Passive Agression is a perl proof-of-concept exploit for downloading other user's files from FTP servers without needing thier authentication. It works against servers that use passive connections for data transfers and fail to check the incoming address of the data connection. It first attempts to determine the server-side data port incrementation rate and then guesses at the next port, makes a connection, and saves the retrieved data to a file. This does not work against M$ boxen, but is fairly impressive when run against large public FTP servers. A much more sinister purpose would be to snag confidential files being passed between corporate networks at scheduled times, like end of the day batch processing of customer orders, or crontab'd FTP backups.
2f7dee6b0a712a2ec0f4773b51daa24e069086bc2dbc73ffb50a9d1c4ccfdca7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed