In SERVU FTP mention the right vulnerability everyone familiar,I will not speak of these vulnerabilities,because we all know how to use,servu provide the right tools a lot,will not be described. Here just introduce the servu local solutions:
These three methods may not be reliable,the need for multi-study.
This article is about how to put saved in the registry for the password read out!! Because now the virtual hosts are afraid of the serv-u local privilege escalation vulnerabilities,so,they are a lot of administrators are the passwords stored in the registry inside
In the webshell that,execute the command:
regedit /e "C:\Documents and Settings\All Users\Documents\system. ini" "HKEY_LOCAL_MACHINE\SOFTWARE\cat soft\serv-u\" It will put the registry in the serv-u account password all export to C:\Documents and Settings\All Users\Documents\system. ini this file inside,of course, the premise is:C:\Documents and Settings\All Users\Documents\ this folder is writable,if not write the words,their Exchange one can write to the directory. Then download the system. ini file
Open a look,the password are in clear text! Oh temporarily to here,the following free to play!!