Type packetstorm
Reporter Netherpunk
Modified 1999-08-17T00:00:00


                                            `Hacking WS FTP.INI  
` ``````````````````````````````````````````````````````` `  
` ` ` `  
` ` ` `  
` ` ` `   
` ` ` `  
` ` ` `  
` ` * ***** *********** ` `  
` ` * * * * * ` `  
` ` * * * * * ` `  
` ` ******* ***** * ` `  
` ` * * * * * ` `  
` ` * * * * * ` `  
` ` * * * * * * *********** * ` `   
` ` ` `   
` ` http://4n4rchy.hypermart.net ` `   
` ` ` `  
` ` ` `  
` ` ` `  
` ` ` `  
` ``````````````````````````````````````````````````````` `  
by, Netherpunk, Anarchist Rampage Inc.  
I pretty much stumbled onto this bug by myself. Others have probably found it before me, so  
I'll let you decide. I actually rewted a few web servers with this thing, so it can be pretty  
usefull if you know what you are looking for.  
First, most everything that has password options in windows gives you the option to save your  
password, usually by checking a check box labeled "save password". Now, being a windows expert  
myself, I could say that windows or the program will cache this password in some file very   
lightly encrypted. Now this is not only stupid, but it is also a security risk if your   
computer is accessable over any network. Never ever save your passwords anywhere. Memorise   
them in your head. And also never use the same password for everything.  
Now that we know Ws Ftp has the "save password" option, you will want to know where the password  
is located. You guessed by the title of the text didn't you? WS_FTP.INI is the file that   
stores the ftp sessions that are both default and user defined in Ws Ftp. Now when you open   
WS_FTP.INI, you will find normail default settings. Here is an example of the default session to  
[Smithsonian Images]  
Now let us view an example of an ftp session to a sample host with a cached password.  
Notice the encypted password? Thats what we want to see.   
Now that you know what you are looking for, where do you get it and what do you do with it.   
Well, as for finding WS_FTP.INI, that is up to you. Some morons upload every file including   
WS_FTP.INI to their site. You can also try computers in cyber cafes as well. Now, some might  
do things the hard way and try to decrypt the password in some *nix platform. There are c   
scripts that do this for .INI files. But what if you are on windows? Get Ws Ftp first of all.  
Than copy the session from the victim's .INI and paste it in your own .INI file. Then open  
Ws Ftp and connect. That's pretty simple, far to easy for most. Have fun.  
This is a big security risk due simply to Ipswitch's lack of effort as far as security is   
concerned. Ws Ftp or any FTP program for that matter, can be a big security risk for those who  
aren't conscious about it. The bottom line is, never save your passwords. Cached password   
files use weak encryption, and in some cases like that of WS_FTP.INI, anyone can use the cached  
FTP session.  
Happy Hacking!`