TUCoPS :: Password Security :: bt2002.txt

YAK! 2.1.0 still vulnerable




YAK! 2.1.0 still vulnerable

===========================



for file transfer yak uses ftp mode. Yak!

listens on port 3535 for file transfer in ftp mode.



vulnerability in the previous version was, they

were using constant username and pass

combination for ftp login.



2.1.0 version seems to overcome the constant

pass problem. but still it is using constant username.



USER : y049575046



i tested with 2 pcs ... and got varing pass for

each of them. 



PASS : 24151.0y0495   ----> pc 1

PASS : 24251.0y0505   ----> pc 2



the passwords seem to maintain a special pattern still.





TO FIND PASSWORD

----------------



it's just as easy as sniffing with a sniffer.



personally i prefer ethereal.



set filter as the following :



src host 192.168.0.151 && (dst port 3535)



where the <src host> is ur own pc. now sending the victim any file will make ethereal capture the packets. decoding the packets as FTP will show the username / password combination in cleartext.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH