Lucene search
K

hack_wsftp.txt

🗓️ 17 Aug 1999 00:00:00Reported by NetherpunkType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 40 Views

Hacking WS FTP.INI reveals risks of saving passwords and their locations in the WS_FTP.INI file.

Code
`Hacking WS FTP.INI  
------------------  
  
  
```````````````````````````````````````````````````````````  
` ``````````````````````````````````````````````````````` `  
` ` ` `  
` ` ` `  
` ` ` `   
` ` ` `  
` ` ` `  
` ` * ***** *********** ` `  
` ` * * * * * ` `  
` ` * * * * * ` `  
` ` ******* ***** * ` `  
` ` * * * * * ` `  
` ` * * * * * ` `  
` ` * * * * * * *********** * ` `   
` ` ` `   
` ` http://4n4rchy.hypermart.net ` `   
` ` ` `  
` ` ` `  
` ` ` `  
` ` ` `  
` ``````````````````````````````````````````````````````` `  
```````````````````````````````````````````````````````````  
by, Netherpunk, Anarchist Rampage Inc.  
  
  
  
I pretty much stumbled onto this bug by myself. Others have probably found it before me, so  
I'll let you decide. I actually rewted a few web servers with this thing, so it can be pretty  
usefull if you know what you are looking for.  
  
First, most everything that has password options in windows gives you the option to save your  
password, usually by checking a check box labeled "save password". Now, being a windows expert  
myself, I could say that windows or the program will cache this password in some file very   
lightly encrypted. Now this is not only stupid, but it is also a security risk if your   
computer is accessable over any network. Never ever save your passwords anywhere. Memorise   
them in your head. And also never use the same password for everything.  
  
Now that we know Ws Ftp has the "save password" option, you will want to know where the password  
is located. You guessed by the title of the text didn't you? WS_FTP.INI is the file that   
stores the ftp sessions that are both default and user defined in Ws Ftp. Now when you open   
WS_FTP.INI, you will find normail default settings. Here is an example of the default session to  
winsite.com.  
  
[WinSite]  
HOST=ftp.winsite.com  
UID=anonymous  
[Smithsonian Images]  
HOST=photo1.si.edu  
UID=anonymous  
DIR="/images/gif89a/"  
  
Now let us view an example of an ftp session to a sample host with a cached password.  
  
[Primehost]  
HOST=sampleftp.host.com  
UID=admin  
PWD=VE0496D09AC505584A460E9F9B1ABCD9F79A4AB9E9B  
PASVMODE=1  
TIMEOFFSET=0  
LOCDIR=\  
rdir0="/"  
rdir1="/Backups"  
rdir2="/Website"  
rdir3="/Website/Common"  
ldir0=C:\  
  
Notice the encypted password? Thats what we want to see.   
  
Now that you know what you are looking for, where do you get it and what do you do with it.   
Well, as for finding WS_FTP.INI, that is up to you. Some morons upload every file including   
WS_FTP.INI to their site. You can also try computers in cyber cafes as well. Now, some might  
do things the hard way and try to decrypt the password in some *nix platform. There are c   
scripts that do this for .INI files. But what if you are on windows? Get Ws Ftp first of all.  
Than copy the session from the victim's .INI and paste it in your own .INI file. Then open  
Ws Ftp and connect. That's pretty simple, far to easy for most. Have fun.  
  
This is a big security risk due simply to Ipswitch's lack of effort as far as security is   
concerned. Ws Ftp or any FTP program for that matter, can be a big security risk for those who  
aren't conscious about it. The bottom line is, never save your passwords. Cached password   
files use weak encryption, and in some cases like that of WS_FTP.INI, anyone can use the cached  
FTP session.  
  
Happy Hacking!`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
40