Hacking and more...
HaCkinG CulT
Lista Forumurilor Pe Tematici
Hacking and more... | Reguli | Inregistrare | Login

POZE HACKING AND MORE...

Nu sunteti logat.
Nou pe simpatie:
Elena01 pe Simpatie
Femeie
19 ani
Braila
cauta Barbat
19 - 31 ani
Hacking and more... / n00bs / Ftp hacking Moderat de Shocker
Autor
Mesaj Pagini: 1
big chuck
A firewall

Din: Inside the band
Inregistrat: acum 18 ani
Postari: 589
The FTP Tutorial ------------------------

What Is FTP and What Is It Good For?
------------------------------------
The word FTP (see footnote 1 below) stands for File Transfer Protocol(1).
FTP servers will let you to both download (retrieve a file from the server) and upload (send a file to the server) files from the server with great ease (if you have permission to do so).
You browse through a remote FTP site the same way you browse through your own computer's files and directories (of course, you don't have read and/or write access to every file on the system, and some files you can't even see).

FTP Commands
------------
The following are several basic FTP commands. To communicate with FTP daemons(7), connect to port(2) 21 and then use the following commands (see footnote 2 below) to communicate with the FTP server:
cd      change directory (on the server)
lcd     change local directory (when sending a file, the path(4) of the specified file will be the path you specify on lcd)
dir,ls  directory listing
binary  change mode to binary transfer
get     retrieve a file
mget    retrieve many files
put     send a file
mput    send many files
pwd     print working directory on the server

Footnotes
+++++++++
1. For thousands of computer-related acronyms and abbreviations head to blacksun.box.sk and download the file called acros.txt from the projects page.
2. If you don't feel like typing stupid commands, there are lots of FTP clients(5) who will do all the work for you, but fortunately some will still show you all the commands they use so you'll be able to learn new commands.
You can download FTP clients for every Operating System from TUCOWS. Simply go to the nearest TUCOWS mirror site(3) or go directly to.

FTP Hacking
-----------
Since there are so many FTP holes for so many FTP server programs and so many Operating Systems, I decided that the best way it simply to explain to you how to find information about security holes by yourself.
I will also introduce several interesting FTP security holes near the end of this section.
To find FTP exploits, try searching the following websites (or join the BugTraq mailing list at):
CERT (Computer Emergency Response Team) -
X-Force Search (simplest) -
Packet Storm - packetstorm.genocide2600.com
BugTraq Archives -
Fyodor's Exploit World -
Spikeman's Denial Of Service Website (for DoS(9) attacks against FTP servers) -
RootShell -
Slashdot -
Data -
(Please report all dead links to .il)

Note: one might think that the above sites are considered illegal, since they feature explanations about security holes and how to exploit them.
Well, screw one. These things are called "advisories" and they allow you to find holes on your own PC and fix them. Whether you use this information to secure yourself or hack others is your own choice. It's the difference between legitimate and illegal.

After you get to one of the following search sites (I recommend the BugTraq Archives) search for the keywords you want.
For example: you find out(5) that your target is using this OS with this FTP server and this Webserver program etc'. Try combining all of those pieces of information and I'm sure you'll find the holes that fit you the most.
You can also try searching holes on your own computer.
Speaking about holes, we will explain about many security holes on the upcoming Sendmail tutorial (see blacksun.box.sk).
Now, for several selected FTP holes.

Selected FTP Holes
******************
The following FTP holes aren't new or extraordinary or incredibly fantastic or anything of that sort of matter. They're just good for learning.
I picked some interesting FTP holes and written a small explanation about them just to get the newbies started.
Note: the sites I got these from aren't "evil hacking sites". These explanations are called advisories and they are meant to be used by people who want to fix bugs on their systems. Whether you use them for that purpose or others is none of our business.

1) Some FTP daemons allows a premature PASV command, which can cause some FTP daemons to crash with a core dump(9). FTP core dumps can be used to salvage encrypted passwords, bypassing any shadow password scheme.
It is not known exactly which servers are immune to this and which are not, and the only workaround right now is to get a newer FTP server program.
Also see for a DoS(9) attack against BisonWare FTP Server 3.5 similar to this hole.

2) FTP Bounce Attack (too long, see (From BugTraq))

3) Local bug in FTP Daemon (too long, see (From BugTraq))

4) (Quotes in partfrom BugTraq) Impact: Anybody from outside can shutdown your pc ftp server. And if u are under win3.1 the system will crash.
Program: WinQVT/NET
Version: All versions.. 16 and 32 bits
Solution.. dont use it or upgrade
Exploit: Just Send a OOB (Out of Band) to port 21,
Exploit for dummies: Take any winnuke, start it, and when u find a "139" change it to "21" instead.
OK, I know this is stupid....... :P. But maybe somebody will need it.. who knows...
Note: A patched version of NT 4.0 isn't vulnerable to this running MS's FTP server.  I haven't had a chance to test an unpatched server, but IIRC, I did check the FTP port when the OOB problem was first reported and it didn't cause a crash.
I would suspect that this could be a DOS/Win problem in general, and might not be specific to the WinQVT package.

I hope this helped you learn how to find holes. There will be much more examples in the Sendmail tutorial.

The Stupid Bug Corner
---------------------
I found this on an "elite" website made by a bunch of "elite" "hackers".
They said that in order to "hack an FTP" you need to connect to it and send the following commands:
quote user ftp
quote cwd ~root
quote pass ftp
Basically, what the so-called hacker is trying to do here is to enter a username to get into the system, change the user to root(7) and then enter a password for the username.
This only works on VERY badly-configured FTP servers (the author mentioned that "this doesn't work on every FTP server". Well, I've got news for you - this doesn't work. Period. Unless you're talking about some 5 years old boy who just got a computer and clicked on some buttons and accidently set up an FTP server).

Appendix A: the SYST command
----------------------------
Entering the SYST command while connected to an FTP server often reveals valuable information on a system, such as the OS, which version and information about the FTP server.
Get access to an FTP server somehow (by using a username and a password you know or by using anonymous login - login: anonymous password: . You could also enter someone else's Email address, the server doesn't actually verifies the address you send or anything) and then type the SYST command.

Newbies Corner
--------------
1. Protocol - a set of rules and regulations, similar to a language. When two computers know the same protocol, they can use it to communicate with each other.

2. Port - (for the more technical explanation of what ports are, see the end of this explanation) ports are like holes that enable things (data, in this case) to come in or out of them.
There are physical ports and software ports on your computer. Physical ports are those slots on the back of your computer, your monitor etc'. Now, software ports are used when connecting to other computers.
For example: I just bought a new computer and I want to turn it into a webserver (I want to enable people to access selecetd web pages, pictures, cgi and java scripts or applets, programs etc' that are located on my computer). In order for that to happen, I need to install a webserver software.
The webserver software opens a port on my computer and names it port 80. Then it listens to incoming connections on that port.
When someone starts his Internet browser (Netscape, Lynx, Microsoft Explorer etc') and surfs to my website, his browser connects to my computer on port 80 and then sends HTTP commands that my webserver program can understand into it.
My webserver program quickly picks up the incoming data and then sends it back into a port that the surfer's browser opened on the surfer's computer. The browser will listen on that port and wait for the data (the HTML page, the picture, the program etc') to come in through it.
There are different ports for different services (we'll get to that) so data won't mix up. Imagine your browser getting data your FTP client was supposed to get.
I hope you got the main idea of what a port is.
Now, there are three kinds of ports: well-known ports, registered ports and dynamic/private ports.
The well known ports are those from 0 through 1023. These are default ports for several services (a webserver is a service because it listens for connections from remote computers and then sends something back). For example: the default port for webservers is 80. Else, how would your browser know which port he has to access?
Now, the registered ports are those from 1024 through 49151. These ports are reserved for several programs. For example: ICQ ) reserves a port and listens to incoming messages on it.
The dynamic and/or private ports are those from 49152 through 65535, and can be used by anyone for any given purpose.

"Techy Explanation" - To grant simultaneous access to the TCP module, TCP provides a user interface called a port.
Ports are used by the kernel to identify network processes. These are strictly transport layer entities (that is to say that IP could care less about them).
Together with an IP address, a TCP port provides provides an endpoint for network communications.
In fact, at any given moment *all* Internet connections can be described by 4 numbers: the source IP address and source port and the destination IP address and destination port.
Servers are bound to 'well-known' ports so that they may be located on a standard port on different systems.
For example, the telnet daemon sits on TCP port 23, the FTP daemon sits on TCP port 21, the rlogin daemon sits on TCP port 513 etc'.

Important note about well-known ports: services (daemons waiting for incoming connections that serve people in some way) on these ports can be only ran by root, so inferior users won't start messing up with important ports.

3. Mirror site - a website which is an exact copy of the original website which is hosted by a different server.
Mirror sites can be used to speed up downloads/uploads. For example: instead of downloading/uploading from/to the main tucows webserver, located somewhere distantly from my home, I can simply do it from one of their Israeli mirrors (mirror site located in Israel, my country) and that way the downloads/uploads would go faster.

4. Path - UNIX example: if a file is located at /etc/passwd, the file's path would be /etc.
          DOS/Windows example: if a file is located at c:windowswin.exe, the file's path would be c:windows.
There are two kinds of paths: a complete path and a relative path.
          Complete path on DOS/Windows: if the file is located on c:program filesquickview plus then this is the file's complete path.
          Complete path on UNIX: if the file is located at /usr/local/sbin then this is the file's complete path.
          Relative path on DOS/Windows: if the current directory (the directory you are on at the moment) is c:windows and the target file is located at c:windowstemp then the relative path to this file is temp.
          Relative path on UNIX: if the current directory is /usr/nobody and the file is located at /usr/nobody/public_html/cgi-bin then the file's relative path is public_html/cgi-bin.

5. Client / Server programs - A client program is a program that uses a resource offered by another program/computer.
A server program is a program that supplies resources to client programs.
Example: Client=Netscape Navigator. Server=Apache version 1.6.6 (a webserver, meaning a program that lets people who use Internet browsers to download specific web pages, pictures, files etc' from the computer it is installed on).

6. How to find out information about remote hosts - the best way to find out information is too look at daemon(6) banners. Daemon banners are small pieces of information some daemons return when connected to in order for the remote machine (the one connecting to the daemon) to know how to interact with them better.
Try connecting to port 80 (webserver) and sending some commands like get and then looking at the banner. You may also try Sendmail (see next tutorial) on port 25, Telnet on port 23, FTP on port 21 or whatever you can come up with.

7. Daemon - a program that listens for incoming connections from remote machines on a specified port(2) and interacts with them.

8. Root - also referred as superuser, because his permissions are endless. His UID (User ID number, an identification number and user on a UNIX system has) and GID (Group ID. You can create groups and give them several permissions. For example: everyone from the accounting department can read and execute all the files on this directory, etc') are always 0 (except on very altered boxes).
Once you are root, you can do practically anything on a system.
Core Dump - when a program crashes it dumps all the core (all the info it handles that isn't saved on disk, meaning all of the program's stuff that are on the RAM chip) into a temporary file.

9. DoS - Denial of Service. A nuke in dummies language. Some kind of an attack that causes the target computer to deny some/all kinds of services to the users of that computer (including remote users).
For example: Winnuke (also known as OOB), the simplest DoS in the world.
(Taken from Spikeman's DoS site) This denial of service program affects Windows clients by sending an "Out of Band" exception message to port 139, which does not know how to handle it. This is a standard listening port on Windows operating systems. Users of Win 3.11, Win95, and
Win NT are vulnerable to this attack. This program is basically a nuisance program, but it is being widely circulated over the internet now. It has become a bother in chatrooms and on IRC. By using your IP# and sending OOB data to port 139, malicious users can disconnect you from
the net, often leaving you with low resources and the blue tinted screen. Some of you may have been victims already. If this happens to you on Win 95, you will see a Windows fatal error message similar to the following:
Fatal exception 0E at 0028: in VxD MSTCP(01) + 000041AE.
This was called from 0028: in VxD NDIS(01) + 00000D7C.
Rebooting the comp should return it to normal state.

Patches ("fixes" For WinNuke (OOB)
-=-=-=-=-=-=-=-=-=-=-=-
Additional Information on WinNuke
Windows 95 Patches (for Winsock 2.0*)
Please read notes referring to 95 patches before installing.
Which version of Winsock do you have on your Windows 95 PC?
Windows NT 4.0 Patch
Please read notes referring to Windows NT patches before installing.


_______________________________________
The answer is not in the box,the answer is in the band

pus acum 18 ani
   
epic
User

Inregistrat: acum 18 ani
Postari: 1896
interesting...it works only if there`s a anonymous account?

_______________________________________
:< 4 8 15 16 23 42 *execute*
TOATA LUMEA ESTE INVITATA PE NOUL FORUM!

pus acum 18 ani
   
Predator
Little Kevin

Din: NoWhere
Inregistrat: acum 17 ani
Postari: 99
pff . pre mult wa . mai scurteaza . mi se strika compu de la atata sris )

_______________________________________


pus acum 17 ani
   
BlueWonder
Senior

Din: Mirage Town
Inregistrat: acum 17 ani
Postari: 112
tu esti idiot? tutorialu ala a fost postat chiar...pe data de azi....da cu un an in urma 

_______________________________________
The question remains unanswered...Who can save the humanity from itself?



pus acum 17 ani
   
Imperfect
Little Kevin

Inregistrat: acum 17 ani
Postari: 57

BlueWonder a scris:

tu esti idiot? tutorialu ala a fost postat chiar...pe data de azi....da cu un an in urma 

De ce trebuie voi sa aduceti insulte la toti care zic cate ceva ?


_______________________________________
Imperfect-><-TE4L & epic[TE4L , stiu ca ai ceva cu mine, da dai si tu mai usor ]


pus acum 17 ani
   
RockWilder
Elite Member

Din: Real World!
Inregistrat: acum 17 ani
Postari: 894
BlueWonder, astept sa iti ceri scuze!

_______________________________________
Only those who attempt the absurd will achieve the impossible. (M C Escher)

pus acum 17 ani
   
BlueWonder
Senior

Din: Mirage Town
Inregistrat: acum 17 ani
Postari: 112
mda... eu cand am facut cate un offtopic mi sa sarit in cap... dar in fine... 

srry...chiar daca nu mias cere 


_______________________________________
The question remains unanswered...Who can save the humanity from itself?



pus acum 17 ani
   
RockWilder
Elite Member

Din: Real World!
Inregistrat: acum 17 ani
Postari: 894
BlueWonder, in momentul de fata nu esti in masura sa judeci pe ceilalti useri chiar daca nu respecta regulile, asta e treaba moderatorilor.
Incearca sa retii ce ti-am spus  .


_______________________________________
Only those who attempt the absurd will achieve the impossible. (M C Escher)

pus acum 17 ani
   
Pagini: 1  

Mergi la