hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
Gurou
Aug 8 2004, 12:49 PM
* All Serv-u Versions have default Login/password for local Administration.
* This account is only available to connect in the loopback interface, so a
* local user will be able to connect to Serv-u with this account and create
* an ftp user with execute rights. after the user is created, just connect
* to the ftp server and execute a raw "SITE EXEC" command. the program will
* be execute with SYSTEM privileges.

http://www.k-otik.com/exploits/08082004.ServuLocal.c.php

biggrin.gif
Tyrano
Aug 8 2004, 01:04 PM
ohmy.gif
Ecko
Aug 8 2004, 01:22 PM
hm just local exploit....thx 4 posting
Imps2
Aug 8 2004, 03:26 PM
[QUOTE] hm just local exploit[QUOTE]


If u have a remote shell u work local too


Greetz Imps2
Icarus
Aug 8 2004, 03:35 PM
mmm ok

i meditate to change my local ftp server

tnx for info
ssj4conejo
Aug 13 2004, 01:59 AM
privelege escalation exploits are the most adventerous, dont know why ppl complain so much about them, get up from the compy and go out into the real world and audit computers in your local library, school, net cafe's etc. its up to you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.