Bugtraq mailing list archives

Re: gftp - ms ftp debug mode

From: viktor () PARNU EE (Valentin)
Date: Sun, 12 Sep 1999 11:02:54 +0300


Hello!
Here is a test i did on my rh 6.0 (ftp server is patched ;) :

[[root@localhost /root]# ftp
ftp> debug
Debuggin on (debug=1).
ftp> open localhost
220 localhost FTP server (Version wu-2.5.0(1) Fri Sep 03 14:41:20 EEST 1999)
ready.
Name (localhost:root): toor
---> USER toor
331 Password required for toor.
Password:
---> PASS XXXX
220 User toor logged in.
...

Now look at this:

[[root@localhost /root]# ftp
ftp> debug
Debuggin on (debug=1).
ftp> open localhost
220 localhost FTP server (Version wu-2.5.0(1) Fri Sep 03 14:41:20 EEST 1999)
ready.
Name (localhost:root):
---> USER root
331 Password required for root.
Password:
---> PASS XXXX
530 Login incorrect.
Login failed.
---> SYST
530 Please login with USER and PASS.
ftp> quote user toor
---> user toor
ftp> quote pass root
---> pass root  <--- (HAHA Here is the password)
230 User toor logged in.
ftp> .....

Valentin

Current thread:

Re: Root shell vixie cron exploit, (continued)
- - Re: Root shell vixie cron exploit Christos Zoulas (Sep 03)
  - [security-officer () FreeBSD ORG: FreeBSD-SA-99:01: BSD File Flags and Programming Techniques] Patrick Oonk (Sep 03)
  - Re: Root shell vixie cron exploit Valentin Nechayev (Sep 04)
  - gftp Oscar Haeger (Sep 05)
    - Re: gftp - ms ftp debug mode Bencsath Boldizsar (Sep 08)
    - fixing all buffer overflows --- random magin numbers Dr. Joel M. Hoffman (Sep 11)
    - Re: fixing all buffer overflows --- random magin numbers Peter van Dijk (Sep 12)
    - Re: fixing all buffer overflows --- random magin numbers Eric Hutchinson (Sep 12)
    - Re: fixing all buffer overflows --- random magin numbers Daniel W. Dulitz x108 (Sep 13)
    - Enterprise Overflow Daniel Kerr (Sep 11)
    - Re: gftp - ms ftp debug mode Valentin (Sep 12)
    - Re: gftp - ms ftp debug mode Max Vision (Sep 12)
    - Linux 2.2.12 mini-audit Solar Designer (Sep 13)
    - Vulnerability in dtaction Job de Haas (Sep 13)
    - Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug UNYUN (Sep 12)
    - Accept overflow on Netscape Enterprise Server 3.6 SP2 Nobuo Miwa (Sep 12)
  - COM and Windows 2000 Mnemonix (Sep 05)
    - Re: COM and Windows 2000 thomasz () HOSTMASTER ORG (Sep 12)