Create time: 2005-02-22 Article properties: Original article Submit: Xiao Qi
Today get a webshell. Found serv-u directory. Looked at ServUDaemon.ini [GLOBAL] Version = 6.0.0.2OpenFilesDownloadMode = ExclusivePacketTimeOut = 300LocalSetupPassword = ah6A0ED50ADD0A516DA36992DB43F3AA39
6.0.0.2. Once I saw that the default local management account and password of the version 6.0 were still the original. But it seems to listen to the 6 version of the password has been changed ..
Oh. Here, I have a row of LocalSetuppassword. There is a unknown premonition. Is the original default password has been set by it? Add MD5, calculate a pure number, or you can. Opportunity ..
Try can be written ... Show privileges (everything is expected). Try the default account and password.
Uploaded XIAOLU's Serv-U permission tool
Netstat -an | Find "43958" TCP 127.0.0.1:43958 0.0.0.0:0 Listening
Well, it is this mouth.
Excuting an order
D: /WEB/www/xxxx_com/serv-u.exe 43958 "Net user xiaoqi amen. / Add" ************************************ ************************************ Serv-u <3.x local exploit by xiaolu> 221 Serv-U FTP Server V6.0 for Winsock Ready ...
> 331 User Name Okay, Need Password.
*********************************************************** ****
#L@ / ak#.lk; 0 @p
> 530 Not Logged in.
*********************************************************** ****
Seeing 530, I am cool, saying that the default password is changed. The upper group wants to confirm. Superhei gave a good idea. Download the main program to view the password with UEDIT. SERV-U version 5.0 Modifying the default password is also the same method, and the password length requires the same requirements to be 14 bits (replace #L@lk@lk; 0 @p) with other characters .. Open servuadmin.exe to find the password is still # L@ - P (Specially copy to Notepad observation, prevent 0 / o L / 1 and other characters confused). So, it seems that the Serv-U does not rely on it to verify? In order to find a true image. Download a serv-u 6.0.0.2 (not unloading, unchecked, preventing low version of Chinese and crack patch)
Before I thought, Why did Serv-U did not provide a place to change the password to the administrator? How many server OVER's responsibility is on the serv-u? Good! This time, just opened Serv-U Admin, found In the "stop service", there is a "setting change password" button. Let's take a look at Servudaemon.ini. In addition to the version changed, it is not different from the original. Back to the console point to open the "Setting Change Password" requirements Enter old password, new password, confirmation. Old password? What is the old password? #L@ $? $? Tip password is incorrect .. Try the empty password ... This can be depressed. Is it the password of Localadministrator in Serv-U 6.0.0.2, it is empty ??? Take the XIAOLU's permission to improve the tool, change the password to empty. Compilation is better.
Excuting an order
D: /Web/www/xxxx_com/serv-u2.exe 43958 "Net user xiaoqi amen. / Add" ************************************ ************************************ Serv-u <3.x local exploit by xiaolu> 221 Serv-U FTP Server V6.0 for Winsock Ready ...> 331 User name okay, need password.
*********************************************************** ****
> 530 Not Logged in.
*********************************************************** ****
Still 530. Ha .. I am dreaming, I. However, this failure does not represent the default password is not empty (because there is localsetuppassword =) in this machine. Tall, watch my machine SERVUDAEMON.INI, I really have a row of localsetuppassword = xxxxxxx, it seems to be MD5 that just configures the password. Turn the password on the machine SERV-U to empty (actually allowed us to empty) and use this Serv-U2 . EXE tried. No ..530, sudden flash in the brain, is it "empty" is #L@'ak#.LK; 0 @p farten serv-u.exe, yeah! Success. Here we want I started to doubt a problem. If you have modified your password, then you need to verify it twice? One is #L@'ak#.lk; 0 @p once is a modified password................................................................................................................................................................................................................................................. .. The sentence "Second Verification", modified the following permission lifting tool, change the password to my password in Serv-U, even. Prove that there is no second verification. Summary, in Serv- U. 6.0.0.2, the initial password is still #L@lk#.lk; 0 @p But can easily change the password, modify the password, configure the LocalSetuppassword, where Servudaemon.ini is saved in Servudaemon.ini = In. The original #L@ / ($ @lk; 0 @p still saved only when the password is empty.
Also: To modify the local management port. Just plus a line LocalSetUpportno = port number in Servudaemon.ini [Global], can
BTW: These do not have a technical content, I hope everyone will forgive, some things that originally written are just to be comfortable in blog, and everyone is reforining me.
