Re: Listing hide files via ftp

To:	Tremaine Lea <tlea@ddiction.com>
Subject:	Re: Listing hide files via ftp
From:	carlopmart <carlopmart@gmail.com>
Date:	Thu, 15 Mar 2007 08:35:09 +0100
Cc:	pen-test@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=W8FeOUEtklAKLmkwKHmxBOddD/zuscgRIEKuRjUdR/8rilNBfZxSs7R88Ah/5hf5CqlsIfwCGM6Ew3nIZNkgFeTnj3SnA1XLlGvO92UcR5CUazlkP59gZNbZil5WBbXsG7DOwUCFABHbfYJVT+Bf6YoxvhokFa1DMT2ICzB8kfk=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=d7bLjha/GElq8Cpqs+t8TpKV3ZeYF3CW2+O4bs6hDj391OlSlAwHYnJSyOydYxNGjmP1qNyTly+CBNqmfuypf4ePq+grQd7FfCKdCX36bdOCO9ESJyu5+qTOC4XTFrUVXlZkLyaAaDgm9rCopA60jvzbp4hlKvsmZxA433FljN4=
In-reply-to:	<63A4BDCA-6759-4DD4-8260-6F67DC0A4D4E@ddiction.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<45F3EF93.8080208@gmail.com> <DA9DAFE3-A4C3-470F-992A-AB92D61C0C6B@gmail.com> <45F798D8.7080001@gmail.com> <63A4BDCA-6759-4DD4-8260-6F67DC0A4D4E@ddiction.com>
Resent-date:	Sun, 18 Mar 2007 01:03:11 -0700 (MST)
Resent-from:	pen-test-return-1078483793@securityfocus.com
Resent-message-id:	<20070318080311.73AD7238557@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
User-agent:	Thunderbird 2.0b2 (X11/20070116)

Tremaine Lea wrote:


On 14-Mar-07, at 12:40 AM, carlopmart wrote:

Garrett Reid wrote:

Try a "list -Al"
On Mar 11, 2007, at 6:01 AM, carlopmart wrote:



<snip>

hi garret, I have tried but doesn't works ...

-- CL Martinez
carlopmart {at} gmail {d0t} com

Are you doing this from the server administration side, or logged intoan ftp server?

I am doing this logged into a ftp server


What OS is the ftp server?


I think is a RHEL or RHEL derivated, but this server is not under my control

You'll need to provide at least a bit more detail, and it would behelpful if you replied with any errors you receive when trying a commandthat's been suggested.


Details:



[carlos@nazgul iso-images]$ ftp ftp.server.com
Connected to ftp.server.com (1.1.1.1).
220 ACME Technologies Inc.
Name (ftp.server.com:carlos): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -la
227 Entering Passive Mode (1,1,1,1,209,98)
150 Opening ASCII mode data connection for file list
drwxr-xr-x   5 root     root         4096 Dec 28 19:38 .
drwxr-xr-x   5 root     root         4096 Dec 28 19:38 ..
-rw-r--r--   1 sgreen   sgreen        304 Feb 15 22:13 .bash_logout
-rw-r--r--   1 sgreen   sgreen        191 Feb 15 22:13 .bash_profile
-rw-r--r--   1 sgreen   sgreen        124 Feb 15 22:13 .bashrc
-rw-r--r--   1 sgreen   sgreen        383 Feb 15 22:13 .emacs
-rw-r--r--   1 sgreen   sgreen        120 Feb 15 22:13 .gtkrc
drwxr-xr-x   3 sgreen   sgreen       4096 Jun 20  2006 .kde
-rw-r--r--   1 sgreen   sgreen        658 Feb 15 22:13 .zshrc
drwxrwx-wt 267 ftp      ftp         12288 Mar 14 21:15 download
lrwxrwxrwx   1 ftp      ftp             8 Jun 14  2006 pub -> download
drwxrwx-wx 205 support  support     77824 Mar 15 06:30 upload
226 Transfer complete.
ftp> cd download
250 CWD command successful
ftp> ls -la
227 Entering Passive Mode (216,228,148,15,223,76)
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp> ls -Al
227 Entering Passive Mode (216,228,148,15,224,175)
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp>

As you can see on this screen, I can list root directories but notcontents on subdirectories, but on this subdirectories exists files ...


Cheers,

Tremaine Lea
Network Security Consultant



--
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Listing hide files via ftp, carlopmart Re: Listing hide files via ftp, Garrett Reid Re: Listing hide files via ftp, carlopmart Re: Listing hide files via ftp, Tremaine Lea Message not available Re: Listing hide files via ftp, carlopmart <= Re: Listing hide files via ftp, Tremaine Lea

Previous by Date:	SPI firewall in between, Itimanth K
Next by Date:	Oracle Application Server 10g question, Zed Qyves
Previous by Thread:	Re: Listing hide files via ftp, Tremaine Lea
Next by Thread:	Re: Listing hide files via ftp, Tremaine Lea
Indexes:	[Date] [Thread] [Top] [All Lists]