WinSCP 5.9.6

Jackbox · Aug 18, 2017

Jackbox submitted a new resource:

WinSCP - Open source freeware SFTP, SCP and FTP client for Windows.

Useful software for managing files on servers.

Read more about this resource...

Qraktzyl · Aug 18, 2017

This is very nice but not very hard to find on the web... (AND FROM THE OFFICIAL WEBSITE)

Jackbox · Aug 18, 2017

Qraktzyl said:
This is very nice but not very hard to find on the web... (AND FROM THE OFFICIAL WEBSITE)

I don't like trusting other sites for hosted downloads

Qraktzyl · Aug 18, 2017

https://winscp.net/eng/download.php

Directly from the winscp website...

Jackbox · Aug 18, 2017

Qraktzyl said:
https://winscp.net/eng/download.php

Directly from the winscp website...

Yeah, you can also download 500 other software installers from 500 other websites. Is it safer?

https://observatory.mozilla.org/analyze.html?host=winscp.net
https://observatory.mozilla.org/analyze.html?host=r4p3.net

While our grade is not much better it is still better and I know that simply because:
WinSCP
https://goo.gl/nZk59s
https://goo.gl/jUWixX

R4P3
https://goo.gl/HwT6XJ
https://goo.gl/WX4jsz

I plan on doing this with Putty especially because Putty is served over non-https.

Qraktzyl · Aug 18, 2017

So you are telling me that the download can be easily replaced by sql injection? Or you are just showing that the winscp website isn't secure in general?

Jackbox · Aug 18, 2017

Qraktzyl said:
So you are telling me that the download can be easily replaced by sql injection? Or you are just showing that the winscp website isn't secure in general?

I am saying that IF (I have a very strong hunch) there exists a vulnerability within WinSCP anywhere chances are likely this could lead to SQLi from there an attacker could escalate access and yes replace a file hosted on their server as hosted on same box: https://winscp.net/download/WinSCP-5.9.6-Setup.exe

By the way: http://ipinfo.io/87.106.181.237

1&1 sucks imo, friends used to SE (Social Engineer) 'em all the time and while they have gotten stronger winscp.net should really put themselves behind a gateway/proxy of some kind. It is truly the safer way to serve websites in my eyes. People may have their own opinions though but exposing a real (direct IP to dedicated server) hosting IP is brave.

Qraktzyl · Aug 18, 2017

Jackbox said:
I am saying that IF (I have a very strong hunch) there exists a vulnerability within WinSCP anywhere chances are likely this could lead to SQLi from there an attacker could escalate access and yes replace a file hosted on their server as hosted on same box: https://winscp.net/download/WinSCP-5.9.6-Setup.exe

That would be a shame, good thing r4p3 is here to be a more secure alternative download server!

Jackbox · Aug 18, 2017

Qraktzyl said:
That would be a shame, good thing r4p3 is here to be a more secure alternative download server!

I promise not to start posting random downloads, only things relevant to server admin, security, and communications.

BartManX · Jan 11, 2020

Jackbox said:
Jackbox submitted a new resource:

WinSCP - Open source freeware SFTP, SCP and FTP client for Windows.

Read more about this resource...

LOL ... seriously?

WinSCP 5.9.6

Jackbox

Active Member

Qraktzyl

Jackbox

Active Member

Qraktzyl

Jackbox

Active Member

Qraktzyl

Jackbox

Active Member

Qraktzyl

Jackbox

Active Member

BartManX

New Member