www.ProFTPD.de
13. März 2007, 19:06:26 *
Willkommen Gast. Bitte einloggen oder registrieren.
Haben Sie Ihre Aktivierungs E-Mail übersehen?

Einloggen mit Benutzername, Passwort und Sitzungslänge
News: SMF - Neu installiert!
 
   Übersicht   Hilfe Suche Login Registrieren  
Seiten: [1]   Nach unten
  Drucken  
Autor Thema: Sicherheitslücke  (Gelesen 510 mal)
0 Mitglieder und 1 Gast betrachten dieses Thema.
Shine
ProFTPD
*
Offline Offline

Beiträge: 15


77193083
Profil anzeigen WWW
« am: 09. Oktober 2003, 22:22:26 »

hi,

ich hab die 1.2.8er und hab den exploit getestet  ... als meldung kommt
Zitat

  • Ret address:0xbffff25c
  • Trying hotbox:21....ok
  • Get banner:ok
<== 220 Shines Server
  • User tester logged in
  • PORT 192,168,0,4,135,8
  • STOR file 881881881.txt
  • Listening on 34568 ....ok
  • Accepted a client from 192.168.0.2
  • Trying hotbox:21....ok
  • Get banner:ok
<== 220 Dannys Server
  • User tester logged in
  • PORT 192,168,0,4,135,8
  • RETR file 881881881.txt
  • Listening on 34568 ....ok
  • Accepted a client from 192.168.0.2
  • The First time read:ok
  • PORT 192,168,0,4,135,9
  • RETR file 881881881.txt
  • Listening on 34569 ....ok
  • Accepted a client from 192.168.0.2
  • Waiting for a shell.....
  • Trying hotbox:6000....error:Connection refused[/b]
    shine@drunkenbeagle[~]:$
bedeutet das, dass der exploid net zieht?

werde mir gleich noch die neue version ziehen ..
Gespeichert

Im Suff sind alle Frauen schön ....
stonki
Administrator
ProFTPD
*****
Offline Offline

Beiträge: 1853


15318939
Profil anzeigen WWW E-Mail
« Antwort #1 am: 10. Oktober 2003, 11:25:36 »

Zitat von: "Shine"
hi,

bedeutet das, dass der exploid net zieht?
werde mir gleich noch die neue version ziehen ..


cool. Keine Ahnung, kannste mir den Exploit mal mailen ?

cu
stonki
Gespeichert

www.stonki.de:    the more I see, the more I know.......
www.proftpd.de:   Deutsche ProFTPD Dokumentation
www.krename.net:  Der Batch Renamer für KDE
www.kbarcode.net: Die Barcode Solution für KDE
Wörsty
Moderator
ProFTPD
*****
Offline Offline

Beiträge: 1602


50772603
Profil anzeigen WWW E-Mail
« Antwort #2 am: 10. Oktober 2003, 13:11:19 »

:dito) Auch habenwilll - muß ich nicht selbst suchen :roll:
Gespeichert

RedHat 8.0 (2.4er Kernel)
proftpd 1.2.10
-mod_sql_mysql
-mow_wrap
-mod_exec
-mod_ifsession[/size]
Wörsty
Moderator
ProFTPD
*****
Offline Offline

Beiträge: 1602


50772603
Profil anzeigen WWW E-Mail
« Antwort #3 am: 10. Oktober 2003, 15:02:27 »

Bei mir geht des auch nicht.
Exploit:
Code:
[root@knowledgebase root]# ./exploit -d kb.de.nx1  -u ftpadmin -p passwort -l 10.138.131.75 -t 1
@---------------------------------------------------------@
# proftpd 1.2.7/1.2.9rc2 remote root exploit(01/10)-1.20 #
@ by bkbll(bkbll_at_cnhonker.net,bkbll_at_tom.com @
-----------------------------------------------------------
[+] Ret address:0xbffff25c
[+] Trying kb.de.nx1:21....ok
[+] Get banner:ok
<== 220-Willkommen!
220----------------------------------------
220-standalone FTP daemon [667], up for  4 hrs 09 min
220-26615 anonymous [ 0m10s]  0m10s idle
220-    client: 10.248.5.77 [10.248.5.77]
220-    server: 10.138.131.75:21 (NetxiraOne - FTP-Server)
220-    location: /
220-
220-26631 anonymous [  0m3s]   0m3s idle
220-    client: 10.248.5.77 [10.248.5.77]
220-    server: 10.138.131.75:21 (NetxiraOne - FTP-Server)
220-    location: /
220-
220-Service class                      -   2 users
220----------------------------------------
[+] User ftpadmin logged in
[+] PORT 10,138,131,75,135,8
[+] STOR file 126841268412684.txt
[+] Listening on 34568 ....ok
[+] Accepted a client from 10.138.131.75
[+] Trying kb.de.nx1:21....ok
[+] Get banner:ok
<== 220-Willkommen!
220----------------------------------------
220-standalone FTP daemon [667], up for  4 hrs 09 min
220-26615 anonymous [ 0m10s]  0m10s idle
220-    client: 10.248.5.77 [10.248.5.77]
220-    server: 10.138.131.75:21 (NetxiraOne - FTP-Server)
220-    location: /
220-
220-26631 anonymous [  0m3s]   0m3s idle
220-    client: 10.248.5.77 [10.248.5.77]
220-    server: 10.138.131.75:21 (NetxiraOne - FTP-Server)
220-    location: /
220-
220-Service class                      -   2 users
220----------------------------------------
[+] User ftpadmin logged in
[+] PORT 10,138,131,75,135,8
[+] RETR file 126841268412684.txt
[+] Listening on 34568 ....ok
[+] Accepted a client from 10.138.131.75
[+] The First time read:ok
[+] PORT 10,138,131,75,135,9
[+] RETR file 126841268412684.txt
[+] Listening on 34569 ....ok
[+] Accepted a client from 10.138.131.75
[+] Waiting for a shell.....
[+] Trying kb.de.nx1:6000....error:Connection refused              


Debug:
Code:
[root@knowledgebase proftpd-1.2.9rc2]# proftpd -nd9
 - parsing '/www/conf//proftpd.conf' configuration
 - FS: using system open()
 - FS: using system read()
 - dispatching auth request "getpwnam" to module mod_sql
 - dispatching auth request "getpwnam" to module mod_auth_file
 - dispatching auth request "getpwnam" to module mod_auth_unix
 - dispatching auth request "getgrnam" to module mod_sql
 - dispatching auth request "getgrnam" to module mod_auth_file
 - dispatching auth request "getgrnam" to module mod_auth_unix
 - FS: using system read()
 - Compiling allow regex '^[a-zA-Z0-9]*'.
 - Allocated allow regex at location 0x80e3018.
 - parsing '/www/conf/proftpd_ext_anon.conf' configuration
 - FS: using system open()
 - FS: using system read()
 - FS: using system close()
 - Compiling deny regex '(\.ftpaccess)|(\.htaccess)|(\.welcome.msg)|(\.dirinfo.msg)|(\.login.msg)'.
 - Allocated deny regex at location 0x80e3320.
 - FS: using system read()
 - <Directory ~>: adding section for resolved path '~'
 - FS: using system read()
 - <Directory ~/uploads>: adding section for resolved path '~/uploads'
 - Compiling allow regex '^[a-zA-Z0-9]*'.
 - Allocated allow regex at location 0x80e34d8.
 - FS: using system read()
 - Compiling deny regex '(\.ftpaccess)|(\.htaccess)|(\.DisplayConnect.msg)|(\.DisplayFirstChdir.msg)|(\.DisplayGoAway.msg)|(\.DisplayLogin.msg)|(\.DisplayGoAway.msg)|(\.DisplayQuit.msg)'.
 - Allocated deny regex at location 0x80f3de8.
 - FS: using system read()
 - FS: using system read()
 - FS: using system read()
 - FS: using system read()
 - FS: using system read()
 - FS: using system close()
ber06075 -
ber06075 - Config for NetxiraOne - FTP-Server:
ber06075 - <IfGroup>
ber06075 -  ~/uploads
ber06075 -   Limit
ber06075 -    AllowAll
ber06075 -    DenyAll
ber06075 -   Limit
ber06075 -    DenyAll
ber06075 -  ~
ber06075 -   Limit
ber06075 -    IgnoreHidden
ber06075 -    AllowAll
ber06075 -   Limit
ber06075 -    DenyAll
ber06075 -  IfGroupList
ber06075 - RootLogin
ber06075 - AllowLogSymlinks
ber06075 - RequireValidShell
ber06075 - tcpNoDelay
ber06075 - PidFile
ber06075 - UserID
ber06075 - UserName
ber06075 - GroupID
ber06075 - GroupName
ber06075 - AccessDenyMsg
ber06075 - AccessGrantMsg
ber06075 - AllowFilter
ber06075 - AllowForeignAddress
ber06075 - AllowOverwrite
ber06075 - AllowRetrieveRestart
ber06075 - AllowStoreRestart
ber06075 - AuthAliasOnly
ber06075 - DeleteAbortedStores
ber06075 - DirFakeGroup
ber06075 - DirFakeMode
ber06075 - DirFakeUser
ber06075 - DisplayConnect
ber06075 - DisplayFirstChdir
ber06075 - DisplayGoAway
ber06075 - DisplayQuit
ber06075 - ExtendedLog
ber06075 - HiddenStores
ber06075 - IdentLookups
ber06075 - LoginPasswordPrompt
ber06075 - MaxClients
ber06075 - MaxClientsPerHost
ber06075 - MaxHostsPerUser
ber06075 - MaxLoginAttempts
ber06075 - PathDenyFilter
ber06075 - RequireValidShell
ber06075 - ServerIdent
ber06075 - ShowSymlinks
ber06075 - SyslogLevel
ber06075 - Umask
ber06075 - DirUmask
ber06075 - SQLAuthenticate
ber06075 - SQLAuthTypes
ber06075 - SQLConnectInfo
ber06075 - SQLDefaultGID
ber06075 - SQLDefaultUID
ber06075 - SQLHomedirOnDemand
ber06075 - SQLUserTable
ber06075 - SQLUsernameField
ber06075 - SQLPasswordField
ber06075 - SQLHomedirField
ber06075 - SQLGroupTable
ber06075 - SQLGroupnameField
ber06075 - SQLGroupGIDField
ber06075 - SQLGroupMembersField
ber06075 - TimeoutIdle
ber06075 - TimeoutLogin
ber06075 - TimeoutNoTransfer
ber06075 - TimeoutStalled
ber06075 - TimesGMT
ber06075 - Classes
ber06075 - DefaultChdir
ber06075 - DefaultRoot
ber06075 - DefaultTransferMode
ber06075 - DeferWelcome
ber06075 - PassivePorts
ber06075 - UseGlobbing
ber06075 - UseFtpUsers
ber06075 - 10.138.131.75:121 masquerading as 10.138.131.75
ber06075 -
ber06075 - Config for Knowledgebase - Warteschlange:
ber06075 - AccessDenyMsg
ber06075 - AccessGrantMsg
ber06075 - AllowFilter
ber06075 - AllowForeignAddress
ber06075 - AllowOverwrite
ber06075 - AllowRetrieveRestart
ber06075 - AllowStoreRestart
ber06075 - AuthAliasOnly
ber06075 - DeleteAbortedStores
ber06075 - DirFakeGroup
ber06075 - DirFakeMode
ber06075 - DirFakeUser
ber06075 - DisplayConnect
ber06075 - DisplayFirstChdir
ber06075 - DisplayGoAway
ber06075 - DisplayLogin
ber06075 - DisplayQuit
ber06075 - ExtendedLog
ber06075 - HiddenStores
ber06075 - IdentLookups
ber06075 - MaxClients
ber06075 - MaxClientsPerHost
ber06075 - MaxHostsPerUser
ber06075 - LoginPasswordPrompt
ber06075 - MasqueradeAddress
ber06075 - MaxLoginAttempts
ber06075 - PathDenyFilter
ber06075 - RequireValidShell
ber06075 - ServerIdent
ber06075 - ShowSymlinks
ber06075 - SyslogLevel
ber06075 - SQLAuthenticate
ber06075 - SQLAuthTypes
ber06075 - SQLConnectInfo
ber06075 - SQLDefaultGID
ber06075 - SQLDefaultUID
ber06075 - SQLHomedirOnDemand
ber06075 - SQLLog_PASS
ber06075 - SQLLog_PASS
ber06075 - SQLLog_DELE
ber06075 - SQLLog_RETR
ber06075 - SQLLog_*
ber06075 - SQLLog_ERR_*
ber06075 - SQLNamedQuery_updatecount
ber06075 - SQLNamedQuery_letzter_zugriff
ber06075 - SQLNamedQuery_delfile
ber06075 - SQLNamedQuery_getfile
ber06075 - SQLNamedQuery_history
ber06075 - SQLNamedQuery_history_err
ber06075 - SQLUserTable
ber06075 - SQLUsernameField
ber06075 - SQLPasswordField
ber06075 - SQLUidField
ber06075 - SQLHomedirField
ber06075 - TimesGMT
ber06075 - Umask
ber06075 - DirUmask
ber06075 - Classes
ber06075 - DefaultChdir
ber06075 - DefaultRoot
ber06075 - DefaultTransferMode
ber06075 - DeferWelcome
ber06075 - PassivePorts
ber06075 - UseGlobbing
ber06075 - UseFtpUsers
ber06075 - dispatching auth request "getgroups" to module mod_sql
ber06075 - dispatching auth request "getgroups" to module mod_auth_file
ber06075 - dispatching auth request "getgroups" to module mod_auth_unix
ber06075 - SETUP PRIVS at main.c:2711
ber06075 - ROOT PRIVS at main.c:1953
ber06075 - RELINQUISH PRIVS at main.c:1959
ber06075 - ROOT PRIVS at main.c:2320
ber06075 - opening scoreboard '/usr/local/var/proftpd/proftpd.scoreboard'
ber06075 - RELINQUISH PRIVS at main.c:2344
ber06075 - ROOT PRIVS at inet.c:452
ber06075 - RELINQUISH PRIVS at inet.c:510
ber06075 - ROOT PRIVS at inet.c:452
ber06075 - RELINQUISH PRIVS at inet.c:510
ber06075 - ProFTPD 1.2.9rc2 (devel) (built Fre Okt 10 14:55:34 CEST 2003) standalone mode STARTUP
ber06075 - ROOT PRIVS at main.c:2168
ber06075 - RELINQUISH PRIVS at main.c:2174
ber06075 - FS: using system lstat()









ber06075 - FS: using system lstat()
ber06075 - ROOT PRIVS at main.c:1145
ber06075 - RELINQUISH PRIVS at main.c:1149
ber06075 (10.138.131.75[10.138.131.75]) - ident lookup disabled
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at main.c:972
ber06075 (10.138.131.75[10.138.131.75]) - SETUP PRIVS at main.c:977
ber06075 (10.138.131.75[10.138.131.75]) - FTP session requested from unknown class
ber06075 (10.138.131.75[10.138.131.75]) - performing module session initializations
ber06075 (10.138.131.75[10.138.131.75]) - mod_log: opening ExtendedLog '/www/vhosts/administration/linux/logfiles/proftpd_anonftp.log'
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_log.c:1131
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_log.c:1133
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:130
ber06075 (10.138.131.75[10.138.131.75]) - opening scoreboard '/usr/local/var/proftpd/proftpd.scoreboard'
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:150
ber06075 (10.138.131.75[10.138.131.75]) - connected - local  : 10.138.131.75:21
ber06075 (10.138.131.75[10.138.131.75]) - connected - remote : 10.138.131.75:51402
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close()
ber06075 (10.138.131.75[10.138.131.75]) - FTP session opened.
ber06075 - FS: using system lstat()
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'USER ftpadmin' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgroups" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'USER ftpadmin' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'USER ftpadmin' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'USER ftpadmin' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PASS (hidden)' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgroups" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "gid_name" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "auth" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "check" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - USER PRIVS 502 at mod_auth.c:1099
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:1101
ber06075 (10.138.131.75[10.138.131.75]) -
ber06075 (10.138.131.75[10.138.131.75]) - Config for NetxiraOne - FTP-Server:
ber06075 (10.138.131.75[10.138.131.75]) - <IfGroup>
ber06075 (10.138.131.75[10.138.131.75]) -  ~/uploads
ber06075 (10.138.131.75[10.138.131.75]) -   Limit
ber06075 (10.138.131.75[10.138.131.75]) -    AllowAll
ber06075 (10.138.131.75[10.138.131.75]) -    DenyAll
ber06075 (10.138.131.75[10.138.131.75]) -   Limit
ber06075 (10.138.131.75[10.138.131.75]) -    DenyAll
ber06075 (10.138.131.75[10.138.131.75]) -  ~
ber06075 (10.138.131.75[10.138.131.75]) -   Limit
ber06075 (10.138.131.75[10.138.131.75]) -    IgnoreHidden
ber06075 (10.138.131.75[10.138.131.75]) -    AllowAll
ber06075 (10.138.131.75[10.138.131.75]) -   Limit
ber06075 (10.138.131.75[10.138.131.75]) -    DenyAll
ber06075 (10.138.131.75[10.138.131.75]) -  IfGroupList
ber06075 (10.138.131.75[10.138.131.75]) - RootLogin
ber06075 (10.138.131.75[10.138.131.75]) - AllowLogSymlinks
ber06075 (10.138.131.75[10.138.131.75]) - RequireValidShell
ber06075 (10.138.131.75[10.138.131.75]) - tcpNoDelay
ber06075 (10.138.131.75[10.138.131.75]) - PidFile
ber06075 (10.138.131.75[10.138.131.75]) - UserID
ber06075 (10.138.131.75[10.138.131.75]) - UserName
ber06075 (10.138.131.75[10.138.131.75]) - GroupID
ber06075 (10.138.131.75[10.138.131.75]) - GroupName
ber06075 (10.138.131.75[10.138.131.75]) - AccessDenyMsg
ber06075 (10.138.131.75[10.138.131.75]) - AccessGrantMsg
ber06075 (10.138.131.75[10.138.131.75]) - AllowFilter
ber06075 (10.138.131.75[10.138.131.75]) - AllowForeignAddress
ber06075 (10.138.131.75[10.138.131.75]) - AllowOverwrite
ber06075 (10.138.131.75[10.138.131.75]) - AllowRetrieveRestart
ber06075 (10.138.131.75[10.138.131.75]) - AllowStoreRestart
ber06075 (10.138.131.75[10.138.131.75]) - AuthAliasOnly
ber06075 (10.138.131.75[10.138.131.75]) - DeleteAbortedStores
ber06075 (10.138.131.75[10.138.131.75]) - DirFakeGroup
ber06075 (10.138.131.75[10.138.131.75]) - DirFakeMode
ber06075 (10.138.131.75[10.138.131.75]) - DirFakeUser
ber06075 (10.138.131.75[10.138.131.75]) - DisplayConnect
ber06075 (10.138.131.75[10.138.131.75]) - DisplayFirstChdir
ber06075 (10.138.131.75[10.138.131.75]) - DisplayGoAway
ber06075 (10.138.131.75[10.138.131.75]) - DisplayQuit
ber06075 (10.138.131.75[10.138.131.75]) - ExtendedLog
ber06075 (10.138.131.75[10.138.131.75]) - HiddenStores
ber06075 (10.138.131.75[10.138.131.75]) - IdentLookups
ber06075 (10.138.131.75[10.138.131.75]) - LoginPasswordPrompt
ber06075 (10.138.131.75[10.138.131.75]) - MaxClients
ber06075 (10.138.131.75[10.138.131.75]) - MaxClientsPerHost
ber06075 (10.138.131.75[10.138.131.75]) - MaxHostsPerUser
ber06075 (10.138.131.75[10.138.131.75]) - MaxLoginAttempts
ber06075 (10.138.131.75[10.138.131.75]) - PathDenyFilter
ber06075 (10.138.131.75[10.138.131.75]) - RequireValidShell
ber06075 (10.138.131.75[10.138.131.75]) - ServerIdent
ber06075 (10.138.131.75[10.138.131.75]) - ShowSymlinks
ber06075 (10.138.131.75[10.138.131.75]) - SyslogLevel
ber06075 (10.138.131.75[10.138.131.75]) - Umask
ber06075 (10.138.131.75[10.138.131.75]) - DirUmask
ber06075 (10.138.131.75[10.138.131.75]) - SQLAuthenticate
ber06075 (10.138.131.75[10.138.131.75]) - SQLAuthTypes
ber06075 (10.138.131.75[10.138.131.75]) - SQLConnectInfo
ber06075 (10.138.131.75[10.138.131.75]) - SQLDefaultGID
ber06075 (10.138.131.75[10.138.131.75]) - SQLDefaultUID
ber06075 (10.138.131.75[10.138.131.75]) - SQLHomedirOnDemand
ber06075 (10.138.131.75[10.138.131.75]) - SQLUserTable
ber06075 (10.138.131.75[10.138.131.75]) - SQLUsernameField
ber06075 (10.138.131.75[10.138.131.75]) - SQLPasswordField
ber06075 (10.138.131.75[10.138.131.75]) - SQLHomedirField
ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupTable
ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupnameField
ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupGIDField
ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupMembersField
ber06075 (10.138.131.75[10.138.131.75]) - TimeoutIdle
ber06075 (10.138.131.75[10.138.131.75]) - TimeoutLogin
ber06075 (10.138.131.75[10.138.131.75]) - TimeoutNoTransfer
ber06075 (10.138.131.75[10.138.131.75]) - TimeoutStalled
ber06075 (10.138.131.75[10.138.131.75]) - TimesGMT
ber06075 (10.138.131.75[10.138.131.75]) - Classes
ber06075 (10.138.131.75[10.138.131.75]) - DefaultChdir
ber06075 (10.138.131.75[10.138.131.75]) - DefaultRoot
ber06075 (10.138.131.75[10.138.131.75]) - DefaultTransferMode
ber06075 (10.138.131.75[10.138.131.75]) - DeferWelcome
ber06075 (10.138.131.75[10.138.131.75]) - PassivePorts
ber06075 (10.138.131.75[10.138.131.75]) - UseGlobbing
ber06075 (10.138.131.75[10.138.131.75]) - UseFtpUsers
ber06075 (10.138.131.75[10.138.131.75]) - CURRENT-CLIENTS
ber06075 (10.138.131.75[10.138.131.75]) - USER
ber06075 (10.138.131.75[10.138.131.75]) - USER ftpadmin: Login successful.
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:1170
ber06075 (10.138.131.75[10.138.131.75]) - opening TransferLog '/var/log/xferlog'
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:1199
ber06075 (10.138.131.75[10.138.131.75]) - USER PRIVS 502 at mod_auth.c:697
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:701
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - Preparing to chroot() the environment, path = '/www/vhosts/ftp'
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:62
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system chroot()
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:69
ber06075 (10.138.131.75[10.138.131.75]) - Environment successfully chroot()ed.
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:1242
ber06075 (10.138.131.75[10.138.131.75]) - SETUP PRIVS at mod_auth.c:1249
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - unable to chdir to ~/ (No such file or directory), defaulting to chroot directory /www/vhosts/ftp
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system chdir()
ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/', fullpath = '/www/vhosts/ftp/'.
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_cap
ber06075 (10.138.131.75[10.138.131.75]) - mod_cap/1.0: capabilities '= cap_chown,cap_net_bind_service+ep'
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ifsession
ber06075 (10.138.131.75[10.138.131.75]) - mod_ifsession/0.9: <IfGroup> not matched, skipping
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ls
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,8' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,8' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PORT 10,138,131,75,135,8' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PORT 10,138,131,75,135,8' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,8' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,8' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'TYPE A' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'TYPE A' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'TYPE A' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'TYPE A' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'TYPE A' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'TYPE A' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'STOR 126841268412684.txt' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'STOR 126841268412684.txt' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'STOR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/126841268412684.txt', fullpath = '/www/vhosts/ftp/126841268412684.txt'.
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): setting umask to 0111 (was 0111)
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system lstat()
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'STOR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - '126841268412684.txt' allowed by PathDenyFilter (No match)
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open()
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled
ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - local  : 10.138.131.75:20
ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - remote : 10.138.131.75:34568
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close()
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'STOR 126841268412684.txt' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'STOR 126841268412684.txt' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'STOR 126841268412684.txt' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'STOR 126841268412684.txt' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'STOR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - Transfer completed: 41984 bytes in 0.00 seconds
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - FTP session closed.
ber06075 - FS: using system lstat()
ber06075 - ROOT PRIVS at main.c:1145
ber06075 - RELINQUISH PRIVS at main.c:1149
ber06075 (10.138.131.75[10.138.131.75]) - ident lookup disabled
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at main.c:972
ber06075 (10.138.131.75[10.138.131.75]) - SETUP PRIVS at main.c:977
ber06075 (10.138.131.75[10.138.131.75]) - FTP session requested from unknown class
ber06075 (10.138.131.75[10.138.131.75]) - performing module session initializations
ber06075 - FS: using system lstat()
ber06075 (10.138.131.75[10.138.131.75]) - mod_log: opening ExtendedLog '/www/vhosts/administration/linux/logfiles/proftpd_anonftp.log'
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_log.c:1131
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_log.c:1133
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:130
ber06075 (10.138.131.75[10.138.131.75]) - opening scoreboard '/usr/local/var/proftpd/proftpd.scoreboard'
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:150
ber06075 (10.138.131.75[10.138.131.75]) - connected - local  : 10.138.131.75:21
ber06075 (10.138.131.75[10.138.131.75]) - connected - remote : 10.138.131.75:51403
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close()
ber06075 (10.138.131.75[10.138.131.75]) - FTP session opened.
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'USER ftpadmin' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgroups" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'USER ftpadmin' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'USER ftpadmin' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'USER ftpadmin' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PASS (hidden)' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgroups" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "gid_name" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "auth" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "check" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - USER PRIVS 502 at mod_auth.c:1099
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:1101
ber06075 (10.138.131.75[10.138.131.75]) -
ber06075 (10.138.131.75[10.138.131.75]) - Config for NetxiraOne - FTP-Server:
ber06075 (10.138.131.75[10.138.131.75]) - <IfGroup>
ber06075 (10.138.131.75[10.138.131.75]) -  ~/uploads
ber06075 (10.138.131.75[10.138.131.75]) -   Limit
ber06075 (10.138.131.75[10.138.131.75]) -    AllowAll
ber06075 (10.138.131.75[10.138.131.75]) -    DenyAll
ber06075 (10.138.131.75[10.138.131.75]) -   Limit
ber06075 (10.138.131.75[10.138.131.75]) -    DenyAll
ber06075 (10.138.131.75[10.138.131.75]) -  ~
ber06075 (10.138.131.75[10.138.131.75]) -   Limit
ber06075 (10.138.131.75[10.138.131.75]) -    IgnoreHidden
ber06075 (10.138.131.75[10.138.131.75]) -    AllowAll
ber06075 (10.138.131.75[10.138.131.75]) -   Limit
ber06075 (10.138.131.75[10.138.131.75]) -    DenyAll
ber06075 (10.138.131.75[10.138.131.75]) -  IfGroupList
ber06075 (10.138.131.75[10.138.131.75]) - RootLogin
ber06075 (10.138.131.75[10.138.131.75]) - AllowLogSymlinks
ber06075 (10.138.131.75[10.138.131.75]) - RequireValidShell
ber06075 (10.138.131.75[10.138.131.75]) - tcpNoDelay
ber06075 (10.138.131.75[10.138.131.75]) - PidFile
ber06075 (10.138.131.75[10.138.131.75]) - UserID
ber06075 (10.138.131.75[10.138.131.75]) - UserName
ber06075 (10.138.131.75[10.138.131.75]) - GroupID
ber06075 (10.138.131.75[10.138.131.75]) - GroupName
ber06075 (10.138.131.75[10.138.131.75]) - AccessDenyMsg
ber06075 (10.138.131.75[10.138.131.75]) - AccessGrantMsg
ber06075 (10.138.131.75[10.138.131.75]) - AllowFilter
ber06075 (10.138.131.75[10.138.131.75]) - AllowForeignAddress
ber06075 (10.138.131.75[10.138.131.75]) - AllowOverwrite
ber06075 (10.138.131.75[10.138.131.75]) - AllowRetrieveRestart
ber06075 (10.138.131.75[10.138.131.75]) - AllowStoreRestart
ber06075 (10.138.131.75[10.138.131.75]) - AuthAliasOnly
ber06075 (10.138.131.75[10.138.131.75]) - DeleteAbortedStores
ber06075 (10.138.131.75[10.138.131.75]) - DirFakeGroup
ber06075 (10.138.131.75[10.138.131.75]) - DirFakeMode
ber06075 (10.138.131.75[10.138.131.75]) - DirFakeUser
ber06075 (10.138.131.75[10.138.131.75]) - DisplayConnect
ber06075 (10.138.131.75[10.138.131.75]) - DisplayFirstChdir
ber06075 (10.138.131.75[10.138.131.75]) - DisplayGoAway
ber06075 (10.138.131.75[10.138.131.75]) - DisplayQuit
ber06075 (10.138.131.75[10.138.131.75]) - ExtendedLog
ber06075 (10.138.131.75[10.138.131.75]) - HiddenStores
ber06075 (10.138.131.75[10.138.131.75]) - IdentLookups
ber06075 (10.138.131.75[10.138.131.75]) - LoginPasswordPrompt
ber06075 (10.138.131.75[10.138.131.75]) - MaxClients
ber06075 (10.138.131.75[10.138.131.75]) - MaxClientsPerHost
ber06075 (10.138.131.75[10.138.131.75]) - MaxHostsPerUser
ber06075 (10.138.131.75[10.138.131.75]) - MaxLoginAttempts
ber06075 (10.138.131.75[10.138.131.75]) - PathDenyFilter
ber06075 (10.138.131.75[10.138.131.75]) - RequireValidShell
ber06075 (10.138.131.75[10.138.131.75]) - ServerIdent
ber06075 (10.138.131.75[10.138.131.75]) - ShowSymlinks
ber06075 (10.138.131.75[10.138.131.75]) - SyslogLevel
ber06075 (10.138.131.75[10.138.131.75]) - Umask
ber06075 (10.138.131.75[10.138.131.75]) - DirUmask
ber06075 (10.138.131.75[10.138.131.75]) - SQLAuthenticate
ber06075 (10.138.131.75[10.138.131.75]) - SQLAuthTypes
ber06075 (10.138.131.75[10.138.131.75]) - SQLConnectInfo
ber06075 (10.138.131.75[10.138.131.75]) - SQLDefaultGID
ber06075 (10.138.131.75[10.138.131.75]) - SQLDefaultUID
ber06075 (10.138.131.75[10.138.131.75]) - SQLHomedirOnDemand
ber06075 (10.138.131.75[10.138.131.75]) - SQLUserTable
ber06075 (10.138.131.75[10.138.131.75]) - SQLUsernameField
ber06075 (10.138.131.75[10.138.131.75]) - SQLPasswordField
ber06075 (10.138.131.75[10.138.131.75]) - SQLHomedirField
ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupTable
ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupnameField
ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupGIDField
ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupMembersField
ber06075 (10.138.131.75[10.138.131.75]) - TimeoutIdle
ber06075 (10.138.131.75[10.138.131.75]) - TimeoutLogin
ber06075 (10.138.131.75[10.138.131.75]) - TimeoutNoTransfer
ber06075 (10.138.131.75[10.138.131.75]) - TimeoutStalled
ber06075 (10.138.131.75[10.138.131.75]) - TimesGMT
ber06075 (10.138.131.75[10.138.131.75]) - Classes
ber06075 (10.138.131.75[10.138.131.75]) - DefaultChdir
ber06075 (10.138.131.75[10.138.131.75]) - DefaultRoot
ber06075 (10.138.131.75[10.138.131.75]) - DefaultTransferMode
ber06075 (10.138.131.75[10.138.131.75]) - DeferWelcome
ber06075 (10.138.131.75[10.138.131.75]) - PassivePorts
ber06075 (10.138.131.75[10.138.131.75]) - UseGlobbing
ber06075 (10.138.131.75[10.138.131.75]) - UseFtpUsers
ber06075 (10.138.131.75[10.138.131.75]) - CURRENT-CLIENTS
ber06075 (10.138.131.75[10.138.131.75]) - USER
ber06075 (10.138.131.75[10.138.131.75]) - USER ftpadmin: Login successful.
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:1170
ber06075 (10.138.131.75[10.138.131.75]) - opening TransferLog '/var/log/xferlog'
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:1199
ber06075 (10.138.131.75[10.138.131.75]) - USER PRIVS 502 at mod_auth.c:697
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:701
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - Preparing to chroot() the environment, path = '/www/vhosts/ftp'
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:62
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system chroot()
ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:69
ber06075 (10.138.131.75[10.138.131.75]) - Environment successfully chroot()ed.
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:1242
ber06075 (10.138.131.75[10.138.131.75]) - SETUP PRIVS at mod_auth.c:1249
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - unable to chdir to ~/ (No such file or directory), defaulting to chroot directory /www/vhosts/ftp
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system chdir()
ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/', fullpath = '/www/vhosts/ftp/'.
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_cap
ber06075 (10.138.131.75[10.138.131.75]) - mod_cap/1.0: capabilities '= cap_chown,cap_net_bind_service+ep'
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ifsession
ber06075 (10.138.131.75[10.138.131.75]) - mod_ifsession/0.9: <IfGroup> not matched, skipping
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ls
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'TYPE A' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'TYPE A' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'TYPE A' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'TYPE A' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'TYPE A' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'TYPE A' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,8' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,8' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PORT 10,138,131,75,135,8' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PORT 10,138,131,75,135,8' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,8' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,8' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/126841268412684.txt', fullpath = '/www/vhosts/ftp/126841268412684.txt'.
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system lstat()
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'RETR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled
ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - local  : 10.138.131.75:20
ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - remote : 10.138.131.75:34568
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close()
ber06075 (10.138.131.75[10.138.131.75]) - Transfer aborted after 32768 bytes in 0.02 seconds
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD_ERR command 'RETR 126841268412684.txt' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD_ERR command 'RETR 126841268412684.txt' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD_ERR command 'RETR 126841268412684.txt' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD_ERR command 'RETR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,9' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,9' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PORT 10,138,131,75,135,9' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PORT 10,138,131,75,135,9' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,9' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,9' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_core
ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/126841268412684.txt', fullpath = '/www/vhosts/ftp/126841268412684.txt'.
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system lstat()
ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'RETR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat()
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled
ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled
ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - local  : 10.138.131.75:20
ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - remote : 10.138.131.75:34569
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read()
ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close()
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'RETR 126841268412684.txt' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'RETR 126841268412684.txt' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'RETR 126841268412684.txt' to mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'RETR 126841268412684.txt' to mod_log
ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'RETR 126841268412684.txt' to mod_xfer
ber06075 (10.138.131.75[10.138.131.75]) - Transfer completed: 41984 bytes in 3.17 seconds
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql
ber06075 (10.138.131.75[10.138.131.75]) - FTP session closed.
ber06075 - FS: using system lstat()








ber06075 - ProFTPD terminating (signal 3)
ber06075 - ROOT PRIVS at main.c:1829
ber06075 - RELINQUISH PRIVS at main.c:1850
ber06075 - ProFTPD 1.2.9rc2 standalone mode SHUTDOWN
ber06075 - ROOT PRIVS at main.c:1857
ber06075 - RELINQUISH PRIVS at main.c:1859

Meine Version ist aber glaube schon mit Patch und die ohne hab ich nicht mehr :?
Gespeichert

RedHat 8.0 (2.4er Kernel)
proftpd 1.2.10
-mod_sql_mysql
-mow_wrap
-mod_exec
-mod_ifsession[/size]
Shine
ProFTPD
*
Offline Offline

Beiträge: 15


77193083
Profil anzeigen WWW
« Antwort #4 am: 13. Oktober 2003, 18:44:41 »

hi,

sorry fürs lange warten auf eine antwort ...

@Wörsty: wie es aussieht bist du auch nicht "weiter" gekommen ...  ist wohl auch gut so, obwohl ich doch gerne gesehen hätte wie mir eine (root)-shell entgegenspringt ..
Gespeichert

Im Suff sind alle Frauen schön ....
smurfy
Gast
« Antwort #5 am: 14. Oktober 2003, 10:50:04 »

also derzeit gibt es 2 exploids!

http://www.k-otik.com/exploits/10.13.proft_put_down.c.php

und das was ihr da geposted habt:

http://www.k-otik.com/exploits/10.04.proftpd_xforce.c.php

bye smurfy
Gespeichert
smurfy
Gast
« Antwort #6 am: 15. Oktober 2003, 10:59:12 »

blöde frage, diese beiden exploids.. die sind doch alle nur mit der non p version von der 1.2.8 oder?

ich hab nur das vom 04.10 getested und da geht ned.. aber das andere war ich zu faul zum testen..


ich hab derzeit meinen ftp runtergefahren aus sicherheit Zwinkernd

bye smurfy
Gespeichert
Wörsty
Moderator
ProFTPD
*****
Offline Offline

Beiträge: 1602


50772603
Profil anzeigen WWW E-Mail
« Antwort #7 am: 15. Oktober 2003, 11:00:16 »

Natürlich nur für die ungepatchte Version.
Gespeichert

RedHat 8.0 (2.4er Kernel)
proftpd 1.2.10
-mod_sql_mysql
-mow_wrap
-mod_exec
-mod_ifsession[/size]
Seiten: [1]   Nach oben
  Drucken  
 
Gehe zu:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Prüfe XHTML 1.0 Prüfe CSS
Seite erstellt in 0.096 Sekunden mit 16 Zugriffen.