Tutoriais
Invasão por FTP By ThorKing
Muita gente pergunta que quer invadir por FTP aviso logo que por Força bruta de 100% sua chances são 1% e olhe lá!
Uma maneira mais facil seria o uso de exploits atacando diretamente o software de ftp ( CesarFtP, TinyFTPD, etc..) ,a dificuldade maior seria saber qual software o site ou servidor ta usando existem 2 ferramentas simples eficazes nmap e netcat (atraves de captura de banner na porta 21)
nmap
Em seguida caçar o exploit apropriado o site http://www.milw0rm.com/search.php é excelente
segue abaixo alguma coletanias de exploits p/ ftp que consta no site.
XM Easy Personal FTP Server 5.0.1 (Port) Remote Overflow PoC
http://www.milw0rm.com/exploits/1949
CesarFTP 0.99g (MKD) Remote Buffer Overflow Exploit (meta)
http://www.milw0rm.com/exploits/1915
CesarFTP 0.99g (MKD) Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/1906
TinyFTPD <= 1.4 (USER) Remote Buffer Overflow DoS
http://www.milw0rm.com/exploits/1758
acFTP FTP Server <= 1.4 (USER) Remote Denial of Service
Exploit
http://www.milw0rm.com/exploits/1757
acFTP FTP Server <= 1.4 (USER) Remote Buffer Overflow PoC
http://www.milw0rm.com/exploits/1749
XM Easy Personal FTP Server <= 4.3 (USER) Remote Buffer
Overflow PoC
http://www.milw0rm.com/exploits/1748
Golden FTP Server Pro 2.70 (APPE) Remote Buffer Overflow PoC
http://www.milw0rm.com/exploits/1743
XM Easy Personal FTP Server 1.0 (Port) Remote Overflow PoC
http://www.milw0rm.com/exploits/1552
ArGoSoft FTP Server <= 1.4.3.5 Remote Buffer Overflow PoC
http://www.milw0rm.com/exploits/1531
Sami FTP Server 2.0.1 Remote Buffer Overflow Exploit (cpp)
http://www.milw0rm.com/exploits/1462
Sami FTP Server 2.0.1 Remote Buffer Overflow Exploit (meta)
http://www.milw0rm.com/exploits/1452
Sami FTP Server 2.0.1 Remote Stack Based Buffer Overflow PoC
http://www.milw0rm.com/exploits/1448
Tftpd32 2.81 (GET Request) Format String Denial of Service PoC
http://www.milw0rm.com/exploits/1424
Cerberus FTP Server <= 2.32 Denial of Service Exploit
http://www.milw0rm.com/exploits/1422
Farmers WIFE 4.4 sp1 (FTP) Remote System Access Exploit
http://www.milw0rm.com/exploits/1417
HomeFtp 1.1 (NLST) Denial of Service Vulnerability
http://www.milw0rm.com/exploits/1416
eStara Softphone <= 3.0.1.46 (SIP) Remote Buffer Overflow
Exploit (2)
http://www.milw0rm.com/exploits/1414
eStara Softphone <= 3.0.1.46 (SIP) Remote Buffer Overflow
Exploit
http://www.milw0rm.com/exploits/1413
Golden FTP Server <= 1.92 (APPE) Remote Overflow Exploit
(meta)
http://www.milw0rm.com/exploits/1381
FreeFTPD <= 1.0.10 (PORT Command) Denial of Service Exploit
http://www.milw0rm.com/exploits/1339
FreeFTPD <= 1.0.8 (USER) Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/1330
linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit
http://www.milw0rm.com/exploits/1295
WzdFTPD <= 0.5.4 (SITE) Remote Command Execution Exploit
(meta)
http://www.milw0rm.com/exploits/1292
HP-UX FTP Server Preauthentication Directory Listing Exploit (meta)
http://www.milw0rm.com/exploits/1259
TYPSoft FTP Server <= 1.11 (RETR) Denial of Service Vulnerability
http://www.milw0rm.com/exploits/1251
Prozilla <= 1.3.7.4 (ftpsearch) Results Handling Buffer
Overflow Exploit
http://www.milw0rm.com/exploits/1238
WzdFTPD <= 0.5.4 Remote Command Execution Exploit
http://www.milw0rm.com/exploits/1231
Stoney FTPd Denial Of Service Exploit (rxBot mods ftpd)
http://www.milw0rm.com/exploits/1218
FTP Internet Access Manager <= 1.2 Command Execution Exploit
http://www.milw0rm.com/exploits/1201
Quick 'n EasY <= 3.0 FTP Server Remote Denial of Service
Exploit
http://www.milw0rm.com/exploits/1129
FTPshell Server <= 3.38 Remote Denial of Service Exploit
http://www.milw0rm.com/exploits/1121
FtpLocate <= 2.02 (current) Remote Command Execution Exploit
http://www.milw0rm.com/exploits/1120
SlimFTPd <= 3.16 Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/1118
Nokia Affix < 3.2.0 btftp Remote Client Exploit
http://www.milw0rm.com/exploits/1081
Inframail Advantage Server Edition 6.0 <= 6.37 (FTP) BoF
Exploit
http://www.milw0rm.com/exploits/1166
Crob FTP Server <= 3.6.1 Remote Stack Overflow Exploit
http://www.milw0rm.com/exploits/1028
FutureSoft TFTP Server 2000 Remote Denial of Service Exploit
http://www.milw0rm.com/exploits/1027
HP-UX FTPD <= 1.1.214.4 "REST" Remote Brute Force
Exploit
http://www.milw0rm.com/exploits/977
GlobalScape Secure FTP Server 3.0 Buffer Overflow Exploit
http://www.milw0rm.com/exploits/975
BulletProof FTP Server 2.4.0.31 Local Privilege Escalation Exploit
http://www.milw0rm.com/exploits/971
Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit
(3rd)
http://www.milw0rm.com/exploits/969
Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit (2nd)
http://www.milw0rm.com/exploits/968
Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/967
Golden FTP Server Pro <= 2.52 (USER) Remote Buffer Overflow
Exploit
http://www.milw0rm.com/exploits/1160
NetFTPd 4.2.2 User Authentication Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/955
CrystalFTP Pro 2.8 Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/711
DeluxeFtp 6.x Local Password Disclosure Exploit
http://www.milw0rm.com/exploits/936
FTP Now <= 2.6.14 Local Password Disclosure Exploit
http://www.milw0rm.com/exploits/918
ArGoSoft FTP Server <= 1.4.2.8 Denial of Service Exploit
http://www.milw0rm.com/exploits/908
mtftpd <= 0.0.3 Remote Root Exploit
http://www.milw0rm.com/exploits/902
Ocean FTP Server 1.00 Denial of Service Exploit
http://www.milw0rm.com/exploits/893
PlatinumFTP <= 1.0.18 Multiple Remote Denial of Service
Exploit
http://www.milw0rm.com/exploits/886
wu-ftpd <= 2.6.2 File Globbing Denial of Service Exploit
http://www.milw0rm.com/exploits/842
PeerFTP 5 Local Password Disclosure Exploit
http://www.milw0rm.com/exploits/833
3Com 3CDaemon FTP Unauthorized "USER" Remote BoF
Exploit
http://www.milw0rm.com/exploits/827
3Com Ftp Server 2.0 Remote Overflow Exploit
http://www.milw0rm.com/exploits/825
DelphiTurk FTP v1.0 Passwords to Local Users Exploit
http://www.milw0rm.com/exploits/803
3CServer 1.1 FTP Server Remote Exploit
http://www.milw0rm.com/exploits/794
Golden FTP Server <= 2.02b Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/767
MS Internet Explorer FTP Command Injection Exploit
http://www.milw0rm.com/exploits/1249
WS_FTP Server <= 5.03 (RNFR) Buffer Overflow Exploit
http://www.milw0rm.com/exploits/1158
WS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/664
CoffeeCup FTP Clients (Direct <= 6.2.0.62) (Free <=
3.0.0.10) BoF Exploit
http://www.milw0rm.com/exploits/650
wodFtpDLX Client ActiveX Control Buffer Overflow Crash Exploit
http://www.milw0rm.com/exploits/649
WinFTP Server 1.6 Denial of Service Exploit
http://www.milw0rm.com/exploits/625
SlimFTPd <= 3.15 Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/623
Ability Server 2.34 FTP STOR Buffer Overflow Exploit (Unix Exploit)
http://www.milw0rm.com/exploits/618
Chesapeake TFTP Server 1.0 Directory Traversal and DoS PoC Exploit
http://www.milw0rm.com/exploits/611
WvTFTPd 0.9 Remote Root Heap Overflow Exploit
http://www.milw0rm.com/exploits/608
libxml 2.6.12 nanoftp Remote Buffer Overflow Proof of Concept Exploit
http://www.milw0rm.com/exploits/601
Quick 'n EasY <= 3.0 FTP Server Remote Denial of Service
Exploit
http://www.milw0rm.com/exploits/593
ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
http://www.milw0rm.com/exploits/581
GlobalSCAPE - CuteFTP macros (*.mcr) Local Vulnerability
http://www.milw0rm.com/exploits/560
glFTPd Local Stack Overflow Exploit (PoC) (Slackware 9.0/9.1/10.0)
http://www.milw0rm.com/exploits/476
BlackJumboDog FTP Server 3.6.1 Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/439
CesarFTP Server Long Command Denial of Service Exploit
http://www.milw0rm.com/exploits/428
WFTPD Pro Server 3.21 MLST Remote Denial of Service Exploit
http://www.milw0rm.com/exploits/427
TiTan FTP Server Long Command Heap Overflow PoC Exploit
http://www.milw0rm.com/exploits/426
ProFTPd Local pr_ctrls_connect Vuln - ftpdctl
http://www.milw0rm.com/exploits/394
OpenFTPD <= 0.30.1 (message system) Remote Shell Exploit
http://www.milw0rm.com/exploits/373
OpenFTPD (<= 0.30.2) Remote Exploit
http://www.milw0rm.com/exploits/372
Flash FTP Server Directory Traversal
http://www.milw0rm.com/exploits/361
OverByte ICS FTP Server Remote Denial of Service Exploit
http://www.milw0rm.com/exploits/356
Sasser Worm ftpd Remote Buffer Overflow Exploit (port 5554)
http://www.milw0rm.com/exploits/297
WS_FTP Server <= 4.0.2 ALLO Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/165
WFTPD Server <= 3.21 Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/159
Serv-U FTPD 3.x/4.x/5.x "MDTM" Command Remote Exploit
http://www.milw0rm.com/exploits/158
Dream FTP 1.2 Remote Format String Exploit
http://www.milw0rm.com/exploits/823
Serv-U FTPD 4.x "SITE CHMOD" Reverse Bindshell Exploit
http://www.milw0rm.com/exploits/150
Serv-U FTPD 3.x/4.x "SITE CHMOD" Command Remote
Exploit
http://www.milw0rm.com/exploits/149
lftp <= 2.6.9 Remote Stack based Overflow Exploit
http://www.milw0rm.com/exploits/143
wu-ftpd 2.6.2 Remote Denial Of Service Exploit (wuftpd-freezer.c)
http://www.milw0rm.com/exploits/115
ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
http://www.milw0rm.com/exploits/110
ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit
http://www.milw0rm.com/exploits/107
4D WebSTAR FTP Server Suite Remote Buffer Overflow Exploit
http://www.milw0rm.com/exploits/96
GtkFtpd 1.0.4 Remote Root Buffer Overflow Exploit
http://www.milw0rm.com/exploits/88
Gopherd <= 3.0.5 FTP Gateway Remote Overflow Exploit
http://www.milw0rm.com/exploits/84
Oracle XDB FTP Service UNLOCK Buffer Overflow Exploit
http://www.milw0rm.com/exploits/80
wu-ftpd 2.6.2 Remote Root Exploit (advanced version) http://www.milw0rm.com/exploits/78
Quer enviar seu Tutorial?
Envie um e-mail para thorking@gmail.com sem anexos mande no corpo do e-mail.
Obrigado!