simply because mail.somewhere.com contains the prefix 'mail', that doesn't mean that it MUST be a mail server.
You're also wrong when you say:
The address ftp.somewhere.com does NOT DENOTE A PORT. It only refers to an IP. Perhaps this is where your thought process has you confused.Quote:
and also we all know that www.somewher.com, ftp.somewhere.co, .....
have all the same ip, but different ports.
I'll give you a brief run-down on what happens:
When you open your web browser and go to http://mail.somewhere.com,
Your web browser creates an outbound TCP connection to mail.somewhere.com:80.
When you open your web browser and go to
ftp://mail.somewhere.com, your browser opens a connection to mail.somewhere.com:21.
When you open your email client, and try to send an email using mail.somewhere.com as your outgoing email server, your email client opens a connection to mail.somewhere.com:25.
When you open your email client and try to read email using mail.somewhere.com as your POP3 or IMAP server, then your email software opens a connection to mail.somewhere.com:110 (POP3), or mail.somewhere.com:143 (IMAP).
So you see, the subdomain naming conventions don't really matter at all, they're just there to give you an indication of the primary role of the server.
Sorry for coming off a bit short. Rough day spent with an NT box trying to be the little computer that could and handle a load it probably wasn't designed for. ;)Quote:
Originally posted by antihaxor
Yes but no one knew what he had access to UNTIL he posted the bitmap. You are right though.
what u mean by:Quote:
Originally posted by chsh
Ok, I thought I explained this earlier. There is nothing that states that you MUST run a mail server on mail.somewhere.com.
A mail server is simply a piece of software that listens on a specific port (usually 25 and 110/143). An ftp server is nothing more than software that listens on a specific port as well. Nothing prevents you from running any number of different pieces of server software on your server.
What I'm trying to say is that simply because mail.somewhere.com contains the prefix 'mail', that doesn't mean that it MUST be a mail server.
You're also wrong when you say:
The address ftp.somewhere.com does NOT DENOTE A PORT. It only refers to an IP. Perhaps this is where your thought process has you confused.
I'll give you a brief run-down on what happens:
When you open your web browser and go to http://mail.somewhere.com,
Your web browser creates an outbound TCP connection to mail.somewhere.com:80.
When you open your web browser and go to
ftp://mail.somewhere.com, your browser opens a connection to mail.somewhere.com:21.
When you open your email client, and try to send an email using mail.somewhere.com as your outgoing email server, your email client opens a connection to mail.somewhere.com:25.
When you open your email client and try to read email using mail.somewhere.com as your POP3 or IMAP server, then your email software opens a connection to mail.somewhere.com:110 (POP3), or mail.somewhere.com:143 (IMAP).
So you see, the subdomain naming conventions don't really matter at all, they're just there to give you an indication of the primary role of the server.
""""""""""""""""""""""""
You're also wrong when you say:
The address ftp.somewhere.com does NOT DENOTE A PORT. It only refers to an IP. Perhaps this is where your thought process has you confused.
"""""""""""""""""""""""""
I am wrong?!!!!!!!!!!
this is what u have said in thae previous page! u can go and see or I have pasted your previous reply here. see
I've seen instances where things like www.mydomain.com, mail.mydomain.com, ftp.mydomain.com, irc.mydomain.com, etc., all point to the same ip address
also test with a DNS lookup