|
There's feature of the WU-FTP daemon (Version
2.4.2 tested as well as earlier versions) (http://www.academ.com/academ/wu-ftpd/)
that allows a remote user to workout what flavour of UNIX the ftp server is
running on. When using the cd (CWD) command to a user accounts home directory
(cd ~user) the WU-FTPD will reveal the accounts physical path if the account is
a built in standard account such as root or games or uucp etc. For non-standard
accounts it calims not to know the user:
ftp> cd ~mail
550 /var/spool/mail: No such file or directory. ftp> cd ~games 550 /usr/games: No such file or directory. ftp> cd ~root 550 /root: No such file or directory. ftp> cd ~guest 550 Unknown user name after ~ ftp> cd ~jsmith 550 Unknown user name after ~ ftp> cd ~nobody 550 /dev/null: No such file or directory. Knowing what accounts exist on what flavour of UN*X
allows a remote user to can then say with a high degree of certainty that
they're dealing with a specific platform.
Cheers,
David Litchfield
Cerberus Information Security
+44(0)181 661 7405
|
- wu-ftpd Eduard Nigsch
- Re: WU-FTPD Mnemonix
- Re: WU-FTPD hayward
