ID SECURITYVULNS:DOC:5427 Type securityvulns Reporter Securityvulns Modified 2003-11-20T00:00:00
Description
YAK! 2.1.0 still vulnerable
for file transfer yak uses ftp mode. Yak!
listens on port 3535 for file transfer in ftp mode.
vulnerability in the previous version was, they
were using constant username and pass
combination for ftp login.
2.1.0 version seems to overcome the constant
pass problem. but still it is using constant username.
USER : y049575046
i tested with 2 pcs ... and got varing pass for
each of them.
PASS : 24151.0y0495 ----> pc 1
PASS : 24251.0y0505 ----> pc 2
the passwords seem to maintain a special pattern still.
TO FIND PASSWORD
it's just as easy as sniffing with a sniffer.
personally i prefer ethereal.
set filter as the following :
src host 192.168.0.151 && (dst port 3535)
where the <src host> is ur own pc. now sending the victim any file will make ethereal capture
the packets. decoding the packets as FTP will show the username / password combination in
cleartext.
{"id": "SECURITYVULNS:DOC:5427", "bulletinFamily": "software", "title": "YAK! 2.1.0 still vulnerable", "description": "\r\n\r\nYAK! 2.1.0 still vulnerable\r\n===========================\r\n\r\nfor file transfer yak uses ftp mode. Yak!\r\nlistens on port 3535 for file transfer in ftp mode.\r\n\r\nvulnerability in the previous version was, they\r\nwere using constant username and pass\r\ncombination for ftp login.\r\n\r\n2.1.0 version seems to overcome the constant\r\npass problem. but still it is using constant username.\r\n\r\nUSER : y049575046\r\n\r\ni tested with 2 pcs ... and got varing pass for\r\neach of them. \r\n\r\nPASS : 24151.0y0495 ----> pc 1\r\nPASS : 24251.0y0505 ----> pc 2\r\n\r\nthe passwords seem to maintain a special pattern still.\r\n\r\n\r\nTO FIND PASSWORD\r\n----------------\r\n\r\nit's just as easy as sniffing with a sniffer.\r\n\r\npersonally i prefer ethereal.\r\n\r\nset filter as the following :\r\n\r\nsrc host 192.168.0.151 && (dst port 3535)\r\n\r\nwhere the <src host> is ur own pc. now sending the victim any file will make ethereal capture\r\nthe packets. decoding the packets as FTP will show the username / password combination in\r\ncleartext.", "published": "2003-11-20T00:00:00", "modified": "2003-11-20T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5427", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:08", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 3.5, "vector": "NONE", "modified": "2018-08-31T11:10:08", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:08", "rev": 2}, "vulnersScore": 3.5}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-03-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **194[.]226.98.16** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **4**.\n First seen: 2020-05-14T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 56384: (First IP 194.226.98.0, Last IP 194.226.99.255).\nASN Name \"PURSATCOMAS\" and Organisation \"\".\nASN hosts 1 domains.\nGEO IP information: City \"\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-05-14T00:00:00", "id": "RST:E730E959-5427-354F-BF26-D6D9479055BB", "href": "", "published": "2021-03-06T00:00:00", "title": "RST Threat feed. IOC: 194.226.98.16", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **webprofile33211[.]me** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:CFF0BF39-5427-35C0-86F2-50E6039CDEBC", "href": "", "published": "2021-03-06T00:00:00", "title": "RST Threat feed. IOC: webprofile33211.me", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://117[.]202.70.224:34779/bin.sh** in [RST Threat Feed](https://rstcloud.net/profeed) with score **48**.\n First seen: 2021-02-20T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-20T00:00:00", "id": "RST:1EA5F142-5427-3DD4-946D-FD749079A8C7", "href": "", "published": "2021-03-06T00:00:00", "title": "RST Threat feed. IOC: http://117.202.70.224:34779/bin.sh", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **www[.]jimmyplusbro.com.ng** in [RST Threat Feed](https://rstcloud.net/profeed) with score **27**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **malware**.\nDomain has DNS A records: 23[.]202.231.167,23.217.138.108\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:29FAED4C-5427-3AE1-8B52-CB1606B8A329", "href": "", "published": "2021-03-04T00:00:00", "title": "RST Threat feed. IOC: www.jimmyplusbro.com.ng", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **www[.]sov.lightninghash.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:BB12F388-5427-3C07-846F-661A729E919F", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: www.sov.lightninghash.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 hostmaster.masari.net** in [RST Threat Feed](https://rstcloud.net/profeed) with score **48**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 143[.]95.251.89\nWhois:\n Created: 2011-11-18 13:09:00, \n Registrar: ENOM INC, \n Registrant: REDACTED FOR PRIVACY.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:82DCD7DE-5427-3F6A-B616-9C8716550335", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 hostmaster.masari.net", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-20T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **190[.]198.100.14** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2021-02-14T03:00:00, Last seen: 2021-02-20T03:00:00.\n IOC tags: **shellprobe**.\nASN 8048: (First IP 190.198.0.0, Last IP 190.198.255.255).\nASN Name \"CANTV\" and Organisation \"Servicios Venezuela\".\nASN hosts 7564 domains.\nGEO IP information: City \"Valencia\", Country \"Venezuela\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-14T00:00:00", "id": "RST:029438F9-5427-3EC4-9BF8-7A9B80269D0E", "href": "", "published": "2021-02-21T00:00:00", "title": "RST Threat feed. IOC: 190.198.100.14", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **62[.]173.148.196** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **42**.\n First seen: 2021-02-08T03:00:00, Last seen: 2021-02-16T03:00:00.\n IOC tags: **shellprobe**.\nASN 34300: (First IP 62.173.128.0, Last IP 62.173.159.255).\nASN Name \"SPACENETAS\" and Organisation \"Internet Service Provider\".\nASN hosts 5427 domains.\nGEO IP information: City \"Moscow\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-08T00:00:00", "id": "RST:2C43ACE9-30C0-346B-BAEF-93AAFF3E0658", "href": "", "published": "2021-02-17T00:00:00", "title": "RST Threat feed. IOC: 62.173.148.196", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-14T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **hellkite[.]us** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-14T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:2DF7BEEE-5427-3737-8D80-3B7490D85221", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: hellkite.us", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-14T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **ewr94[.]neoplus.adsl.tpnet.pl** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-14T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:217D322A-5427-3455-96B9-61B503EEF67B", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: ewr94.neoplus.adsl.tpnet.pl", "type": "rst", "cvss": {}}]}
