Every one must be familiar with FTP (file transfer protocol). Files are transfered in clear text! We were testing IIS with ftp for common vulnerabilities. We needed something to sniff data specialy FTP and found this FTPXEROX tool its old but works.
FTPXerox grabs files that are transferred across the network using the FTP protocol. It was written to demonstrate the fact that any “clear-text” file transfer protocol is susceptible to such attacks. It implements a full end-to-end TCP re-assembly engine that watches for FTP transfers. Once the engine detects an FTP file transfer, it grabs the file off the wire and stores it in a local file. It is quite intelligent in the sense, it can reconstruct exact file names and even grab binary files! Version 1.0, however, does NOT support PASV mode file transfers.
Mostly this tool will be helpful for white hat
security testers to test how to secure existing ftp setup, or, you can say that some one from the inside needs to gather some information hmm?
Requirements:
Related External Links
If you enjoyed this article, you might also like:
- June 29, 2010 -- UPDATE: Netsparker Community Edition 1.5.0.0!
We have detailed talked about Netsparker Community Edition here. Now it has been updated to the late... - June 23, 2010 -- Easy and Effective Way for Setting up a DNS Sinkhole!
Procedure and network admins talk about plugging all of the holes and securing their network of deni... - June 18, 2010 -- Integrate Nmap with NSE for Vulnerability Scanner.
Performing a vulnerability scan is extremely resources consuming. Why not add a effortless vulnerabi... - June 8, 2010 -- POET : Padding Oracle Exploit Tool
Practical Padding Oracle AttacksAt Eurocrypt 2002, Vaudenay introduced a powerful side-channel a... - June 8, 2010 -- Update : PHPIDS 0.6.4 is out
Most of are familier with PHPIDS , We have talked about in detail Here .With its popularity grow... - May 20, 2010 -- SSLCertScanner: A Network Based SSL Certificate Scanner!
SSLCertScanner is a FREE network based SSL certificate scanner software. It can remotely scan SSL ce... - March 10, 2010 -- ackack: Monitor your Network Traffic and Detect Unauthorized Sessions Easily!
ackack is a program to monitor network traffic and detect unauthorized sessions. Provides the abilit... - March 6, 2010 -- UPDATE: Samurai Web Testing Framework 0.8!
Good news for web application penetration testers! Samurai Web Testing Framework is now upgraded to ... - March 4, 2010 -- Vulnerability Manager: Automate Your Application Security Program!
So you have a great collection of exploits, script's, etc. but all of it is unorganised! Vulnerabili...
Tagged as: Application Scanner, application security, FTPXEROX, how to ftp
Comments on this entry are closed.