User Controls
I need a public FTP server that i can use to host some files.
-
2015-09-02 at 5:49 PM UTCGot any good free ones? Maybe i can sign up for free site hosting as well and use the FTP that comes with that.
-
2015-09-02 at 7:11 PM UTCYou can setup a free FTP server on your own box and host files from there. Serv-U.
-
2015-09-02 at 8:20 PM UTC
You can setup a free FTP server on your own box and host files from there. Serv-U.
Yeah that's true, but i'd rather not use my own box for reasons of operational security. -
2015-09-02 at 8:43 PM UTCI signed up for Angelfire accounts way back in the day(10+ years ago) and I get like 20GB of storage space. I also get free access to the advanced editor that usually costs money.
How much space do you need and how open will people be downloading files?
There are alternatives. I had an idea a while back for storing things online, and then a program would collect them and put the file together. I'll explain when I am at home. -
2015-09-02 at 10:51 PM UTC
I signed up for Angelfire accounts way back in the day(10+ years ago) and I get like 20GB of storage space. I also get free access to the advanced editor that usually costs money.
Twenty gigs is pretty decent, do you still have this FTP server out of curiosity?How much space do you need and how open will people be downloading files?
I don't need all that much maybe 5 gigs tops initially, but i'll take as much as i can for the least amount of money. I also imagine that if people will want to download the content i am providing they will probably do so in the open. I plan on using it for storing project files some tools that sort of thing.There are alternatives. I had an idea a while back for storing things online, and then a program would collect them and put the file together. I'll explain when I am at home.
Please do i'd be interested to know. -
2015-09-02 at 11:03 PM UTCIf you run any malicious scripts or files off of Angelfire's FTP servers, they will simply delete the account.
-
2015-09-02 at 11:31 PM UTC
If you run any malicious scripts or files off of Angelfire's FTP servers, they will simply delete the account.
That's assuming i'm going to do that, and assuming they can tell if there's anything malicious. In any event, i plan on hosting a number of security related materials and tools maybe i'll even get proper hosting and run a little semi private website later on for infosec resources and such that'd be pretty cool. -
2015-09-02 at 11:55 PM UTCWhat about drop box? Not secure enough?
-
2015-09-03 at 12:24 AM UTC
What about drop box? Not secure enough?
Security is not really the issue, i want a FTP server so that i have direct download links for the files i'm hosting. I think you need a dropbox account to be able to download files from there if i'm not mistaken. -
2015-09-03 at 12:31 AM UTCWhat I used to do, years ago, mind you, is "half-open" high speed port scan broadband IP ranges looking for idle high-speed boxes with open trojan ports on them, log them all, then either use the client and the author password to get in, or many times they're just wide open and you just need the client to go ahead and log in with r00t access. Once you're in, you can check to see if the computer is very active, and if its not, you can setup an invisible FTP server on some obscure port quite easily and upload/download files at will. You can even get a Net of them up and running with large amounts of free space on those drives, and setup what's called a "pipe" between your own box and the server, (a pipe makes it as if you are running the FTP server and other programs locally, but it's actually remotely, and the program output/inputs are "piped" back to your own box), like I did back in the day. It's all free, so that's the point.
-
2015-09-03 at 1:30 AM UTC
What I used to do, years ago, mind you, is "half-open" high speed port scan broadband IP ranges looking for idle high-speed boxes with open trojan ports on them, log them all, then either use the client and the author password to get in, or many times they're just wide open and you just need the client to go ahead and log in with r00t access. Once you're in, you can check to see if the computer is very active, and if its not, you can setup an invisible FTP server on some obscure port quite easily and upload/download files at will. You can even get a Net of them up and running with large amounts of free space on those drives, and setup what's called a "pipe" between your own box and the server, (a pipe makes it as if you are running the FTP server and other programs locally, but it's actually remotely, and the program output/inputs are "piped" back to your own box), like I did back in the day. It's all free, so that's the point.
I'm assuming you mean legit remote administration port when you say 'trojan port'. In any event i'm not going to scan the entire internet but using someones idiocy to my advantage is certainly my gig, luckily though in this day and age we have google dorks for what you are suggesting which i totally forgot about before you made your post so thanks.
Query.
filetype:txt inurl:"Windows/System32"
Result.
ftp://187.188.158.142/Windows/
http://pastebin.com/SPx3LFWE
As you can see they have the terminal service running for remote management. Check it out, if i have write access i'll use one of these with good uptime to deploy my trojan from.
However for more legitimate purposes i'd still be interested in a dedicated FTP server.
-
2015-09-03 at 4:23 PM UTC
However for more legitimate purposes i'd still be interested in a dedicated FTP server.
That's why it's actually best to harvest them yourself from the wild. The majority of the ones you do get will be dedicated. Of course, many of them will be honey pots as well.
-
2015-09-03 at 5:02 PM UTC
That's why it's actually best to harvest them yourself from the wild. The majority of the ones you do get will be dedicated. Of course, many of them will be honey pots as well.
Google already indexes a shitload of these, so it really doesn't matter if i harvest them or not. For a dedicated server though, i'd like to be able to set permissions. Also, if i use a server such as the one i linked to the actual owners will be able to remove any files i upload without me knowing. -
2015-09-03 at 6:56 PM UTCNot if you put the home folder into the History folder. It then disappears from Windows Explorer altogether and won't even show up in an advanced search on the machine. You can only access it from MS-Dos mode, but the server will still run and open ports and accept connections no problem. For the permissions, you just need a config file in the home folder and set the folder/file permissions with the |
-
2015-09-03 at 7:24 PM UTCEh if i can access the command prompt i might as well hide files in alternative data streams while i'm at it, point being, a commandeered FTP server is good for deployment of easily hidden files like my trojan. If i want to host some files of substance a commercially available solution would be ideal, preferrably one that costs me nothing.
-
2015-09-03 at 8:02 PM UTCWhat I did at first was use .bat files to execute MS-Dos commands locally when I was sure the person wasn't on the machine, and then delete them right after execution. Then I figured out how to "pipe" executable program input/output, which worked even better than the .bat files, as there was then no tell-tale window flashing up momentarily and nothing to have to collect, such as log files. It was basically like having a remote virtual machine in real time.
-
2015-09-04 at 1:33 AM UTCx10 hosting is the tits, best free service that I know of
-
2015-09-04 at 2 AM UTC
x10 hosting is the tits, best free service that I know of
x10 hosting restricts by IP, Holland isn't allowed and all my european VPN servers aren't either, TOR exit nodes are blocked and the few American servers i tried gave me this message: [h=5]We are not currently accepting from your Internet provider due to recent abusive activity. Please try again at a later date.[/h]
Lol. -
2015-09-04 at 2:17 AM UTC
x10 hosting restricts by IP, Holland isn't allowed and all my european VPN servers aren't either, TOR exit nodes are blocked and the few American servers i tried gave me this message: [h=5]We are not currently accepting from your Internet provider due to recent abusive activity. Please try again at a later date.[/h]
Lol.
Come to think of it they actually did have a problem with email abuse. A lot servers would default drop mail that originated from x10 (glad I realized that sooner than later).
Well that's all I've got, I'd try all the free web hosts and see which are tor friendly. -
2015-09-04 at 2:26 AM UTC
Query.
filetype:txt inurl:"Windows/System32"
Result.
ftp://187.188.158.142/Windows/
http://pastebin.com/SPx3LFWE
As you can see they have the terminal service running for remote management. Check it out, if i have write access i'll use one of these with good uptime to deploy my trojan from.
However for more legitimate purposes i'd still be interested in a dedicated FTP server.
Damn how does someone fuck up this bad.
You should set up a home server and either have a public facing website or a internal site and set up a vpn and ssh. If you set it up with certificates security is almost a non issue and you can then connect to your home internet to access the site and/or use sftp to download files.
Second to that either hostgator or a digital ocean droplet (never used this but hearrd good things).