Uh oh. Looks like your using an ad blocker.
Our site is support by ads that help to pay our hosting costs. Please disable or whitelist us within your ad blocker to help us keep the site online.
All money generate by ads and donations is used to pay the hosting costs of the site, for more information about our income and expenses please see our donation page.
Ladies and Gentlemen, men and women, guys and gals, and anyone in between, welcome to another fine article by oxeh.
I have submitted a total of one article and with this one 2 articles to HBH. Well that should be good. Heh, okay, well enough blabbering about my accomplishments and let me teach you how to use an old vulnerability in websites that uses a FTP client called WS_FTP. The vulnerability has been patched in later versions of the famous FTP client.
The vunlerability in the previous versions of WS_FTP, saved the username (unencrypted) and the password (encrypted) on the server that the user was logged onto.
The file is called WS_FTP.ini, as you have read above that the username is unencrypted and the password is encrypted. But WS_FTP was dumb enough not to use a famous encryption-algrothim such as MD5 so they used their own (I'm assuming).
Example of such a file:
HOST= ftp.***.com UID=master PWD=V29BEA5A170EE544D8F2D7CEA802A182BA76A387266A14799AEA53D73B0AE LOCDIR= G:\\***\\Download DIR=\"/\" PASVMODE=0
Now, within the file above you have known that 'UID' means 'User ID' (which is the username of the target) and PWD stands for password of the target. But our goal is to find vulnerable servers and then crack their passwords and logonto their FTP.
Yes, you heard me, a decoder. There is a way to 'decrypt' / 'decode' the PWD line. Now, you have to copy the whole encrypted password including at its beggining the (PWD=).
Here is a such a decoder: http://lab.artlung.com/ws_ftp_password_decoder/
Pretty cool eh?
Finding vulnerable servers
Now, you wouldn't be choosing a sphosticated target because this vulnerability is pretty old, and you wont be going around on every single website you know and try to find the file.
Here is where a hacker's best friend barges in, Google. Yes, Google itself. Open up google.com, and we'll be using three query types:
Now, there are a few pages Google brought up, some targets on the first page might have changed their passwords so go on to the next pages of the results and try finding which target is still vulnerable, using the same password as his FTP and hasn't changes it since and do whatever you want.
This document has been written for educational purposes on HellBoundHackers (HBH) and you cannot copy, redustribute, edit or claim this document is yours.
Copyright 2005 - 2006 ~ oxeh