by: DonnchaPosted on:

wehavethewayout is running a f …

wehavethewayout is running a ftp server with anon logins allowed!

$ ftp www.wehavethewayout.com
Connected to 130.94.214.143 (130.94.214.143).
220 w2k1405 Microsoft FTP Service (Version 5.0).
Name (www.wehavethewayout.com:donncha): ftp
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230 Anonymous user logged in.
Remote system type is Windows_NT.
ftp>

Earlier, the server also had “/bin/ls” available to download although that seems to have been removed now. To echo what Kevin says, it’s amazing how badly they misconfigured that box.

Even more evil thanks to Paul Jakma!

$ vncviewer 130.94.214.143
VNC server supports protocol version 3.3 (viewer 3.3)
Password:
Reading password failed

$ mysql -h 198.63.57.204
ERROR 1045: Access denied for user: 'docaoimh@192.168.1.26' (Using password: NO)
$ mysql -u root -h 198.63.57.204
ERROR 1045: Access denied for user: 'root@192.168.1.26' (Using password: NO)

Leave a Reply

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close