Get cuteftp of ssh password-vulnerability warning-the black bar safety net

ID MYHACK58:62200715478
Type myhack58
Reporter 佚名
Modified 2007-05-17T00:00:00


Yesterday to take to an administrator of the machine, the analysis above him the file in the Application Data directory to find the cuteftp dat file, and quickly. import into cuteftp get the password, the above is all within the network ip of the ftp connection, the network is a large network domain, may be by password to get more machines. The external network also has a ftp connection, using the ssh connection, and has encrypted. Then want to get to the password is important, because within the network and outside the network is a linux machine and a ssh password through putty, even it's free to play. Previous flashxp connected tools, the directory where the files lower down, and then in the local open, by an asterisk the viewer can obtain the plaintext password, proved this trick in cuteftp to get less than a plaintext password. It seems to only capture the acquisition, and to bypass the ssh encryption, simply take it to the ftp connection, called a colleague on his machine to add on a internal network ip,open up a Sniffer, I also add an internal network ip, directly connected to the past, caught password. cuteftp connected to the external network, the ip also directly to the ip instead of the internal network, and then connect the same to catch up. !