Most likely. How do you "download emails" from a private FTP server? Doesn't make any sense unless they were using an email client that saves them in some kind of dat file and purposely mapped the private user's directory to the shared FTP directory
You can still browse the entire hard disk and download whatever you want. If he was running his email server on the same machine, then they can download the mailbox archives stored on the server.
Only if the users home directories are explicitly shared to all users manually. Any recent OS linux or windows based protects all personal directories by default.
Wrong. The directories that the FTP server service itself has access to depend on what account the FTP server service is running as. It has nothing to do with the account you log in to the FTP server itself with, which very likely has nothing to do with Windows accounts anyway and is likely accounts created within the FTP server application. In this case, it sounds like anonymous access was allowed, which is an FTP server setting or account and not a Windows account.
If the FTP server is running as a service on Windows and is running as NT Authority/System, then that server would have access to all directories on all disks regardless of what file permissions are set, as that account has higher access than a user account that is assigned administrative rights. It can access all directories, even user home directories. This would be the same if the service was running as the root user on a Linux/Unix/macOS box.
Of course that’s why you’re supposed to use least privilege for services, but quite often people who don’t know what they’re doing don’t, and that makes my job easier. Even if least privilege was being used it’s very likely that unless the guy is a complete moron he probably didn’t have the root of the drive configured as the root of the FTP anyway, and likely had all of the stuff in some subdirectory somewhere for the purpose of remote access, backups, etc.
No you can't, you can only browse the directories the user has permission to access. Things like home directories where email clients store their data are protected by default from all other users
Nobody uses ftp anymore unless the guy is really old and refuses to use newer tools. I haven't used an ftp in like 10 years..everything is portable storage or scp or cloud based shareable drives
I use an FTP server to receive and turn in assignment for my computer science classes. You just plug the address into an ftp client(file interface) or you type ftp [email protected] in terminal and use command line to do interact with the files with commands
Most likely. How do you "download emails" from a private FTP server? Doesn't make any sense unless they were using an email client that saves them in some kind of dat file and purposely mapped the private user's directory to the shared FTP directory
FTP is merely a transfer protocol.
You can still browse the entire hard disk and download whatever you want. If he was running his email server on the same machine, then they can download the mailbox archives stored on the server.
Literally this. Download EML, PST, or OST files from an FTP? Yup! Done it before. Pen tester pede here.
Only if the users home directories are explicitly shared to all users manually. Any recent OS linux or windows based protects all personal directories by default.
Wrong. The directories that the FTP server service itself has access to depend on what account the FTP server service is running as. It has nothing to do with the account you log in to the FTP server itself with, which very likely has nothing to do with Windows accounts anyway and is likely accounts created within the FTP server application. In this case, it sounds like anonymous access was allowed, which is an FTP server setting or account and not a Windows account.
If the FTP server is running as a service on Windows and is running as NT Authority/System, then that server would have access to all directories on all disks regardless of what file permissions are set, as that account has higher access than a user account that is assigned administrative rights. It can access all directories, even user home directories. This would be the same if the service was running as the root user on a Linux/Unix/macOS box.
Of course that’s why you’re supposed to use least privilege for services, but quite often people who don’t know what they’re doing don’t, and that makes my job easier. Even if least privilege was being used it’s very likely that unless the guy is a complete moron he probably didn’t have the root of the drive configured as the root of the FTP anyway, and likely had all of the stuff in some subdirectory somewhere for the purpose of remote access, backups, etc.
I sure wouldn't mind learning how to break into computers.
In minecraft.
No you can't, you can only browse the directories the user has permission to access. Things like home directories where email clients store their data are protected by default from all other users
Nobody uses ftp anymore unless the guy is really old and refuses to use newer tools. I haven't used an ftp in like 10 years..everything is portable storage or scp or cloud based shareable drives
I use SFTP every day, which is basically just FTP over SSL.
Outlook uses PST files, there is no reason you would, but not impossible to store those on an FTP.
Still, while thing reads like a LARP. I don’t know runs an FTP for personal storage.
Nobody. Everyone uses portable or cloud storage, or at minimum scp
Unless the guy is a lazy old fart, one of the types that refuses to use two factor authentication
I use an FTP server to receive and turn in assignment for my computer science classes. You just plug the address into an ftp client(file interface) or you type ftp [email protected] in terminal and use command line to do interact with the files with commands
More likely a backup file