lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <f40148bbd037edb1fcc930ace31571ce@www.ashrae.be>
Date: Mon, 13 Jul 2009 14:47:53 +0200
From: "tom@...rae.be" <tom@...rae.be>
To: <full-disclosure@...ts.grok.org.uk>
Subject: [ TOOL ] winftprecon - Windows FTP SITE STATS
	poller for enumeration purposes

winftprecon is a tool to poll a Windows FTP service for the output of the SITE
STATS command. The SITE STATS command gives out statistics on the FTP service
which can be used for simple statistics purposes but also for remote
enumeration of the FTP service for attack and penetration purposes.  For
example, when were uploads/downloads performed?  When do most users log on to
the service e.g. when would it hurt the target to perform a DoS attack?  Do the
IP ID values of the target increment and does this correspond with major file
uploads or downloads?  Can you hijack or break the high ports of the host while
these transfers are in progress?  The advantages of having this kind of
information has been demonstrated during several talks emphasizing the
importance of enumeration and fingerprinting of a remote target.  One of them
being the "Tactical Exploitation Talk" at Defcon two years ago: 
http://www.metasploit.org/data/confs/blackhat2007/tactical_blackhat2007.pdf
(slide 34 gives an example on what can be extracted and visualized with
winftprecon)

In general, the output of the SITE STATS command if supported and enabled
consists of a list of FTP commands that were issued towards the FTP service and
how many times in the form of a number. The information is automatically saved
in CSV format or a sqlite3 database as dataset for statistics and
enumeration of the ftp service to obtain valuable information towards
attack/assessment planning.   

Downloadable at http://www.ashrae.be/tom/tools/winftprecon0.9.tgz or
PacketStorm Security


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ