[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031119170239.1358.qmail@sf-www2-symnsj.securityfocus.com>
Date: 19 Nov 2003 17:02:39 -0000
From: bil <bil_912@...lgoose.com>
To: bugtraq@...urityfocus.com
Subject: YAK! 2.1.0 still vulnerable
YAK! 2.1.0 still vulnerable
===========================
for file transfer yak uses ftp mode. Yak!
listens on port 3535 for file transfer in ftp mode.
vulnerability in the previous version was, they
were using constant username and pass
combination for ftp login.
2.1.0 version seems to overcome the constant
pass problem. but still it is using constant username.
USER : y049575046
i tested with 2 pcs ... and got varing pass for
each of them.
PASS : 24151.0y0495 ----> pc 1
PASS : 24251.0y0505 ----> pc 2
the passwords seem to maintain a special pattern still.
TO FIND PASSWORD
----------------
it's just as easy as sniffing with a sniffer.
personally i prefer ethereal.
set filter as the following :
src host 192.168.0.151 && (dst port 3535)
where the <src host> is ur own pc. now sending the victim any file will make ethereal capture the packets. decoding the packets as FTP will show the username / password combination in cleartext.
Powered by blists - more mailing lists