Vulnerability Development mailing list archives

FTP Passive Connection Hijacking Script

From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Sun, 23 Jul 2000 18:05:21 -0500

From the home page:


This PERL script is a proof-of-concept exploit for downloading other
user's files
from FTP servers without needing thier authentication. It works against
servers
that use passive connections for data transfers and fail to check the
incoming
address of the data connection. It first attempts to determine the
server-side
data port incrementation rate and then guesses at the next port, makes a
connection, and saves the retrieved data to a file. This does not work
against M$
boxen, but is fairly impressive when run against large public FTP
servers. A much
more sinister purpose would be to snag confidential files being passed
between
corporate networks at scheduled times, like end of the day batch
processing of
customer orders, or crontab'd FTP backups.

You can grab a copy from
http://www.digitaloffense.net:8000/index.html?section=PROJECTS

-HD

Current thread:

FTP Passive Connection Hijacking Script H D Moore (Jul 24)
- <Possible follow-ups>
- Re: FTP Passive Connection Hijacking Script Tomasz Grabowski (Jul 27)
- Re: FTP Passive Connection Hijacking Script Michael Wojcik (Jul 28)
  - Re: FTP Passive Connection Hijacking Script Bluefish (Jul 30)