The encryption method used in WS_FTP is _extremely_ weak. These files can be found with the "index of" keyword or by searching directly for the PWD= value inside the configuration file.There is an easy way to decrypt the hash, use the decryptor at:http://www.codebluehacks.com/Tools.php?ID=1Orhttp://www.hispasec.com/directorio/laboratorio/Software/ws_ftp.htmlTo see results; just write in the (http://www.google.com/) search engine the code:filetype:ini ws_ftp pwd
==================================
These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to logon to that site as that user.To see results; just write in the (http://www.google.com/) search engine the code:filetype:log inurl:"password.log"
==================================
Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access database for storage. The installation instructions clearly indicate to change the default path and filename (admin/database/wwForum.mdb).vendor: http://www.webwizguide.info/web_wiz_forums/The forum database contains the members passwords, either encrypted orin plain text, depending on the version.Please note: this search is proof that results can stay in Google's index for a long time, even when they are not on thesite any longer. Currently only 2 out of 9 are actually still downloadable by an attacker.To see results; just write in the (http://www.google.com/) search engine the code:filetype:mdb wwforum
==================================
VNC is a remote-controlled desktop product. Depending on the configuration,remote users may not be presented witha password. Even when presented with apassword, the mere existance of VNC can be important to an attacker, as is theopen port of 5800.To see results; just write in the (http://www.google.com/) search engine the code:"VNC Desktop" inurl:5800By the way, New version of VNC changedtitle to VNC Viewer so now you can search for�intitle:vnc.desktop inurl:5800
0 comments:
Post a Comment