Decrypting WS_FTP.INI Passwords

by H2007

This file is intended to show you how to view a password saved in WS_FTP.INI using WS_FTP itself.

Tools needed: WS_FTP - any version.

Step #1:  Copy the user's WS_FTP.INI file stored in: \..\..\WS_FTP

Take a copy of the WS_FTP.INI file and place it in your \WS_FTP directory.

Step #2:  Open the file in any text editor of you choosing.  Here is a short example of what you will see.

[WS_FTP32] HOST=ftp.example.com UID=h2007 DIR="/pub/win32" PASVMODE=1 TIMEOFFSET=0 PWD=V9D8F029E316E1B1C2B2D1B173817B8936B3B6A39A6A6A277AE5B TYPE=6010

The text in brackets [WS_FTP32] is the profile name set by the user.

Selecting that is how you will display the information in WS_FTP.

HOST is of course the host address.

UID is the valid username we will be using.

PWD is the "encrypted" password we are attempting to view.

Step #3:  Sure, you can simply connect with the password in its masked form like it currently is.  However, our agenda here is to decrypt it so we can view the password itself.  Why?  To know a valid password that the user uses.

In the UID area, copy and remove the user ID (in this case h2007) and replace that with anonymous.  So UID=h2007 should now read: UID=anonymous

Step 4:  The fourth and final step is very simple.  Execute WS_FTP95.EXE, click "Connect" and select the appropriate profile name.

Voilà, you now have an unmasked valid password, username, and host.  In this case our password is: 2600rocks!

Many schools and businesses use this software.

It is not hard to find several valid usernames and passwords just by gaining access to a user's \WS_FTP directory.

You can also Yandex/Google [intitle:index.of ws_ftp.ini] and you will find several results.  Example: WS_FTP.INI

Happy Hacking!