WUFTP remote buffer

xiaoxiao2021-03-06 43

Author: Unknown Source: UNITA

A few days ago, the remote buffer of wuftp was discovered, because wuftp was very popular, I was written to a friend, and his company is Linux6.1 wuftp2.5.0. I told him to make up the vulnerability immediately and tell him that it can easily get root privileges. Who knows that he found me to OICQ: Our colleagues say you brag. Hey, the mood of time fell to the extreme, I really want to break the Broken Server!

But I only said to him: "Well, I will authorize our intrusion detection to you, you call your company manager to sign, I promise to let him cool!" Then I sent the invasion inspection authorization to the past, their manager did not sign. I started to do this: Through anonymous agents, I connect to a foreign server advanced port scan --------> I think it is necessary! Found the other party finger to open,

then:

Finger @ xxx.xxx.xx.x

root

XXXXXXX -----------> is a commonly used word

Finger xxxxxx@xxx.xxx.xx.x

I saw his approximate situation.

Then according to my experience, this name is a commonly used word, must be a public user. (The background of their company is software development).

A common user means that the password will not be too complicated. So I chose to try the password.

Rlogin xxx.xxx.xx.x -l xxxxxx

User named password This is the most likely, I tried, go in!

Permissions are OK, you can CC, GCC, and there is no need to say anything. Linux6.1 has many local overflows. However, I didn't continue to do it, I found him in OICQ, said to him, do you want me to give you some mark? He said, I gave up!

This is actually a very simple invading process without spending 5 minutes. And I want to tell: as an excellent HACKER, you need to find the method in the palm of the time. The method is simple, you only need to treat this thing, calm thinking and analysis.

转载请注明原文地址:https://www.9cbs.com/read-57897.html

9cbs

New Post(0)