I was playing around with ftp and found something interesting. I connected to a ftp server with the username kali and my listed directory is /home/kali which means I am able to retrieve files within /home/kali.
But somehow I have a few files in /home/kali that is with the ownership of root not kali. I can still retrieve these files by using the get command. And then when I get those files, I can simply change my client os let's say parrot os to root (It's my os so of course I know my root password but I am not suppose to know kali's root password and I login with the username kali not root on the ftp server)
And now I can have full access to those files. Is this a misconfiguration or a bug I found. I would be so happy if it's a bug xdd :)
Also I know I can change the listed directory to /home/kali/Public_html by adding local_root=/home/$USER/Public_html in /etc/vsftpd.conf. Just playing around with it :)
https://stackoverflow.com/questions/67041357/ftp-able-to-download-files-without-ownership April 11, 2021 at 12:04PM
没有评论:
发表评论