FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") " - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "

Page 1 of 2

1

Topic Options

#147844 - 2005-09-15 01:48 AM FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	The UDF that uses CreateObject("Microsoft.XMLHTTP") is great for downloading via TCP port 80. The only drawback is a lack of user feedback while the file is downloading. Does anyone know of a capability like CreateObject("Microsoft.XMLHTTP") but is for FTP port 21 ? If yes, is there a UDF ?
Top

#147845 - 2005-09-15 03:04 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	so what you want is a download script that tells the user how fast it is downloading and how much time is left, right? _________________________ ! download KiXnet
Top

#147846 - 2005-09-15 04:48 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	No. I wouldn't mind a UDF using CreateObject("Microsoft.XMLHTTP") that had a histogram or something showing percent completed. The UDF FTPget() is one but there is not completion feedback. It's name is also deceptive and it should really be called HTTPget(). ;-) But, that is not why I am posting. The UDF FTPget() uses CreateObject("Microsoft.XMLHTTP") and performs a http get using TCP port 80. I'm looking for similar functionality/UDF using the FTP protocol, TCP port 21. I hope I have expressed my desire better than the original post.
Top

#147847 - 2005-09-15 06:47 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4563 Loc: USA	Does it have to use the XMLHTTP object? I have written a script that will do what you want, but it just uses the standard ftp client built into the OS.
Top

#147848 - 2005-09-15 03:37 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	dave, with ftpget you should get a pull on port 21 just fine. and yes, what you are after is the user feedback. and you can get some with simply little modifying the ftpGet() _________________________ ! download KiXnet
Top

#147849 - 2005-09-15 09:08 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	I have already scripted using the native FTP.EXE. Too many problems with individuals and their respective FireWalls blocking outbound access. I am presently coding with the GNU WGET.EXE utility. Thanx for asking.
Top

#147850 - 2005-09-15 09:14 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	I tried FTPget() with authentication on a FTP server and it failed. I tested it with a simple FTP retrieval and used TCPVIEV -- http://www.sysinternals.com/Utilities/TcpView.html to see activity and I could not see FTP activity. Edited by DaveLipman (2005-09-15 09:22 PM)
Top

#147851 - 2005-09-15 09:42 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	OK -- I got it. Syntax error. FTPget() needed a URL not a site. Example: Instead of ftp.site.com it needed ftp://ftp.site.com Interestingly McAfee VirusScan flagged the script with the VBS/Psyme. http://vil.nai.com/vil/content/v_100749.htm "The vulnerability allows for the writing, and overwriting, of local files by exploiting the ADODB.Stream object." I'll have to submit the script to McAfee as a False Positive declaration. This would be problemsome considering the use of the script.
Top

#147852 - 2005-09-15 11:06 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	if you do submit it, thanks. _________________________ ! download KiXnet
Top

#147853 - 2005-09-16 12:56 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	It has been done In addition, going to; http://www.kixtart.org/UDF and then choosing FTPget from the left pane would get similar results as the HTML file in the cache would also be flagged as having the VBS/Psyme. I am awaiting the results from McAfee/AVERT.
Top

#147854 - 2005-09-16 01:44 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	it's weird how all the scripts that are flagged are flagged by McAfee. surely doesn't give good picture of that company's product. _________________________ ! download KiXnet
Top

#147855 - 2005-09-17 12:44 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	That's not really true. All AV companies will generate a False Positive declaration at one time or another. Right now it looks like the latest Symantec signatures have a False Positive declaration for the "Backdoor.Graybird". It all depends on what the AV company focuses on and what they will define as the signature of an infector. Since the VBS/Psyme exploits the "ADODB.Stream" it can be hard to differentiate a code for nefarious purposes vs. normal coding. McAfee will tweak the signature and it should not flag the UDF. At this time, I haven't receved feedback from McAfee/AVERT.
Top

#147856 - 2005-09-17 01:00 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	well. if you search the board there is about 10 mcAfee false positives and none from the other big players. why? because they do their job better. Edited by Jooel (2005-09-17 03:45 AM) _________________________ ! download KiXnet
Top

#147857 - 2005-09-17 02:09 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Wow, did I see correctly? I can't believe my eyes. Jooel not knocking the other AV vendors? Co0l
Top

#147858 - 2005-09-17 03:46 AM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	fixed my last line... was too sweet. _________________________ ! download KiXnet
Top

#147859 - 2005-09-29 01:26 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	Based upon a communication with a researcher at McAfee, they consider the VBS/Psyme declaration as valid and pointed out that McAfee AV is not alone so I tested it and found the following also declared the script as a script infector... BitDefender 7.2 09.29.2005 Exploit.ADODB.Stream.Gen Kaspersky 4.0.2.24 09.29.2005 Trojan-Downloader.JS.gen TheHacker 5.8.2.116 09.28.2005 VBS/Psyme McAfee has indicated that this function is based upon flaw in IE that is too easily exploitable and thus will not remove this detection.
Top

#147860 - 2005-09-29 01:31 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	ja, so they say that because they don't know how to fix their detection must mean they are cool? f*ck them. false positives is what mcAfee is known to produce and it will do that still. _________________________ ! download KiXnet
Top

#147861 - 2005-09-29 01:35 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	btw, did you tell them that vbs/psyme is VBS code? so, if the udf above seems vbs to them, they are blind also. _________________________ ! download KiXnet
Top

#147862 - 2005-09-29 04:47 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
DaveLipman DaveLipman Fresh Scripter Registered: 2005-07-13 Posts: 33 Loc: NJ, USA	The fact that the VBS prefix is used is in the naming convention is unimportant. It doesn't matter is you used VB or Kix as the scripting language. It is still considered exploit code of a vulnerability. McAfee is not alone in this detection as I have demonstrated.
Top

#147863 - 2005-09-29 04:52 PM Re: FTP (TCP port 21) version of CreateObject("Microsoft.XMLHTTP") "
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	eh. like you showed, others also have problems with the exploit recognition. the code does not exploit anything. even thought the ado could be used to exploit, the code in question does not exploit. if they can't differ those two, it's a damn. _________________________ ! download KiXnet
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 2419 anonymous users online.

Newest Members

batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users

Generated in 0.077 seconds in which 0.028 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking