Tutorial on modifying the attack defense of Serv-u ftp software [graphic]

Reading this article Article Notes:
1. The Everyone user's full control directory cannot appear on the server
2. the permissions on the web directory are independent. Generally, they are read and write, and there is no operation right.
3. IPSec limits inbound and outbound port access
The default Local Management port of Serv-U is used to log on to the new domain and run commands by the default Administrator. In versions earlier than Serv-U v3.x, the default Local Management port is 127.0.0.1: 43958, therefore, only local connections are allowed. Default Administrator:

Localadministrator, default password: # l @ $ AK #. LK; 0 @ P, which is integrated in Serv-U. You can use the guest permission to connect and manage Serv-U.

Prevention measures and countermeasures:
You can directly use ultraeditto modify the file servudaemon.exeand servuadmin.exe in the lower part of Serv-U v6, and change the default password to other characters of the same length.

Ultraeditopen servuadmin.exe to find the last b6ab (hexadecimal 43958) and replace it with a custom port such as 3930 (12345). However, the remote buffer overflow vulnerability exists in versions earlier than Serv-U V6, not recommended

For Versions later than Serv-U V6, you can add localsetupportno = 12345 to servudaemon. ini to change the default Management port and use IPsec to restrict access from any IP address to port 12345.

Question: Add port 12345 blocking. If you do not change the default port, add Port 43958 blocking. If you use the "Change Password Settings" button, add it to servudaemon. ini.

Localsetuppassword = ah6a0ed50add0a516da1_92db43f3aa39 or another MD5 password. If you do not change the default management password, the original # l @ $ AK #. LK; 0 @ P is retained only when the password is empty. Add the localsetupportno = 12345 limit for the Management port. Of courseProgramAlso change the port

Set directory permissions. By removing IIS access permissions from the web directory, you can prevent using webshell to run exp programs. However, this method has some limitations and requires many directories, there is no omission. If a directory is set incorrectly, the exp can be uploaded and run in this directory, because the permissions on the web are independent and generally read and write. no operation right. therefore, it is unlikely that other files will be uploaded and executed successfully. modify the permissions of the Serv-U installation directory c: \ Program Files \ Serv-U (for example, this directory, but for security, do not use the default directory). The Administrator Group is fully controlled and users in the guests group are denied access to the Serv-U directory. This prevents users from using webshell to download servudaemon.exe, use ultraedit to open and analyze the Serv-U account password, and modify the compilation, upload, and run. The previous work is useless, because the default Management port has been modified in the program file, in servudaemon. INI has also been modified, so the default administrator cannot connect

the last one, because Serv-U runs with the system permission by default when starting a service, it is possible to be elevated by permissions. You only need to change the starting user of Serv-U to a user group, so there will be no so-called permission escalation. However, this low-Permission user must have full control over the Serv-U installation directory and the directory or drive letter that provides FTP services. Tests show that Serv-U started by users in a common group cannot add or delete users. Other operations are normal.