Gene6 FTP Server provided the right method-vulnerability warning-the black bar safety net

2009-10-01T00:00:00
ID MYHACK58:62200924874
Type myhack58
Reporter 佚名
Modified 2009-10-01T00:00:00

Description

by:Xiaohua Gene6 FTP Server this FTP software is easy to use,than the SU of security much higher. His default management port is 8 0 2 1,allow only the local computer is connected. The external computer even if you do get to manage the account you can't log in. This is our SU like,SU's management port is 4 3 9 5 8. Gene6 FTP Server account configuration file in:C:\Program Files\Gene6 FTP Server\RemoteAdmin\Remote. ini; If not, please manually find. The specific no nonsense. [Server] IP=127.0.0.1,8 0 2 1\r\n This is the local management IP and default management port,the port can be modified. GrantAllAccessToLocalHost=0 [Acct=Administrator] administrative account Enabled=1 Rights=0 Password=202CB962AC59075B964B07152D234B70 management account's password to the MD5 encrypted string [Acct=1 2 4] This is the General account,Note Acct=1 2 4 this account is not 1 2 4,but 2 4;1 2 4 1 represents the first account. Enabled=1 Password=C8FFE9A587B126F152ED3D89A146B445 MD5 encrypted string,you can go to crack the password in clear text. Domain= RootFolder= Rights=0 IPAccessList= We obtain the management password how to login on the go management? We can use HTRAN port forwarding function,the default management port is forwarded to the other port, And then make the connection. Our local prior is also mounted a Gene6 FTP Server software. And then configure the. Create a new remote FTP management ! The HOST where the input you want to provide the right IP PORT enter your port forwarding tool forwarding port, The USERNAME and PASSWORD input Gene6 FTP Server account configuration file in the crack account and password information,note that passwords are MD5 encrypted. Must be entered in plaintext. Not surprisingly we can connect up. We can create a regular account. I'm here to build a named msnhack password for the manhack account and then choose a good management of the directory,and then we in the permissions configuration where the configured permissions. Can all be selected on the.. ! This also can not mention the right. Here to our most core step. 1. Write A can execute the command in the batch file,and uploaded to the target host. @echo off net user hack hack /add net localgroup administrators hack /add 2. Then in SITE COMMANDS that place and then be configured. ! The COMMAND then type your command name. I wrote HACK DESCRIPTTION this is to write a description. Here just what you write can the. EXECUTE here enter your BAT command to execute the file path. That is, you just upload that file path. Point OK. Now we see our local account case. ! Only two accounts. Now we login to the FTP for provide the right to operate. Input to the right command "quote site hack" ! 2 0 0 the Command executed command executed successfully. We look at the plus Account No. ! Has been one HACK of account,permissions to manage permissions. Elevated privileges has been successful.