Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: YAK! 2.1.0 still vulnerable

YAK! 2.1.0 still vulnerable

From: bil <bil_912_at_coolgoose.com>
Date: 19 Nov 2003 17:02:39 -0000
('binary' encoding is not supported, stored as-is) YAK! 2.1.0 still vulnerable
===========================

for file transfer yak uses ftp mode. Yak!
listens on port 3535 for file transfer in ftp mode.

vulnerability in the previous version was, they
were using constant username and pass
combination for ftp login.

2.1.0 version seems to overcome the constant
pass problem. but still it is using constant username.

USER : y049575046

i tested with 2 pcs ... and got varing pass for
each of them.

PASS : 24151.0y0495 ----> pc 1
PASS : 24251.0y0505 ----> pc 2

the passwords seem to maintain a special pattern still.


TO FIND PASSWORD
----------------

it's just as easy as sniffing with a sniffer.

personally i prefer ethereal.

set filter as the following :

src host 192.168.0.151 && (dst port 3535)

where the <src host> is ur own pc. now sending the victim any file will make ethereal capture the packets. decoding the packets as FTP will show the username / password combination in cleartext.
Received on Nov 19 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]