Ws_ftp Server 7.7 VERIFIED Download

The process execution chain looks the same across all observed instances, indicating possible mass exploitation of vulnerable WS_FTP servers. Additionally, our MDR team has observed the same Burpsuite domain used across all incidents, which may point to a single threat actor behind the activity we've seen.

WinSock File Transfer Protocol, or WS_FTP, is a secure file transfer software package produced by Ipswitch, Inc.[1] Ipswitch is a Massachusetts-based software producer established in 1991 that focuses on networking and file sharing.[2] WS_FTP consists of an FTP server and an FTP client and has over 40 million users worldwide.[3]

Ws_ftp Server 7.7 Download

Download File 🔥 https://cinurl.com/2y3gUU 🔥

File Transfer Protocols are used to transfer large files. FTP clients add stability and encryption options over traditional FTP transfers.[5] The WS_FTP client has a "classic" GUI with two panes, one showing the local computer and the other accessing the remote host, though newer versions of the software have updated interfaces, including a web browser interface.[5] The WS_FTP secure server encrypts files using SSL/FTPS, SSH, or SCP2 and HTTPS transfers.[3][7] It is self-contained, eliminating the need for an external database.[7] WS_FTP's additional built-in capabilities include email client integration, alerts and notifications, server failover, and transfer scheduling.[1]

WS FTP Server Web Transfer module simplifies the process of moving and sharing files. No more having to deal with the inefficiencies and security concerns related to email and instant messaging, or the need to manually install, manage, and maintain file transfer software on end users desktops. The Web Transfer module gives users a simple file transfer interface that works on any browser and operating system, so authorized people can securely upload or download files, or even create and delete folders on the remote server.

When you deploy WS FTP Server with Microsoft Clustering, you benefit from the failover capabilities of two nodes to run both public and private file sharing services. Microsoft Clustering with WS FTP Server acts as a traffic cop to manage the shared IP address and ensure that external connections are arriving at one node at a time. Store the WS FTP Server configuration in a Microsoft SQL Server database and store the files uploaded to WS FTP Server to a NAS or file share. You may enhance your setup with external authentication using an LDAP server, Active Directory, or another ODBC database.

Another option is to run WS FTP Server using the Web Farm deployment which uses two nodes to run both public-facing and internal WS FTP Server services at all times. Then use Microsoft Network Load Balancing services to ensure that traffic is only directed to one node at a time. Store the WS FTP Server configuration in a Microsoft SQL Server database and store the files uploaded to WS FTP Server to a NAS or file share. You may enhance your setup with external authentication using an LDAP server, Active Directory, or another ODBC database.

During installation, you can select Microsoft Internet Information Services (IIS) as your web server (instead of WS_FTP's Web Server). If you choose this option, you need to have Microsoft Internet Information Services (IIS) 7.0 or later installed on your computer. If you opt to use IIS, WS_FTP Server requires the ASP .NET Web Server Role Service.

If you specify a user other than the default user to serve as the run as user on the IIS virtual folder (if you are using Microsoft IIS as your web server), you may get a HTTP 401 error when you attempt to open the WS_FTP Server 2017 Manager. If this occurs, you must open the WSFTPSVR virtual folder in IIS and change the anonymous access user password to match the specified user's password.

The WS_FTP Server Manager provides web-based administration from the local machine and also allows remote management of the server. WS_FTP Server 2017 Server Manager is a part of WS_FTP Server and is installed on the same machine.

WinSock File Transfer Protocol, or WS_FTP, is a secure file transfer software package. The server provides advanced features, including SFTP capability, 256-bit AES encryption, SSH transfers, SCP2, and more. WS_FTP assures reliable and secure transfer of critical data.

Advanced security features include 256-bit AES encryption, SSH transfers, Secure Copy (SCP2), file integrity, SMTP server authentication, SSL certificate support, an SSH listener option, login authentication encryption, digital certificate management, and mutual authentication of server and clients.

Control file transfer activities with external authentication, LDAP queries and wide range of administrative tools for customisation.

Powerful admin features include support for virtual servers, end user email notification, end user folder controls and IP whitelists for end user authentication.

You can add the modules below to enhance the capabilities of WS_FTP server. Each of the following features can be utilised with WS_FTP server to enhance its capabilities and customise your solution as you need it.

CVE-2023-42657 (CVSS 9.0). An exposure in the FTP/SCP (SSH) implementation that enables file operations outside of the WS_FTP data folder through a directory traversal vulnerability. This issue can allow an attacker to access, modify, and delete files on the server, which can expose data, but also allow remote code execution in some configurations.

According to the published POCs, the targeted POST requests against the aforementioned endpoints are followed by HTTP Status 302 (Redirect) or 200s (Found). We also observed 500 (Internal Server Error). HTTP Status 500s are internal server backend errors which at times may indicate exploitation attempts.

Sophos X-Ops pointed out in its Mastodon posts that the ransomware actors "didn't wait long" to exploit the flaw. Although Progress patched CVE-2023-40044, "not all of the servers have been patched." Similarly, Bitdefender said on Oct. 5 that more than 2,000 vulnerable servers remained.

"Progress is pleased to see industry security providers such as Sophos offering solutions that increase the overall security of servers running internet facing products such as WS_FTP," the spokesperson said. "This exemplifies the 'defense in depth' mindset that is so important these days. Once again, we encourage WS_FTP customers who have yet to patch their installations to do so as soon as possible."

"We are disappointed in how quickly third parties released a proof of concept (POC), reverse-engineered from our vulnerability disclosure and patch, released on Sept. 27. This provided threat actors a roadmap on how to exploit the vulnerabilities while many of our customers were still in the process of applying the patch. We are not aware of any evidence that these vulnerabilities were being exploited prior to that release. Unfortunately, by building and releasing a POC rapidly after our patch was released, a third-party has given cyber criminals a tool to attempt attacks against our customers. We are encouraging all WS_FTP server customers to patch their environments as quickly as possible.

The WS_FTP server's recent vulnerability presents a severe threat landscape because of its inherent nature, which permits unauthenticated attackers to execute commands on the underlying OS remotely, explained Callie Guenther, senior manager, cyber threat research at Critical Start. Guenther said the fact that threat actors such as the Reichsadler Cybercrime Group are actively attempting to exploit this vulnerability using sophisticated tools like GodPotato only underscores its significance.

The critical deserialisation and file traversal vulnerabilities allow an attacker to execute arbitrary code and perform file changes on the server with the potential for onward exploitation of connected systems.

In this particular attack, the threat actors attempted to escalate privileges using the open-source GodPotato tool, known for enabling privilege escalation across various Windows client and server platforms.

Although we've noticed a consistent decline in the number of vulnerable servers, it's important to highlight that there are still more than 2,000 of these servers, each potentially representing an entire network. Notably, a significant majority of these servers are located within the United States.

The second category of attempts points to the actions of threat actors who are actively trying to deploy webshells on these vulnerable servers. A webshell is a malicious script or piece of code that attackers place on a compromised server to gain unauthorized access and control. While it is not possible to accurately attribute these attempts, these can be initial access brokers, ransomware affiliates, or even state-sponsored threat actors that are trying to compromise these systems before they are patched.

We have also analyzed attacks where cmd.exe starts a chain of PowerShell commands. This attack attempts to evade detection by using an AMSI bypass, uses a combination of code obfuscation techniques, and executes an encoded shellcode. This shellcode connects to command and control server using port 49960. This shellcode is detected by Bitdefender as Generic:ShellCode.Marte.4.98108467.

Clop has been linked to multiple high-impact data theft and extortion campaigns targeting other managed file transfer platforms, including Accellion FTA servers in December 2020, the 2021 SolarWinds Serv-U Managed File Transfer attacks, and the mass exploitation of a GoAnywhere MFT zero-day in January 2023.

Australian cybersecurity firm Assetnote, which identified the deserialization flaw, said Saturday it had identified "about 2,900 hosts on the internet that are running WS_FTP and also have their webserver exposed, which is necessary for exploitation." Most of the instances "belong to large enterprises, governments and educational institutions."

Progress Software in an emailed statement said it is "disappointed in how quickly third parties released a proof of concept." The published exploit "has given cyber criminals a tool to attempt attacks against our customers. We are encouraging all WS_FTP server customers to patch their environments as quickly as possible."* The U.S. Health Sector Cybersecurity Coordination Center, or HC3, in a Friday alert, said it "strongly encourages all users to follow the manufacturer's recommendation and upgrade to the highest version available - 8.8.2 - to prevent any damage from occurring." ff782bc1db