Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 29
Guests Online: 28
Members Online: 1

Registered Members: 82826
Newest Member: Jakob
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Page 1 of 2 1 2 >
Author

FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 13:15
Looking for direction on research as to hacking into a server to edit website files. Right now I am researching how to do it via FTP. Thanks,

WhiteCell

Edited by on 14-10-08 13:16
Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 13:57
whitecell wrote:
Looking for direction on research as to hacking into a server to edit website files. Right now I am researching how to do it via FTP. Thanks,

WhiteCell


Via FTP? I suppose you could try a brute force or dictionary attack, or find out if there are any vulnerabilities in the FTP server that the server is running (e.g. buffer overflows, etc.)


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 13:59
I just came back to ask if ftp brute forcing is a good idea...I'll check it out some more.

And the ftp client is 220 ProFTPD 1.3.1 Server, so anybody know of any good vulnerabilities for it?

WhiteCell
Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-08 14:33
whitecell wrote:
I just came back to ask if ftp brute forcing is a good idea...I'll check it out some more.

Bruteforcing is rarely a good idea. You'd be better off with a targeted attack based upon information you know about the target... often, web admins will choose a username and password that has some sort of connection to a personal or professional interest (even as simple as being directly related to the site content). Too often, they also make these usernames and passwords very simple: numbers for letters in obvious words, etc.


And the ftp client is 220 ProFTPD 1.3.1 Server, so anybody know of any good vulnerabilities for it?

I'm pretty sure no one is going to be able to recollect any from memory. There's no point in remembering something that you will: (1) Rarely use and, (2) Find easily enough via a sensible Google search. Do #2, then post back with any issues you encounter as a result.


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 06:35
I found,

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."

I am not sure what to make of this...

Also, Is there a time period I should be looking for, such as no vulnerabilities before two months ago because they are patched earlier than that?

WhiteCell

Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 08:54
whitecell wrote:
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."


Well as far as I know, if you just cause a DoS attack on it then you will not be able to edit the website files in any form as the FTP will be overloaded.

However I might be wrong. You should check it out.


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 10:15
I will check it out more,

but from what your saying sounds like it would be the opposite of what I'm attempting to do...edit the ftp files.
Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 10:47
Yeah. Generally when you DoS attack a server or something it generally goes offline and is inactive to users therefor you wouldn't be able to connect to the ftp to gain access anyway. However, as I said, I'm not too sure so check it out if I were you.




Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 12:07
whitecell wrote:
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."

I am not sure what to make of this...

Well, two things:

1. They provided a source example of a working exploit.
2. You don't have the knowledge to understand the exploit.

DarkMantis, see the underline above.


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 12:31
Oh yeah. Well as I said I wasnt sure. But Thanks for pointing that out for me.Smile


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 13:34
W.W.Z.D...

What Would Zephyr Do - in this situation of wanting to edit some ftp files?
Author

RE: FTP

K3174N 420
Member



Posts: 296
Location: In a grow room, growing cannabis.
Joined: 14.09.08
Rank:
Hacker Level 1
Warn Level: 69
Posted on 15-10-08 13:37
whitecell wrote:
W.W.Z.D...

What Would Zephyr Do - in this situation of wanting to edit some ftp files?


probibly by doing it....
instead of posting a thread asking how...


Thanks Yours31f!
img114.imageshack.us/img114/1497/keiran420cy2.jpg
Make poverty history... Cheaper drugs now! - Frank gallagher
[small][center]Einstein climbs to the top of Mt. Sinai to get close enough to talk to God.
Looking up, he asks the Lord...
"God, what does a million years mean to you?"
The Lord replies, "A minute."
"Einstein asks, "And what does a million pounds mean to you?"
The Lord replies, "A penny."
Einste
http://keiran420.ueuo.com/
Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 14:43
whitecell wrote:
W.W.Z.D...

What Would Zephyr Do - in this situation of wanting to edit some ftp files?

Flattery never works with me. Anyways, you have a working exploit... learn about the type of attack being used (stack-based overflow) and pick apart the exploit code, endeavoring to understand what it is actually doing. Then, apply it to your dilemma. This should always be your goal when seeking to exploit a known vulnerability; if you don't understand the concepts involved, you won't learn anything and you will tagged as a "script kiddie".

K3174N 420 wrote:
probibly by doing it....
instead of posting a thread asking how...

How wonderfully vague and unhelpful. If someone knew how to do it, they would do it and not post a thread; that's a blatantly obvious fact. People post threads because they need help / guidance. If you're not going to help / provide guidance, don't post.


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 15:08
i find wikipedia very usefully when asking questions. maybe this will help you

http://en.wikipedia.org/wiki/Buffer_overflow#Stack-based_exploitation

this should prove very useful if you understand it if you don't pick it apart and ask questions

http://www.milw0rm.com/exploits/2856

good luck


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 06:43
Thanks Zephyr, and midget.

To be honest I have a pretty healthy fear stopping me of attempting to do this because of my lack of knowledge. And I really do not want to be labeled as a script kiddie though it may be inevitable at first...But really my goal is knowledge and working against my own comps and servers, and if a defacement takes place (highly unlikely) don't worry about me coming back to brag about it.

Again thanks, direction is always appreciated.

And being a lowly newb, is worrying about FTP attacks a harder thing to do or should I worry about even simpler attacks that can do the same thing?

Edited by on 16-10-08 06:56
Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 07:19
whitecell wrote:
And being a lowly newb, is worrying about FTP attacks a harder thing to do or should I worry about even simpler attacks that can do the same thing?


You have endless possibilities of points of intrusion including but not excluding......

FTP (File Transfer Protocol)
POP3 (Post Office Protocol)
SMTP (Simple Mail Transfer Protocol)
Telnet (Telecommunication Network)
SSH or OpenSSH (get to know PuTTY, its great!)

Just those alone have multiple, multiple ways of exploitation (the services behind them that is). In my opinion those are more "difficult" to exploit than web page hacking lol. You should really learn about web/web page hacking before getting into the finer arts of exploitation. Please though do not let my comment deter you from learning all you can about exploitation. Exploitation is probably my favorite aspect of computers and the internet(work).


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 08:18
No it has not thank you I am constantly looking for direction suited for my amount of experience.
Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 12:42
whitecell wrote:
To be honest I have a pretty healthy fear stopping me of attempting to do this because of my lack of knowledge. And I really do not want to be labeled as a script kiddie though it may be inevitable at first...

That should motivate you, not make you afraid. Take a few steps back to put it all in perspective, then tackle your goals in small steps. It's never inevitable to be a script kiddie... It's a choice. Make the right one.


And being a lowly newb, is worrying about FTP attacks a harder thing to do or should I worry about even simpler attacks that can do the same thing?

If you're the owner of the site, then don't worry about FTP... just make a good pass, split off permissions, and keep your server up-to-date (if it's under your control). If you're looking for a quick and easy alternative to exploiting FTP, good luck. It's got to be more difficult to exploit other services on a server (if they're even exposed in some way).

The alternatives are also well outside the range of your knowledge. Start with this simple one using the FTP, then work your way up.


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 14:23
Zephyr_Pure wrote:

whitecell wrote:
To be honest I have a pretty healthy fear stopping me of attempting to do this because of my lack of knowledge. And I really do not want to be labeled as a script kiddie though it may be inevitable at first...

That should motivate you, not make you afraid. Take a few steps back to put it all in perspective, then tackle your goals in small steps. It's never inevitable to be a script kiddie... It's a choice. Make the right one.


I agree completely!


Author

RE: FTP


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 14:31
Thanks for the encouragement I will just keep learning until my goals become simplicity.

skath gave me this list:

FTP (File Transfer Protocol)
POP3 (Post Office Protocol)
SMTP (Simple Mail Transfer Protocol)
Telnet (Telecommunication Network)
SSH or OpenSSH (get to know PuTTY, its great!)

how would you arrange these based on difficulty? And if so inclined could you add to the list?
Page 1 of 2 1 2 >