anonymous ftp

I found a site that allows anonymous ftp logins, so I started googling and trying to find article's/docs on exploiting this and I found a few, but all they talked about were password files. So could anyone provide me with an article or some hints on what could be done to get root/admin. Thanks

What type of box is it?

And also, we aren't automated robot exploiters which you can use on demand, try to ask for answers, not services.

Note that Anonymous FTP doesn't mean that the server is insecure.

All you need to do to get in is:

1. Enumerate
2. Exploit.

With the information you're giving, that's all I can suggest.

spyware wrote: What type of box is it?

And also, we aren't automated robot exploiters which you can use on demand, try to ask for answers, not services.

I didn't ask you for a "service" dick munch.

Thanks for the response netfish.

Please do some research on your own first. Clearly you lack ANY understanding about the basics of what you want to attempt. Ask detailed questions, not for how-to's.

"so I started googling and trying to find article's/docs on exploiting this" Wtf does that look like?

a-hack wrote: "so I started googling and trying to find article's/docs on exploiting this" Wtf does that look like?

Hey, you don't give us much to work with here. If google doesn't find it how are we supposed to guess what you mean/want?

stop bitching and get sraight to the point and google doesnt index every page on the internet and doesnt hold all knowledge especially not about hacking since there are 0-days and such things

turbocharged_06 wrote: stop bitching and get sraight to the point and google doesnt index every page on the internet and doesnt hold all knowledge especially not about hacking since there are 0-days and such things

True, but he's asking for a basic thing. In order to do something with it, we need more information which he hasn't given yet. Without information I cannot help him.

It would help if you tell us what OS the box is running, what you can/cannot access with the anonymous login etc.

google doesnt index every page on the internet and doesnt hold all knowledge especially not about hacking since there are 0-days and such things

@TurboCharged: Oh, you infidel, you! Repent … http://www.thechurchofgoogle.org/Scripture/Proof_Google_Is_God.html

You have broken every single commandment, did you not know that:

1. Thou shalt have no other Search Engine before me, neither Yahoo nor Lycos, AltaVista nor Metacrawler. Thou shalt worship only me, and come to Google only for answers.

2. Thou shalt not build thy own commercial-free Search Engine, for I am a jealous Engine, bringing law suits and plagues against the fathers of the children unto the third and fourth generations.

3. Thou shalt not use Google as a verb to mean the use of any lesser Search Engine.

4. Thou shalt remember each passing day and use thy time as an opportunity to gain knowledge of the unknown.

5. Thou shalt honor thy fellow humans, regardless of gender, sexual orientation or race, for each has invaluable experience and knowledge to contribute toward humankind.

6. Thou shalt not misspell whilst praying to me.

7. Thou shalt not hotlink.

8. Thou shalt not plagiarise or take undue credit for other's work.

9. Thou shalt not use reciprocal links nor link farms, for I am a vengeful but fair engine and will diminish thy PageRank. The Google Dance shall cometh.

10. Thou shalt not manipulate Search Results. Search Engine Optimization is but the work of Microsoft.

lol (this is not meant to be taken seriously, n00bs, so relax).

Thanks spyware/netfish, it's running unix solaris, i've just heard that anonymous ftp is really dangerous, but no one ever explains why. I was just wondering if anyone knows of any good docs explaining the dangers of anonymous ftp.

You heard it was dangerous for someone to exploit ftp anonymously? Or did you hear that it was dangerous for the owner of the box.

I'm not really all that familiar with ftp stuff, but like netfish said, it's basically enumeration and then exploitation, but when asking for help in any situation, you should try to include as much information as possible. :)

honestly, anonymous ftp isn't really dangerous at all. 99.999% of the time anonymous ftp is enabled, you can't do anything anyways (i.e. upload/download).

sToRm_seveN wrote: honestly, anonymous ftp isn't really dangerous at all. 99.999% of the time anonymous ftp is enabled, you can't do anything anyways (i.e. upload/download).

true that.

Ok just an update: I found that the login for the ftp server is user:ftp pass: root and I logged in but I still can't upload/download so I don't know what the fuck is going on, but thanks for all of the help.

a-hack wrote: Ok just an update: I found that the login for the ftp server is user:ftp pass: root and I logged in but I still can't upload/download so I don't know what the fuck is going on, but thanks for all of the help.

It's probably a decoy account… honestly, I wouldn't expect anyone to leave a privileged account with credentials THAT weak. I'm not saying it doesn't happen, but it's not likely.

I'd keep hunting around for other FTP accounts.