 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
How can i hack this website ? Have anonymous FTP Access |
 |
 Posted: Sun Jul 12, 2009 10:06 am |
 |
|
| shyspy |
| Advanced user |
 |
|
| Joined: Jun 08, 2009 |
| Posts: 60 |
|
|
|
 |
|
 |
|
I can connect to the website using anonymous ftp access.
The problem is I can't upload any files, this rules out shell uploading.
I can't see any data Or move an level up to browse other directories.
Anyway to hack it? |
|
|
|
|
| Posted: Sun Jul 12, 2009 11:53 am |
|
|
| earthquaker |
| Advanced user |
 |
|
| Joined: Jun 02, 2008 |
| Posts: 111 |
| Location: q8 |
|
|
|
|
|
|
did you try system commands?
wget for example |
|
|
|
|
|
Re: How can i hack this website ? Have anonymous FTP Access |
|
| Posted: Sun Jul 12, 2009 1:11 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| shyspy wrote: | I can connect to the website using anonymous ftp access.
The problem is I can't upload any files, this rules out shell uploading.
I can't see any data Or move an level up to browse other directories.
Anyway to hack it? |
If anonymous ftp access does not let you write or read files in "interesting" areas or if specific ftp daemon version does not have exploitable vulnerability, then such anonymous ftp access is useless. Well, there is exotic port scanning method related to ftp access, but it's useless for you.
So seems that you need other attack vectors ... |
|
|
|
|
|
- |
|
| Posted: Wed Jul 15, 2009 5:22 pm |
|
|
| shyspy |
| Advanced user |
|
|
| Joined: Jun 08, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
waraxe, can you please share ideas on those other attack vectors.
Here is some information of the website :
The site is an simple html page with a product's description and just one buy button on it.
When i click on it paypal page open and asks me to enter payment details.
The good part was the site is hosted on the shared server, so i used your way of finding other sites and to hack any1 and install an shell.
But to my surprise all other 13 sites listed were wordpress using the lastest wordpress version. |
|
|
|
|
|
|
|
|
| Posted: Wed Jul 15, 2009 5:47 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Then there is little you can do. You need vulnerability to succeed, either 0-day for wordpress, php, apache, linux TCP/IP stack, ftp, ssh or something like that. Or there must be some other weak points - "hidden" directories and files, frontpage extensions, PUT method, server-status, etc. Just keep digging and try scanners like Acunetix. |
|
|
|
|
|
- |
|
| Posted: Wed Jul 15, 2009 9:25 pm |
|
|
| shyspy |
| Advanced user |
|
|
| Joined: Jun 08, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
| Thanku for the information... u gave lots of keywords to search for...thanku |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 274
Members: 0
Total: 274
