Penetration Testing mailing list archives

Re: Listing hide files via ftp

From: carlopmart <carlopmart () gmail com>
Date: Thu, 15 Mar 2007 08:35:09 +0100

Tremaine Lea wrote:


On 14-Mar-07, at 12:40 AM, carlopmart wrote:

Garrett Reid wrote:

Try a "list -Al"
On Mar 11, 2007, at 6:01 AM, carlopmart wrote:



<snip>

hi garret, I have tried but doesn't works ...

-- CL Martinez
carlopmart {at} gmail {d0t} com

Are you doing this from the server administration side, or logged intoan ftp server?

I am doing this logged into a ftp server


What OS is the ftp server?


I think is a RHEL or RHEL derivated, but this server is not under my control

You'll need to provide at least a bit more detail, and it would behelpful if you replied with any errors you receive when trying a commandthat's been suggested.


Details:



[carlos@nazgul iso-images]$ ftp ftp.server.com
Connected to ftp.server.com (1.1.1.1).
220 ACME Technologies Inc.
Name (ftp.server.com:carlos): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -la
227 Entering Passive Mode (1,1,1,1,209,98)
150 Opening ASCII mode data connection for file list
drwxr-xr-x   5 root     root         4096 Dec 28 19:38 .
drwxr-xr-x   5 root     root         4096 Dec 28 19:38 ..
-rw-r--r--   1 sgreen   sgreen        304 Feb 15 22:13 .bash_logout
-rw-r--r--   1 sgreen   sgreen        191 Feb 15 22:13 .bash_profile
-rw-r--r--   1 sgreen   sgreen        124 Feb 15 22:13 .bashrc
-rw-r--r--   1 sgreen   sgreen        383 Feb 15 22:13 .emacs
-rw-r--r--   1 sgreen   sgreen        120 Feb 15 22:13 .gtkrc
drwxr-xr-x   3 sgreen   sgreen       4096 Jun 20  2006 .kde
-rw-r--r--   1 sgreen   sgreen        658 Feb 15 22:13 .zshrc
drwxrwx-wt 267 ftp      ftp         12288 Mar 14 21:15 download
lrwxrwxrwx   1 ftp      ftp             8 Jun 14  2006 pub -> download
drwxrwx-wx 205 support  support     77824 Mar 15 06:30 upload
226 Transfer complete.
ftp> cd download
250 CWD command successful
ftp> ls -la
227 Entering Passive Mode (216,228,148,15,223,76)
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp> ls -Al
227 Entering Passive Mode (216,228,148,15,224,175)
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp>

As you can see on this screen, I can list root directories but notcontents on subdirectories, but on this subdirectories exists files ...


Cheers,

Tremaine Lea
Network Security Consultant



--
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Listing hide files via ftp carlopmart (Mar 13)
- Re: Listing hide files via ftp Garrett Reid (Mar 13)
  - Re: Listing hide files via ftp carlopmart (Mar 14)
    - Re: Listing hide files via ftp Tremaine Lea (Mar 18)
    - Message not available
    - Re: Listing hide files via ftp carlopmart (Mar 18)
    - Re: Listing hide files via ftp Tremaine Lea (Mar 20)