RTSblue

Ok i got into a ftp server

36 posts in this topic

so youre trying to break into someone elses server?

its my friend server. We made a bet that if i got in his server and downloaded a file from his server and showed the file to him he gives me $50.

0

Share this post


Link to post
Share on other sites

Where da s'ploits at?

Not here.

Also most things sent over FTP are in plain text. </hint>

0

Share this post


Link to post
Share on other sites

Where da s'ploits at?

Not here.

Also most things sent over FTP are in plain text. </hint>

what the heck you just said? did you mean exploit?

0

Share this post


Link to post
Share on other sites

Getting a username/pass prompt doesn't usually count as getting in :lol:

EDIT:

So I'm not just making a smartass comment. Finding which ftp server would be a start.

Edited by 2ece57080d9545702d51cf1394b94142
0

Share this post


Link to post
Share on other sites

Pm me the server, ill do it and split the money with you.

:)

Edited by neCo
0

Share this post


Link to post
Share on other sites

can any one help me?

The means to do what you want to do are widely available through simple searches not only on this forum but on others and through search engines. Hacking is about research not about being given solutions.

0

Share this post


Link to post
Share on other sites

can any one help me?

The means to do what you want to do are widely available through simple searches not only on this forum but on others and through search engines. Hacking is about research not about being given solutions.

I agree...

If it's truly a friends ftp server then you know what he's running... and the list of search terms has just narrowed down very much...

It'll be more satisfying if you do it yourself... trust me... you'll feel robbed if someone does it for you.

0

Share this post


Link to post
Share on other sites

can any one help me?

Aside from exploiting server vulnerabilities, or bruteforcing through the basic user/pass combos (you know "god" "sex" "love" "hate"), or attacking the box through something other than the FTP server, there's no way to get in.

So unless your friend uses a simple user/pass combo (admin/admin, etc.), or uses one of the few servers for which there are documented exploits; or perhaps uses an unpatched Windows box which is not protected by a firewall; or even an unpatched and vulnerable PHP blog/whatnot; you've lost that bet.

Might want to start counting those bucks soon, and consider not placing bets with people on your "hacking abilities" when the day before you didn't even know how to get a web server's IP address.

0

Share this post


Link to post
Share on other sites

What are the rules on this little game? How loud can you be? If he catches you breaking in does it void the bet? Is there a time limit? Are you only allowed to attack the FTP server or can you be tricky and install a keylogger on his machine? Little more detail if you want help... :devil:

0

Share this post


Link to post
Share on other sites

Ok first of all i know how to find a server ip address. (netstat -n). I used namp and found a couple of ports open which are 21, 25, 53, imap, abyss, 80 and 4000. He uses windows xp. I know the ip of the server. I used nslookup to find the f*cking host name. I used metasploit to run an exploit in the machine but i dont if it worked. I uesd windows/ftp/ftpd/free_user something like that with a reverse shell. I used brutus to try and find the user and pass and gave me a false user or pass. I used cain to try and sniff the f*cking packets idk why i did that. I send a email through smpt or whatever you call it to try and spoof it to make believe the co owner of the server forgot the password lol.

0

Share this post


Link to post
Share on other sites

Ok first of all i know how to find a server ip address. (netstat -n). I used namp and found a couple of ports open which are 21, 25, 53, imap, abyss, 80 and 4000. He uses windows xp. I know the ip of the server. I used nslookup to find the f*cking host name. I used metasploit to run an exploit in the machine but i dont if it worked. I uesd windows/ftp/ftpd/free_user something like that with a reverse shell. I used brutus to try and find the user and pass and gave me a false user or pass. I used cain to try and sniff the f*cking packets idk why i did that. I send a email through smpt or whatever you call it to try and spoof it to make believe the co owner of the server forgot the password lol.

Don't get your panties all in a twist. There's no need for swearing here. And it's not going to make people want to help you more.

If he's not using your network, nor is anyone that's using the FTP server, sniffing passwords with Cain is about as useful as fishing in a desert. For metasploit: what did you try to exploit? Metasploit tends to be useless in pretty much all but the most exceptional of circumstances. It's a great delivery tool for web-launched exploits... but there are few that do exist.

Phishing: yeah, tends not to work. I think the fact that he'd be sending it back to a personal email address would tip him off. And the fact that well... the whole idea is not exactly the most credible on Earth. (What if someone pretending to be your ISP emailed you to say they lost the password to your email address?)

I'd be more interested in the web server he runs, and what's on it.

0

Share this post


Link to post
Share on other sites

he runs a server with files of mp3 and movies. He also host a web site.

Well, if you sent him an email pretending to forget the password from someone else's account, when he replies to it telling them the password, uh, how are you going to get it? And just wondering why the admin would believe he forgot his password if he was able to login to send the admin his email?

Just a thought.

Edited by Venom
0

Share this post


Link to post
Share on other sites

Don't try phising, waste of time.

------

You could likely pull-off a better (more thorough) scan, something like:

nmap -P0 -O -sV -p 21,25,53,80,4000,etc his.ip.goes.here

Interesting ports on his.ip.goes.here:

PORT STATE SERVICE VERSION

21/tcp open ftp jabzor.ftpserver 1.023alpha <-- look for the version info

25/tcp filtered smtp

53/tcp filtered domain

80/tcp closed http

4000/tcp filtered remoteanything

Running: Microsoft Windows 2003/.NET|NT/2K/XP

OS details: Microsoft Windows 2003 Server or XP SP2, Microsoft Windows 2000 SP3

You have a ton of doors with potentially broken locks if none at-all .. :roll::unsure:

.... there is nothing to say you can't go in through a window and install your own lock in his front door (say by creating your own account on his ftp-server) from the inside.

Not sure what you are getting all freaked out about?

$50? umm.. chumpchange

'Friends' 'respect'? - why?.. you don't know how to get in. :huh:

Think things out a bit, match the server versions with known exploits and hop aboard the skiddie-train to leetsville. :wacko:

NOTE:

Nmap will rarely help you with regards to any scripts or modules running over a specific service (be it an exploitable sfv-checker on the ftp, php/perl/etc on the http, a spamfilter/dns-spoof-resolver/log-bot on the mailserve, etc) - nmap just tells you the port is open and possibly the server-info, it's up to another program (or you) to figure out what's running on said server.

Edited by jabzor
0

Share this post


Link to post
Share on other sites

Okay, based on what I've read so far I think that you should try to SE your way to the $50.

No, not by phishing or anything like that; I'm thinking more along the lines of Physical Security.

If you can get to the physical machine, you own the information inside.

0

Share this post


Link to post
Share on other sites

Don't try phising, waste of time.

------

You could likely pull-off a better (more thorough) scan, something like:

nmap -P0 -O -sV -p 21,25,53,80,4000,etc his.ip.goes.here

Interesting ports on his.ip.goes.here:

PORT STATE SERVICE VERSION

21/tcp open ftp jabzor.ftpserver 1.023alpha <-- look for the version info

25/tcp filtered smtp

53/tcp filtered domain

80/tcp closed http

4000/tcp filtered remoteanything

Running: Microsoft Windows 2003/.NET|NT/2K/XP

OS details: Microsoft Windows 2003 Server or XP SP2, Microsoft Windows 2000 SP3

You have a ton of doors with potentially broken locks if none at-all .. :roll::unsure:

.... there is nothing to say you can't go in through a window and install your own lock in his front door (say by creating your own account on his ftp-server) from the inside.

Not sure what you are getting all freaked out about?

$50? umm.. chumpchange

'Friends' 'respect'? - why?.. you don't know how to get in. :huh:

Think things out a bit, match the server versions with known exploits and hop aboard the skiddie-train to leetsville. :wacko:

NOTE:

Nmap will rarely help you with regards to any scripts or modules running over a specific service (be it an exploitable sfv-checker on the ftp, php/perl/etc on the http, a spamfilter/dns-spoof-resolver/log-bot on the mailserve, etc) - nmap just tells you the port is open and possibly the server-info, it's up to another program (or you) to figure out what's running on said server.

ok i just tried that and i got this error failed to fill info template (subjectlen: 1755)

Don't try phising, waste of time.

------

You could likely pull-off a better (more thorough) scan, something like:

nmap -P0 -O -sV -p 21,25,53,80,4000,etc his.ip.goes.here

Interesting ports on his.ip.goes.here:

PORT STATE SERVICE VERSION

21/tcp open ftp jabzor.ftpserver 1.023alpha <-- look for the version info

25/tcp filtered smtp

53/tcp filtered domain

80/tcp closed http

4000/tcp filtered remoteanything

Running: Microsoft Windows 2003/.NET|NT/2K/XP

OS details: Microsoft Windows 2003 Server or XP SP2, Microsoft Windows 2000 SP3

You have a ton of doors with potentially broken locks if none at-all .. :roll::unsure:

.... there is nothing to say you can't go in through a window and install your own lock in his front door (say by creating your own account on his ftp-server) from the inside.

Not sure what you are getting all freaked out about?

$50? umm.. chumpchange

'Friends' 'respect'? - why?.. you don't know how to get in. :huh:

Think things out a bit, match the server versions with known exploits and hop aboard the skiddie-train to leetsville. :wacko:

NOTE:

Nmap will rarely help you with regards to any scripts or modules running over a specific service (be it an exploitable sfv-checker on the ftp, php/perl/etc on the http, a spamfilter/dns-spoof-resolver/log-bot on the mailserve, etc) - nmap just tells you the port is open and possibly the server-info, it's up to another program (or you) to figure out what's running on said server.

ok i just tried that and i got this error failed to fill info template (subjectlen: 1755)

Ok i got new information. Port 21 is open with the service ftp and version proftpd 1.3.0. Port 80 is open with service http, and version apache httpd 2.0.54. Port 4000 is open with service http and version webmin httpd.

0

Share this post


Link to post
Share on other sites

I suspect he is referring to the exploit code on milw0rm. It is a Metasploit module, as evidenced by the first line of the page. It does look kinda intimidating if you are not used to code, but if you want to learn then get used to it. I still find large amounts of code kinda scary, but it won't stop me reading through to try to work out what it does. You can learn quite a bit that way. I advise you to at least read the comments of things like that, it saves time waiting for somebody to read them to you.

0

Share this post


Link to post
Share on other sites

http://www.milw0rm.com/exploits/2856

ProFTPD 1.3.0 stack overflow

You might actually need a valid user/pass wouldn't know skimmed the code.

http://securitydot.net/search/exploits/vul...4+exploits.html

apache 2.0.54 exploits

etc..

Google?

wtf is that

:glare:

See, this is exactly why you shouldn't have made that bet.

Look, I don't mean to be elitist/snobby in any way, but I mean it says it right on the page:

# vd_proftpd.pm - Metasploit module for ProFTPD stack overflow

...and then it goes into paragraphs explaining what it is. Not understanding the paragraphs and asking us about them is one thing. That's okay. But if you're not even going to bother clicking the link and reading the page before you ask "wtf" it is, then please stop posting and wasting our communal time. And for the record, the exploit wouldn't of been of use anyways, because you need to have logged into the FTP server for this to work.

0

Share this post


Link to post
Share on other sites

And for the record, the exploit wouldn't of been of use anyways, because you need to have logged into the FTP server for this to work.

Good to know.

"Seal, reading for jabzor since dec15th" - saves me the trouble :D

Edited by jabzor
0

Share this post


Link to post
Share on other sites

And for the record, the exploit wouldn't of been of use anyways, because you need to have logged into the FTP server for this to work.

Good to know.

"Seal, reading for jabzor since dec15th" - saves me the trouble :D

"Seal, losing patience since dec15th... 1985." :P

0

Share this post


Link to post
Share on other sites

http://www.milw0rm.com/exploits/2856

ProFTPD 1.3.0 stack overflow

You might actually need a valid user/pass wouldn't know skimmed the code.

http://securitydot.net/search/exploits/vul...4+exploits.html

apache 2.0.54 exploits

etc..

Google?

wtf is that

:glare:

See, this is exactly why you shouldn't have made that bet.

Look, I don't mean to be elitist/snobby in any way, but I mean it says it right on the page:

# vd_proftpd.pm - Metasploit module for ProFTPD stack overflow

...and then it goes into paragraphs explaining what it is. Not understanding the paragraphs and asking us about them is one thing. That's okay. But if you're not even going to bother clicking the link and reading the page before you ask "wtf" it is, then please stop posting and wasting our communal time. And for the record, the exploit wouldn't of been of use anyways, because you need to have logged into the FTP server for this to work.

Noooooooooooo really i read that i dont know to to run that program or script.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now